External-Mirrors/keycloak
2
0
Fork 0
mirror of https://github.com/keycloak/keycloak.git synced 2026-01-10 15:32:05 -03:30
Code Issues Packages Projects Releases Wiki Activity

Compare commits

base: External-Mirrors:26.3.1
Branches Tags
External-Mirrors:main
External-Mirrors:quarkus-next
External-Mirrors:release/26.5
External-Mirrors:feature/infinispan-16.0
External-Mirrors:dependabot/npm_and_yarn/js/eslint/compat-2.0.0
External-Mirrors:dependabot/npm_and_yarn/js/vitest-4.0.16
External-Mirrors:dependabot/npm_and_yarn/js/types/node-25.0.3
External-Mirrors:dependabot/npm_and_yarn/js/rollup/plugin-commonjs-29.0.0
External-Mirrors:dependabot/npm_and_yarn/js/eslint-plugin-react-hooks-7.0.1
External-Mirrors:dependabot/npm_and_yarn/js/i18next-fetch-backend-7.0.0
External-Mirrors:dependabot/npm_and_yarn/js/npm-dependencies-5f9f9fc1c7
External-Mirrors:release/26.4
External-Mirrors:release/26.2
External-Mirrors:aurora-test
External-Mirrors:archive/release/26.0
External-Mirrors:archive/release/26.3
External-Mirrors:feature/admin-api-v2
External-Mirrors:archive/release/26.1
External-Mirrors:archive/release/24.0
External-Mirrors:archive/release/22.0
External-Mirrors:archive/release/25.0
External-Mirrors:archive/release/23.0
External-Mirrors:archive/map-store
External-Mirrors:archive/release/21.1
External-Mirrors:archive/release/21.0
External-Mirrors:archive/release/20.0
External-Mirrors:nightly
External-Mirrors:26.5.0
External-Mirrors:26.4.7
External-Mirrors:26.2.12
External-Mirrors:26.2.11
External-Mirrors:26.4.6
External-Mirrors:26.4.5
External-Mirrors:26.4.4
External-Mirrors:26.4.3
External-Mirrors:26.0.17
External-Mirrors:26.4.2
External-Mirrors:26.4.1
External-Mirrors:26.2.10
External-Mirrors:26.0.16
External-Mirrors:26.4.0
External-Mirrors:26.3.5
External-Mirrors:26.2.9
External-Mirrors:26.3.4
External-Mirrors:26.0.15
External-Mirrors:26.2.8
External-Mirrors:26.3.3
External-Mirrors:26.2.7
External-Mirrors:26.0.14
External-Mirrors:26.3.2
External-Mirrors:26.2.6
External-Mirrors:26.0.13
External-Mirrors:26.3.1
External-Mirrors:26.3.0
External-Mirrors:26.2.5
External-Mirrors:26.0.12
External-Mirrors:26.2.4
External-Mirrors:26.2.3
External-Mirrors:26.2.2
External-Mirrors:26.0.11
External-Mirrors:26.2.1
External-Mirrors:26.2.0
External-Mirrors:26.1.5
External-Mirrors:26.1.4
External-Mirrors:26.0.10
External-Mirrors:26.1.3
External-Mirrors:24.0.10
External-Mirrors:26.1.2
External-Mirrors:26.1.1
External-Mirrors:26.0.9
External-Mirrors:26.1.0
External-Mirrors:26.0.8
External-Mirrors:26.0.7
External-Mirrors:24.0.9
External-Mirrors:26.0.6
External-Mirrors:26.0.5
External-Mirrors:26.0.4
External-Mirrors:26.0.3
External-Mirrors:26.0.2
External-Mirrors:26.0.1
External-Mirrors:26.0.0
External-Mirrors:24.0.8
External-Mirrors:22.0.13
External-Mirrors:25.0.6
External-Mirrors:24.0.7
External-Mirrors:22.0.12
External-Mirrors:25.0.5
External-Mirrors:25.0.4
External-Mirrors:25.0.3
External-Mirrors:25.0.2
External-Mirrors:24.0.6
External-Mirrors:25.0.1
External-Mirrors:25.0.0
External-Mirrors:24.0.5
External-Mirrors:22.0.11
External-Mirrors:24.0.4
External-Mirrors:24.0.3
External-Mirrors:22.0.10
External-Mirrors:24.0.2
External-Mirrors:24.0.1
External-Mirrors:24.0.0
External-Mirrors:22.0.9
External-Mirrors:23.0.7
External-Mirrors:23.0.6
External-Mirrors:23.0.5
External-Mirrors:23.0.4
External-Mirrors:22.0.8
External-Mirrors:23.0.3
External-Mirrors:23.0.2
External-Mirrors:22.0.7
External-Mirrors:22.0.6
External-Mirrors:23.0.1
External-Mirrors:23.0.0
External-Mirrors:22.0.5
External-Mirrors:22.0.4
External-Mirrors:22.0.3
External-Mirrors:22.0.2
External-Mirrors:22.0.1
External-Mirrors:22.0.0
External-Mirrors:21.1.2
External-Mirrors:21.1.1
External-Mirrors:21.1.0
External-Mirrors:21.0.2
External-Mirrors:21.0.1
External-Mirrors:21.0.0
External-Mirrors:20.0.5
External-Mirrors:20.0.4
External-Mirrors:20.0.3
External-Mirrors:20.0.2
External-Mirrors:20.0.1
External-Mirrors:20.0.0
External-Mirrors:19.0.3
External-Mirrors:19.0.2
External-Mirrors:19.0.1
External-Mirrors:19.0.0
External-Mirrors:18.0.2
External-Mirrors:18.0.1
External-Mirrors:18.0.0
External-Mirrors:17.0.1
External-Mirrors:17.0.0
External-Mirrors:17.0.0-5
External-Mirrors:17.0.0-4
External-Mirrors:17.0.0-3
External-Mirrors:17.0.0-2
External-Mirrors:17.0.0-6
External-Mirrors:16.1.1
External-Mirrors:16.1.0
External-Mirrors:16.0.0
External-Mirrors:15.1.1
External-Mirrors:15.1.0
External-Mirrors:15.0.2
External-Mirrors:15.0.1
External-Mirrors:15.0.0
External-Mirrors:14.0.0
External-Mirrors:13.0.1
External-Mirrors:13.0.0
External-Mirrors:12.0.4
External-Mirrors:12.0.3
External-Mirrors:12.0.2
External-Mirrors:12.0.1
External-Mirrors:12.0.0
External-Mirrors:11.0.3
External-Mirrors:11.0.2
External-Mirrors:11.0.1
External-Mirrors:11.0.0
External-Mirrors:10.0.2
External-Mirrors:10.0.1
External-Mirrors:10.0.0
External-Mirrors:9.0.3
External-Mirrors:9.0.2
External-Mirrors:9.0.0
External-Mirrors:8.0.2
External-Mirrors:8.0.1
External-Mirrors:8.0.0
External-Mirrors:7.0.1
External-Mirrors:7.0.0
External-Mirrors:6.0.1
External-Mirrors:6.0.0
External-Mirrors:5.0.0
External-Mirrors:4.8.3.Final
External-Mirrors:4.8.2.Final
External-Mirrors:4.8.1.Final
External-Mirrors:4.8.0.Final
External-Mirrors:4.7.0.Final
External-Mirrors:4.6.0.Final
External-Mirrors:4.6.0.Tmp
External-Mirrors:4.5.0.Final
External-Mirrors:4.4.0.Final
External-Mirrors:4.3.0.Final
External-Mirrors:4.2.1.Final
External-Mirrors:4.2.0.Final
External-Mirrors:4.1.0.Final
External-Mirrors:4.0.0.Final
External-Mirrors:4.0.0.Beta3
External-Mirrors:4.0.0.Beta2
External-Mirrors:4.0.0.Beta1
External-Mirrors:3.4.3.Final-2
External-Mirrors:3.4.3.Final
External-Mirrors:3.4.2.Final
External-Mirrors:3.4.1.Final
External-Mirrors:3.4.1.CR1
External-Mirrors:3.4.0.Final
External-Mirrors:3.4.0.CR1
External-Mirrors:3.3.0.Final
External-Mirrors:3.3.0.CR2
External-Mirrors:3.3.0.CR1
External-Mirrors:2.5.10.Final
External-Mirrors:3.2.1.Final
External-Mirrors:2.5.9.Final
External-Mirrors:2.5.8.Final
External-Mirrors:3.2.0.Final-rhsso
External-Mirrors:3.2.0.Final
External-Mirrors:3.2.0.CR1
External-Mirrors:2.5.7.Final
External-Mirrors:2.5.6.Final
External-Mirrors:3.1.1.Final-rhsso
External-Mirrors:3.1.0.Final
External-Mirrors:3.1.0.CR1
External-Mirrors:3.0.0.Final
External-Mirrors:3.0.0.CR1
External-Mirrors:2.5.5.Final
External-Mirrors:2.5.4.Final
External-Mirrors:2.5.3.Final
External-Mirrors:2.5.2.Final
External-Mirrors:2.5.1.Final
External-Mirrors:2.5.0.Final
External-Mirrors:2.5.0.CR1
External-Mirrors:2.4.0.Final
External-Mirrors:2.4.0.CR1
External-Mirrors:2.4.0.Test
External-Mirrors:2.3.0.Final
External-Mirrors:2.3.0.CR1
External-Mirrors:2.2.1.Final
External-Mirrors:2.2.0.Final
External-Mirrors:2.2.0.CR1
External-Mirrors:2.2.0.Test1
External-Mirrors:2.1.0.Final
External-Mirrors:2.1.0.CR1
External-Mirrors:2.0.0.Test2
External-Mirrors:2.0.0.Final
External-Mirrors:2.0.0.CR1
External-Mirrors:1.9.8.Final
External-Mirrors:1.9.7.Final
External-Mirrors:1.9.6.Final
External-Mirrors:1.9.5.Final
External-Mirrors:1.9.4.Final
External-Mirrors:1.9.3.Final
External-Mirrors:1.9.2.Final
External-Mirrors:1.9.2.Test
External-Mirrors:1.9.1.Final
External-Mirrors:1.8.2.Final-redhat-1
External-Mirrors:1.8.2.Final
External-Mirrors:1.9.0.Final-redhat-1
External-Mirrors:1.9.0.Final
External-Mirrors:1.9.0.CR1-redhat-2
External-Mirrors:1.9.0.CR1-redhat-1
External-Mirrors:1.8.1.Final-redhat-1
External-Mirrors:1.9.0.CR1
External-Mirrors:1.8.1.Final
External-Mirrors:1.8.0.Final-redhat-1
External-Mirrors:1.8.0.Final
External-Mirrors:1.8.0.CR2-redhat-1-EAP-7
External-Mirrors:1.8.0.CR3
External-Mirrors:1.8.0.CR2-redhat-1
External-Mirrors:1.8.0.CR2
External-Mirrors:1.8.0.CR1-redhat-2
External-Mirrors:1.8.0.CR1-redhat-1
External-Mirrors:1.8.0.CR1
External-Mirrors:1.8.0.Alpha1
External-Mirrors:1.7.0.Final-redhat-1
External-Mirrors:1.7.0.Final
External-Mirrors:1.7.0.CR1-redhat-1
External-Mirrors:1.7.0.CR1
External-Mirrors:1.6.1.Final-redhat-1
External-Mirrors:1.5.1.Final-redhat-2
External-Mirrors:1.6.0.Final-redhat-1
External-Mirrors:1.6.1.Final
External-Mirrors:1.5.1.Final-redhat-1
External-Mirrors:1.6.0.Final
External-Mirrors:1.5.1.Final
External-Mirrors:1.5.0.Final-redhat-1
External-Mirrors:1.5.0.Final
External-Mirrors:1.4.0.Final
External-Mirrors:1.3.1.Final
External-Mirrors:1.3.0.Final
External-Mirrors:1.2.0.Final-redhat-2
External-Mirrors:1.2.0.Final-redhat-1
External-Mirrors:1.1.1.Final
External-Mirrors:1.2.0.Final
External-Mirrors:1.2.0.CR1-redhat-1
External-Mirrors:1.2.0.CR1
External-Mirrors:1.2.0.Beta1
External-Mirrors:1.1.0.Final
External-Mirrors:1.0.5.Final
External-Mirrors:1.1.0.Beta2
External-Mirrors:1.1.0.Beta1
External-Mirrors:1.0.4.Final
External-Mirrors:1.0.3.Final
External-Mirrors:1.0.2.Final
External-Mirrors:1.0.1.Final
External-Mirrors:1.0-final
External-Mirrors:1.0.0.Final
External-Mirrors:1.0-rc-2
External-Mirrors:1.0-rc-1
External-Mirrors:1.0-beta-4
External-Mirrors:1.0-beta-3
External-Mirrors:1.0-beta-2
External-Mirrors:1.0-beta-1
External-Mirrors:1.0-beta-1-20150523
External-Mirrors:1.0-beta-1-20150521
External-Mirrors:1.0-alpha-3
External-Mirrors:1.0-alpha-2
External-Mirrors:1.0-alpha-1
External-Mirrors:1.0-alpha-1-12062013
...
compare: External-Mirrors:main
Branches Tags
External-Mirrors:quarkus-next
External-Mirrors:release/26.5
External-Mirrors:main
External-Mirrors:feature/infinispan-16.0
External-Mirrors:dependabot/npm_and_yarn/js/eslint/compat-2.0.0
External-Mirrors:dependabot/npm_and_yarn/js/vitest-4.0.16
External-Mirrors:dependabot/npm_and_yarn/js/types/node-25.0.3
External-Mirrors:dependabot/npm_and_yarn/js/rollup/plugin-commonjs-29.0.0
External-Mirrors:dependabot/npm_and_yarn/js/eslint-plugin-react-hooks-7.0.1
External-Mirrors:dependabot/npm_and_yarn/js/i18next-fetch-backend-7.0.0
External-Mirrors:dependabot/npm_and_yarn/js/npm-dependencies-5f9f9fc1c7
External-Mirrors:release/26.4
External-Mirrors:release/26.2
External-Mirrors:aurora-test
External-Mirrors:archive/release/26.0
External-Mirrors:archive/release/26.3
External-Mirrors:feature/admin-api-v2
External-Mirrors:archive/release/26.1
External-Mirrors:archive/release/24.0
External-Mirrors:archive/release/22.0
External-Mirrors:archive/release/25.0
External-Mirrors:archive/release/23.0
External-Mirrors:archive/map-store
External-Mirrors:archive/release/21.1
External-Mirrors:archive/release/21.0
External-Mirrors:archive/release/20.0
External-Mirrors:nightly
External-Mirrors:26.5.0
External-Mirrors:26.4.7
External-Mirrors:26.2.12
External-Mirrors:26.2.11
External-Mirrors:26.4.6
External-Mirrors:26.4.5
External-Mirrors:26.4.4
External-Mirrors:26.4.3
External-Mirrors:26.0.17
External-Mirrors:26.4.2
External-Mirrors:26.4.1
External-Mirrors:26.2.10
External-Mirrors:26.0.16
External-Mirrors:26.4.0
External-Mirrors:26.3.5
External-Mirrors:26.2.9
External-Mirrors:26.3.4
External-Mirrors:26.0.15
External-Mirrors:26.2.8
External-Mirrors:26.3.3
External-Mirrors:26.2.7
External-Mirrors:26.0.14
External-Mirrors:26.3.2
External-Mirrors:26.2.6
External-Mirrors:26.0.13
External-Mirrors:26.3.1
External-Mirrors:26.3.0
External-Mirrors:26.2.5
External-Mirrors:26.0.12
External-Mirrors:26.2.4
External-Mirrors:26.2.3
External-Mirrors:26.2.2
External-Mirrors:26.0.11
External-Mirrors:26.2.1
External-Mirrors:26.2.0
External-Mirrors:26.1.5
External-Mirrors:26.1.4
External-Mirrors:26.0.10
External-Mirrors:26.1.3
External-Mirrors:24.0.10
External-Mirrors:26.1.2
External-Mirrors:26.1.1
External-Mirrors:26.0.9
External-Mirrors:26.1.0
External-Mirrors:26.0.8
External-Mirrors:26.0.7
External-Mirrors:24.0.9
External-Mirrors:26.0.6
External-Mirrors:26.0.5
External-Mirrors:26.0.4
External-Mirrors:26.0.3
External-Mirrors:26.0.2
External-Mirrors:26.0.1
External-Mirrors:26.0.0
External-Mirrors:24.0.8
External-Mirrors:22.0.13
External-Mirrors:25.0.6
External-Mirrors:24.0.7
External-Mirrors:22.0.12
External-Mirrors:25.0.5
External-Mirrors:25.0.4
External-Mirrors:25.0.3
External-Mirrors:25.0.2
External-Mirrors:24.0.6
External-Mirrors:25.0.1
External-Mirrors:25.0.0
External-Mirrors:24.0.5
External-Mirrors:22.0.11
External-Mirrors:24.0.4
External-Mirrors:24.0.3
External-Mirrors:22.0.10
External-Mirrors:24.0.2
External-Mirrors:24.0.1
External-Mirrors:24.0.0
External-Mirrors:22.0.9
External-Mirrors:23.0.7
External-Mirrors:23.0.6
External-Mirrors:23.0.5
External-Mirrors:23.0.4
External-Mirrors:22.0.8
External-Mirrors:23.0.3
External-Mirrors:23.0.2
External-Mirrors:22.0.7
External-Mirrors:22.0.6
External-Mirrors:23.0.1
External-Mirrors:23.0.0
External-Mirrors:22.0.5
External-Mirrors:22.0.4
External-Mirrors:22.0.3
External-Mirrors:22.0.2
External-Mirrors:22.0.1
External-Mirrors:22.0.0
External-Mirrors:21.1.2
External-Mirrors:21.1.1
External-Mirrors:21.1.0
External-Mirrors:21.0.2
External-Mirrors:21.0.1
External-Mirrors:21.0.0
External-Mirrors:20.0.5
External-Mirrors:20.0.4
External-Mirrors:20.0.3
External-Mirrors:20.0.2
External-Mirrors:20.0.1
External-Mirrors:20.0.0
External-Mirrors:19.0.3
External-Mirrors:19.0.2
External-Mirrors:19.0.1
External-Mirrors:19.0.0
External-Mirrors:18.0.2
External-Mirrors:18.0.1
External-Mirrors:18.0.0
External-Mirrors:17.0.1
External-Mirrors:17.0.0
External-Mirrors:17.0.0-5
External-Mirrors:17.0.0-4
External-Mirrors:17.0.0-3
External-Mirrors:17.0.0-2
External-Mirrors:17.0.0-6
External-Mirrors:16.1.1
External-Mirrors:16.1.0
External-Mirrors:16.0.0
External-Mirrors:15.1.1
External-Mirrors:15.1.0
External-Mirrors:15.0.2
External-Mirrors:15.0.1
External-Mirrors:15.0.0
External-Mirrors:14.0.0
External-Mirrors:13.0.1
External-Mirrors:13.0.0
External-Mirrors:12.0.4
External-Mirrors:12.0.3
External-Mirrors:12.0.2
External-Mirrors:12.0.1
External-Mirrors:12.0.0
External-Mirrors:11.0.3
External-Mirrors:11.0.2
External-Mirrors:11.0.1
External-Mirrors:11.0.0
External-Mirrors:10.0.2
External-Mirrors:10.0.1
External-Mirrors:10.0.0
External-Mirrors:9.0.3
External-Mirrors:9.0.2
External-Mirrors:9.0.0
External-Mirrors:8.0.2
External-Mirrors:8.0.1
External-Mirrors:8.0.0
External-Mirrors:7.0.1
External-Mirrors:7.0.0
External-Mirrors:6.0.1
External-Mirrors:6.0.0
External-Mirrors:5.0.0
External-Mirrors:4.8.3.Final
External-Mirrors:4.8.2.Final
External-Mirrors:4.8.1.Final
External-Mirrors:4.8.0.Final
External-Mirrors:4.7.0.Final
External-Mirrors:4.6.0.Final
External-Mirrors:4.6.0.Tmp
External-Mirrors:4.5.0.Final
External-Mirrors:4.4.0.Final
External-Mirrors:4.3.0.Final
External-Mirrors:4.2.1.Final
External-Mirrors:4.2.0.Final
External-Mirrors:4.1.0.Final
External-Mirrors:4.0.0.Final
External-Mirrors:4.0.0.Beta3
External-Mirrors:4.0.0.Beta2
External-Mirrors:4.0.0.Beta1
External-Mirrors:3.4.3.Final-2
External-Mirrors:3.4.3.Final
External-Mirrors:3.4.2.Final
External-Mirrors:3.4.1.Final
External-Mirrors:3.4.1.CR1
External-Mirrors:3.4.0.Final
External-Mirrors:3.4.0.CR1
External-Mirrors:3.3.0.Final
External-Mirrors:3.3.0.CR2
External-Mirrors:3.3.0.CR1
External-Mirrors:2.5.10.Final
External-Mirrors:3.2.1.Final
External-Mirrors:2.5.9.Final
External-Mirrors:2.5.8.Final
External-Mirrors:3.2.0.Final-rhsso
External-Mirrors:3.2.0.Final
External-Mirrors:3.2.0.CR1
External-Mirrors:2.5.7.Final
External-Mirrors:2.5.6.Final
External-Mirrors:3.1.1.Final-rhsso
External-Mirrors:3.1.0.Final
External-Mirrors:3.1.0.CR1
External-Mirrors:3.0.0.Final
External-Mirrors:3.0.0.CR1
External-Mirrors:2.5.5.Final
External-Mirrors:2.5.4.Final
External-Mirrors:2.5.3.Final
External-Mirrors:2.5.2.Final
External-Mirrors:2.5.1.Final
External-Mirrors:2.5.0.Final
External-Mirrors:2.5.0.CR1
External-Mirrors:2.4.0.Final
External-Mirrors:2.4.0.CR1
External-Mirrors:2.4.0.Test
External-Mirrors:2.3.0.Final
External-Mirrors:2.3.0.CR1
External-Mirrors:2.2.1.Final
External-Mirrors:2.2.0.Final
External-Mirrors:2.2.0.CR1
External-Mirrors:2.2.0.Test1
External-Mirrors:2.1.0.Final
External-Mirrors:2.1.0.CR1
External-Mirrors:2.0.0.Test2
External-Mirrors:2.0.0.Final
External-Mirrors:2.0.0.CR1
External-Mirrors:1.9.8.Final
External-Mirrors:1.9.7.Final
External-Mirrors:1.9.6.Final
External-Mirrors:1.9.5.Final
External-Mirrors:1.9.4.Final
External-Mirrors:1.9.3.Final
External-Mirrors:1.9.2.Final
External-Mirrors:1.9.2.Test
External-Mirrors:1.9.1.Final
External-Mirrors:1.8.2.Final-redhat-1
External-Mirrors:1.8.2.Final
External-Mirrors:1.9.0.Final-redhat-1
External-Mirrors:1.9.0.Final
External-Mirrors:1.9.0.CR1-redhat-2
External-Mirrors:1.9.0.CR1-redhat-1
External-Mirrors:1.8.1.Final-redhat-1
External-Mirrors:1.9.0.CR1
External-Mirrors:1.8.1.Final
External-Mirrors:1.8.0.Final-redhat-1
External-Mirrors:1.8.0.Final
External-Mirrors:1.8.0.CR2-redhat-1-EAP-7
External-Mirrors:1.8.0.CR3
External-Mirrors:1.8.0.CR2-redhat-1
External-Mirrors:1.8.0.CR2
External-Mirrors:1.8.0.CR1-redhat-2
External-Mirrors:1.8.0.CR1-redhat-1
External-Mirrors:1.8.0.CR1
External-Mirrors:1.8.0.Alpha1
External-Mirrors:1.7.0.Final-redhat-1
External-Mirrors:1.7.0.Final
External-Mirrors:1.7.0.CR1-redhat-1
External-Mirrors:1.7.0.CR1
External-Mirrors:1.6.1.Final-redhat-1
External-Mirrors:1.5.1.Final-redhat-2
External-Mirrors:1.6.0.Final-redhat-1
External-Mirrors:1.6.1.Final
External-Mirrors:1.5.1.Final-redhat-1
External-Mirrors:1.6.0.Final
External-Mirrors:1.5.1.Final
External-Mirrors:1.5.0.Final-redhat-1
External-Mirrors:1.5.0.Final
External-Mirrors:1.4.0.Final
External-Mirrors:1.3.1.Final
External-Mirrors:1.3.0.Final
External-Mirrors:1.2.0.Final-redhat-2
External-Mirrors:1.2.0.Final-redhat-1
External-Mirrors:1.1.1.Final
External-Mirrors:1.2.0.Final
External-Mirrors:1.2.0.CR1-redhat-1
External-Mirrors:1.2.0.CR1
External-Mirrors:1.2.0.Beta1
External-Mirrors:1.1.0.Final
External-Mirrors:1.0.5.Final
External-Mirrors:1.1.0.Beta2
External-Mirrors:1.1.0.Beta1
External-Mirrors:1.0.4.Final
External-Mirrors:1.0.3.Final
External-Mirrors:1.0.2.Final
External-Mirrors:1.0.1.Final
External-Mirrors:1.0-final
External-Mirrors:1.0.0.Final
External-Mirrors:1.0-rc-2
External-Mirrors:1.0-rc-1
External-Mirrors:1.0-beta-4
External-Mirrors:1.0-beta-3
External-Mirrors:1.0-beta-2
External-Mirrors:1.0-beta-1
External-Mirrors:1.0-beta-1-20150523
External-Mirrors:1.0-beta-1-20150521
External-Mirrors:1.0-alpha-3
External-Mirrors:1.0-alpha-2
External-Mirrors:1.0-alpha-1
External-Mirrors:1.0-alpha-1-12062013

1338 Commits
26.3.1 ... main

Author SHA1 Message Date
Rickard Ötvös
cbfd9eec6e
Add Swedish translation for admin messages 
Adds messages_sv.properties to provide Swedish translations for all admin interface messages including password validation, LDAP errors, client URL validation, and error messages.

Closes #45281

Signed-off-by: Rickard Otvos <rickard.0413@gmail.com>
 2026-01-09 19:38:06 +01:00
Giuliano Mele
316f893d19 Remove unnecessary closing div in webauthn-authenticate template 
fix keycloak/keycloak#45307
 2026-01-09 19:04:20 +01:00
Ryan Emerson
f8b114bdd8
Add indexes to BROKER_LINK table 
Closes #45009

Signed-off-by: Ryan Emerson <remerson@ibm.com>
Signed-off-by: Alexander Schwartz <alexander.schwartz@ibm.com>
Co-authored-by: Alexander Schwartz <alexander.schwartz@ibm.com>
 2026-01-09 16:09:40 +00:00
Ricardo Martin
1aa1621eaa
Use MIME decoder instead of the default one to replace deprecated Base64 class 
Closes #45226

Signed-off-by: rmartinc <rmartinc@redhat.com>
 2026-01-09 16:38:09 +01:00
Alexander Schwartz
83f31b1003
Reset a password only once 
Closes #37231

Signed-off-by: Alexander Schwartz <alexander.schwartz@ibm.com>
Signed-off-by: Alexander Schwartz <alexander.schwartz@gmx.net>
Co-authored-by: Ricardo Martin <rmartinc@redhat.com>
 2026-01-09 09:30:16 -03:00
Geremia Taglialatela
5a705c2e04
Fix label class in config-totp template 
The labels in `login-config-totp.ftl` were statically styled with a
`form-control` class instead of the intended dynamic `kcLabelClass `
property.

This caused incorrect styling in custom themes inheriting the base
theme.

Update the markup to use `kcLabelClass`, matching the rest of the theme
and ensuring consistent label styling.

Closes #45069

Signed-off-by: Geremia Taglialatela <tagliala.dev@gmail.com>
 2026-01-09 11:59:40 +01:00
Pedro Igor
34dda98a36
Update email when linking account when sync mode is FORCE 
Closes #44905

Signed-off-by: Pedro Igor <pigor.craveiro@gmail.com>
 2026-01-09 11:58:49 +01:00
Stian Thorgersen
91a6fc880a
Add default surefire args for tests using new testframework 
Closes #44098, Closes #44099

Signed-off-by: stianst <stianst@gmail.com>
 2026-01-09 08:33:54 +01:00
forkimenjeckayang
7a3fd3404c
[OID4VCI] Add UI support for vc.credential_signing_alg and vc.credential_build_config.hash_algorithm in OID4VCI client scopes (#44851) 
Closes #44849

Signed-off-by: forkimenjeckayang <forkimenjeckayang@gmail.com>
 2026-01-08 17:19:56 +01:00
Ryan Emerson
cc3ab86544
EventOptionsTest failing due to missing verifiable_credential options (#45273) 
Closes #45272

Signed-off-by: Ryan Emerson <remerson@ibm.com>
 2026-01-08 17:06:29 +01:00
Stian Thorgersen
5b5fe813c8
Make environment variables override values from .env.test 
Closes #45252

Signed-off-by: stianst <stianst@gmail.com>
 2026-01-08 14:17:52 +01:00
Geremia Taglialatela
490815f1f0
Wrap required indicators with "required" span 
Some asterisks indicating required fields in `user-profile-commons.ftl`
and `register.ftl` are not wrapped in a `<span class="required">` tag.

This caused incorrect styling in custom themes that inherit the base theme.

Update the markup to wrap required field indicators with
`<span class="required">`, matching the rest of the theme and ensuring
consistent styling.

Closes #45058

Signed-off-by: Geremia Taglialatela <tagliala.dev@gmail.com>
 2026-01-08 14:12:44 +01:00
mposolda
29c15d8e8a Creating IdentityProvider with latest java admin-client may fail against Keycloak server 26.4 or older 
closes #45257

Signed-off-by: mposolda <mposolda@gmail.com>
 2026-01-08 13:40:03 +01:00
rmartinc
e4f6a72fab Set initial default value and pass required for MultivaluedString 
Closes #43949

Signed-off-by: rmartinc <rmartinc@redhat.com>
 2026-01-08 12:58:24 +01:00
Geremia Taglialatela
c6b13cb2ec
Fix label wrapper class in config-totp template 
The labels in `login-config-totp.ftl` were wrapped with the
`kcInputWrapperClass` instead of the intended `kcLabelWrapperClass`.

This caused incorrect styling in custom themes inheriting the base
theme.

Update the markup to use `kcLabelWrapperClass`, matching the rest of the
theme and ensuring consistent label styling.

Closes #45053

Signed-off-by: Geremia Taglialatela <tagliala.dev@gmail.com>
 2026-01-07 17:32:43 +00:00
mposolda
bcc8f684f2 Javadoc of Keycloak-admin-client for Keycloak server 26.5 release 
closes #45217

Signed-off-by: mposolda <mposolda@gmail.com>
 2026-01-07 18:24:00 +01:00
Pedro Ruivo
99828b4cc4
Fix Cluster Compatibility Tests 
Closes #45221

Signed-off-by: Pedro Ruivo <1492066+pruivo@users.noreply.github.com>
Co-authored-by: Pedro Ruivo <1492066+pruivo@users.noreply.github.com>
 2026-01-07 15:26:19 +00:00
Alexander Schwartz
3b01bbb551
Adding x-robots HTTP header to all Keycloak resources (#44864) 
Closes #44863

Signed-off-by: Alexander Schwartz <alexander.schwartz@ibm.com>
 2026-01-07 15:11:54 +01:00
Martin Kanis
a9a89005fa Can not get through SSO login if using a custom attribute with default value 
Closes #44785

Signed-off-by: Martin Kanis <mkanis@redhat.com>
 2026-01-07 09:41:40 -03:00
Pedro Igor
17f0dbdc1c Update browser flow with organization flow on migration 
Closes #36593

Signed-off-by: Pedro Igor <pigor.craveiro@gmail.com>
 2026-01-07 09:37:46 -03:00
Alexander Schwartz
234526761e
Fix section level in 26.5 migration guide 
Closes #45184

Signed-off-by: Alexander Schwartz <alexander.schwartz@gmx.net>
 2026-01-07 07:54:06 -03:00
forkimenjeckayang
c76676ebef
[OID4VCI] Make sure events are properly used in OID4VCI endpoints (#44946) 
Closes: #44679


Signed-off-by: forkimenjeckayang <forkimenjeckayang@gmail.com>
 2026-01-07 11:06:45 +01:00
Pedro Ruivo
695ee725a5
Admin UI: slow response time listing second user page 
Fixes #44860

Signed-off-by: Pedro Ruivo <1492066+pruivo@users.noreply.github.com>
Signed-off-by: Alexander Schwartz <alexander.schwartz@ibm.com>
Co-authored-by: Pedro Ruivo <1492066+pruivo@users.noreply.github.com>
Co-authored-by: Alexander Schwartz <alexander.schwartz@ibm.com>
 2026-01-07 10:53:14 +01:00
dependabot[bot]
0970e32ebb
Bump com.googlecode.owasp-java-html-sanitizer:owasp-java-html-sanitizer (#45201) 
Bumps [com.googlecode.owasp-java-html-sanitizer:owasp-java-html-sanitizer](https://github.com/OWASP/java-html-sanitizer) from 20240325.1 to 20260101.1.
- [Release notes](https://github.com/OWASP/java-html-sanitizer/releases)
- [Commits](https://github.com/OWASP/java-html-sanitizer/compare/release-20240325.1...release-20260101.1)

---
updated-dependencies:
- dependency-name: com.googlecode.owasp-java-html-sanitizer:owasp-java-html-sanitizer
  dependency-version: '20260101.1'
  dependency-type: direct:production
...

Signed-off-by: dependabot[bot] <support@github.com>
Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com>
 2026-01-07 09:02:27 +00:00
Steven Hawkins
9c15292906
fix: upgrade quarkus to 3.30.5 (#45192) 
closes: #45188

Signed-off-by: Steve Hawkins <shawkins@redhat.com>
 2026-01-07 08:59:44 +01:00
Steven Hawkins
81e31fa4cc
fix: using non-interpretted args for import (#44862) 
closes: #44861

Signed-off-by: Steve Hawkins <shawkins@redhat.com>
 2026-01-07 08:48:08 +01:00
Stian Thorgersen
19014814e5
Rename team/continuous-testing to team/continuous-delivery 
Signed-off-by: stianst <stianst@gmail.com>
 2026-01-07 08:43:59 +01:00
Pascal Knüppel
dceee1c1fb
Fix NullPointer in JWSHeader with x5c header (#45161) 
fixes #45160

Signed-off-by: Pascal Knüppel <pascal.knueppel@governikus.de>
 2026-01-07 08:35:22 +01:00
Steven Hawkins
d27db0adf7
fix: ensuring that Keycloak test launch doesn't capture runtime defaults (#45154) 
closes: #41630

Signed-off-by: Steve Hawkins <shawkins@redhat.com>
 2026-01-06 16:27:09 +00:00
Ryan Emerson
4a2ed7c4e6
Use correct anchor for mdc logging in 26.5.0 release notes 
Closes #45185

Signed-off-by: Ryan Emerson <remerson@ibm.com>
 2026-01-06 17:21:48 +01:00
Václav Muzikář
ed69f332af
[admin-v2] Polymorphism, refined OIDC Client representation (#44727) 
* [admin-v2] Polymorphism, refined OIDC Client representation

Closes #43290

Signed-off-by: Václav Muzikář <vmuzikar@redhat.com>

* Remove AbstractRepModelMapper

Signed-off-by: Václav Muzikář <vmuzikar@redhat.com>

---------

Signed-off-by: Václav Muzikář <vmuzikar@redhat.com>
 2026-01-06 16:23:30 +01:00
olympus5
ffed84194e Realign source code examples in auth-spi doc 
closes #43757

Signed-off-by: olympus5 <erwan.iquel@gmail.com>
 2026-01-06 12:18:42 +01:00
Muhammed Oğuz
12d4146eb9
fix: clear all filters when resetting attribute search (#45109) 
Closes #45108

Signed-off-by: Muhammed Oguz <muhammed0748@outlook.com>
 2026-01-05 18:27:37 -05:00
Marek Posolda
f938d894b9
AdminEvent.getResourcePath() returns paths with duplicated slashes 
closes #45114

Signed-off-by: mposolda <mposolda@gmail.com>
 2026-01-05 21:18:39 +00:00
Steven Hawkins
241ca57157
fix: preventing args to service commands (#45050) 
also outputting all commands for help files

closes #44975

Signed-off-by: Steve Hawkins <shawkins@redhat.com>
 2026-01-05 20:31:14 +01:00
ksushant881
5939864b76 Add action that removes a required action step in workflow 
Closes #44647

Signed-off-by: ksushant881 <ksushant881@gmail.com>
 2026-01-05 16:10:20 -03:00
Pedro Ruivo
0885062c37
Missing message keys for USER_SESSION_DELETED 
Closes #44966

Signed-off-by: Pedro Ruivo <1492066+pruivo@users.noreply.github.com>
Co-authored-by: Pedro Ruivo <1492066+pruivo@users.noreply.github.com>
 2026-01-05 18:27:34 +01:00
Faseela K
cefd93d34c
Update quarkus README for small readability enhancements (#44889) 
* Update quarkus README for small readability enhancements

As a beginner, when I was trying the quarkus setup, some of the statements
here made confusion. So, trying to update the doc for better clarity

Signed-off-by: Faseela K <faseela.k@est.tech>

* Update KEYCLOAK_HOME placeholder

Signed-off-by: Faseela K <faseela.k@est.tech>

---------

Signed-off-by: Faseela K <faseela.k@est.tech>
 2026-01-05 18:03:49 +01:00
Weblate (bot)
e90d1d2330
Translations update from Hosted Weblate (#45113) 
* Updated translation for Czech

Language: cs

Co-authored-by: Hosted Weblate <hosted@weblate.org>
Co-authored-by: Martin Kylián <martin.kylian@gmail.com>
Signed-off-by: Hosted Weblate <hosted@weblate.org>
Signed-off-by: Martin Kylián <martin.kylian@gmail.com>

* Updated translation for French

Language: fr

Co-authored-by: Hosted Weblate <hosted@weblate.org>
Co-authored-by: Sylvain Pichon <service@spichon.fr>
Signed-off-by: Hosted Weblate <hosted@weblate.org>
Signed-off-by: Sylvain Pichon <service@spichon.fr>

* Updated translation for Chinese (Traditional Han script)

Language: zh_Hant

Updated translation for Chinese (Traditional Han script)

Language: zh_Hant

Co-authored-by: Hosted Weblate <hosted@weblate.org>
Co-authored-by: 秉虎 <s96016641@gmail.com>
Signed-off-by: Hosted Weblate <hosted@weblate.org>
Signed-off-by: 秉虎 <s96016641@gmail.com>

* Updated translation for Chinese (Simplified Han script)

Language: zh_Hans

Updated translation for Chinese (Simplified Han script)

Language: zh_Hans

Translated using Weblate (Chinese (Simplified Han script))

Translation: Keycloak/Admin backend
Translate-URL: https://hosted.weblate.org/projects/keycloak/theme-baseadmin/zh_Hans/

Co-authored-by: Hosted Weblate <hosted@weblate.org>
Co-authored-by: Nagi <nagi@mptree.com>
Signed-off-by: Hosted Weblate <hosted@weblate.org>
Signed-off-by: Nagi <nagi@mptree.com>

---------

Signed-off-by: Hosted Weblate <hosted@weblate.org>
Signed-off-by: Martin Kylián <martin.kylian@gmail.com>
Signed-off-by: Sylvain Pichon <service@spichon.fr>
Signed-off-by: 秉虎 <s96016641@gmail.com>
Signed-off-by: Nagi <nagi@mptree.com>
Co-authored-by: Martin Kylián <martin.kylian@gmail.com>
Co-authored-by: Sylvain Pichon <service@spichon.fr>
Co-authored-by: 秉虎 <s96016641@gmail.com>
Co-authored-by: Nagi <nagi@mptree.com>
 2026-01-05 17:49:48 +01:00
Pedro Igor
0d5766f3a8 Allow running scheduled workflows 
Closes #44865

Signed-off-by: Pedro Igor <pigor.craveiro@gmail.com>
 2026-01-05 13:03:47 -03:00
Stian Thorgersen
0e4b629d91
Add Steven Hawkins as a maintainer (#45144) 
Signed-off-by: stianst <stianst@gmail.com>
 2026-01-05 16:32:14 +01:00
dependabot[bot]
c0fa4d5af7
Bump the npm-dependencies group across 1 directory with 32 updates (#45148) 
Bumps the npm-dependencies group with 32 updates in the /js directory:

| Package | From | To |
| --- | --- | --- |
| [@eslint/eslintrc](https://github.com/eslint/eslintrc) | `3.3.1` | `3.3.3` |
| [@eslint/js](https://github.com/eslint/eslint/tree/HEAD/packages/js) | `9.37.0` | `9.39.2` |
| [eslint](https://github.com/eslint/eslint) | `9.38.0` | `9.39.2` |
| [eslint-plugin-playwright](https://github.com/playwright-community/eslint-plugin-playwright) | `2.2.2` | `2.4.0` |
| [lint-staged](https://github.com/lint-staged/lint-staged) | `16.2.4` | `16.2.7` |
| [i18next](https://github.com/i18next/i18next) | `25.6.0` | `25.7.3` |
| [keycloak-js](https://github.com/keycloak/keycloak-js) | `26.2.0` | `26.2.2` |
| [lodash-es](https://github.com/lodash/lodash) | `4.17.21` | `4.17.22` |
| [react-hook-form](https://github.com/react-hook-form/react-hook-form) | `7.63.0` | `7.70.0` |
| [react-i18next](https://github.com/i18next/react-i18next) | `16.0.1` | `16.5.1` |
| [react-router-dom](https://github.com/remix-run/react-router/tree/HEAD/packages/react-router-dom) | `6.30.1` | `6.30.2` |
| [@playwright/test](https://github.com/microsoft/playwright) | `1.56.0` | `1.57.0` |
| [@vitejs/plugin-react-swc](https://github.com/vitejs/vite-plugin-react/tree/HEAD/packages/plugin-react-swc) | `4.1.0` | `4.2.2` |
| [vite](https://github.com/vitejs/vite/tree/HEAD/packages/vite) | `7.1.11` | `7.3.0` |
| [vite-plugin-checker](https://github.com/fi3ework/vite-plugin-checker) | `0.11.0` | `0.12.0` |
| [@dagrejs/dagre](https://github.com/dagrejs/dagre) | `1.1.5` | `1.1.8` |
| [p-debounce](https://github.com/sindresorhus/p-debounce) | `5.0.0` | `5.1.0` |
| [yaml](https://github.com/eemeli/yaml) | `2.8.1` | `2.8.2` |
| [@axe-core/playwright](https://github.com/dequelabs/axe-core-npm) | `4.10.2` | `4.11.0` |
| [@testing-library/react](https://github.com/testing-library/react-testing-library) | `16.3.0` | `16.3.1` |
| [jsdom](https://github.com/jsdom/jsdom) | `27.0.0` | `27.4.0` |
| [properties-file](https://github.com/properties-file/properties-file) | `3.6.1` | `3.6.3` |
| [commander](https://github.com/tj/commander.js) | `14.0.1` | `14.0.2` |
| [fs-extra](https://github.com/jprichardson/node-fs-extra) | `11.3.2` | `11.3.3` |
| [simple-git](https://github.com/steveukx/git-js/tree/HEAD/simple-git) | `3.28.0` | `3.30.0` |
| [@octokit/rest](https://github.com/octokit/rest.js) | `22.0.0` | `22.0.1` |
| [@types/gunzip-maybe](https://github.com/DefinitelyTyped/DefinitelyTyped/tree/HEAD/types/gunzip-maybe) | `1.4.2` | `1.4.3` |
| [@faker-js/faker](https://github.com/faker-js/faker) | `10.1.0` | `10.2.0` |
| [chai](https://github.com/chaijs/chai) | `6.2.0` | `6.2.2` |
| [mocha](https://github.com/mochajs/mocha) | `11.7.4` | `11.7.5` |
| [@rollup/plugin-replace](https://github.com/rollup/plugins/tree/HEAD/packages/replace) | `6.0.2` | `6.0.3` |
| [rollup](https://github.com/rollup/rollup) | `4.52.5` | `4.55.1` |



Updates `@eslint/eslintrc` from 3.3.1 to 3.3.3
- [Release notes](https://github.com/eslint/eslintrc/releases)
- [Changelog](https://github.com/eslint/eslintrc/blob/main/CHANGELOG.md)
- [Commits](https://github.com/eslint/eslintrc/compare/v3.3.1...eslintrc-v3.3.3)

Updates `@eslint/js` from 9.37.0 to 9.39.2
- [Release notes](https://github.com/eslint/eslint/releases)
- [Commits](https://github.com/eslint/eslint/commits/v9.39.2/packages/js)

Updates `eslint` from 9.38.0 to 9.39.2
- [Release notes](https://github.com/eslint/eslint/releases)
- [Commits](https://github.com/eslint/eslint/compare/v9.38.0...v9.39.2)

Updates `eslint-plugin-playwright` from 2.2.2 to 2.4.0
- [Release notes](https://github.com/playwright-community/eslint-plugin-playwright/releases)
- [Changelog](https://github.com/mskelton/eslint-plugin-playwright/blob/main/CHANGELOG.md)
- [Commits](https://github.com/playwright-community/eslint-plugin-playwright/compare/v2.2.2...v2.4.0)

Updates `lint-staged` from 16.2.4 to 16.2.7
- [Release notes](https://github.com/lint-staged/lint-staged/releases)
- [Changelog](https://github.com/lint-staged/lint-staged/blob/main/CHANGELOG.md)
- [Commits](https://github.com/lint-staged/lint-staged/compare/v16.2.4...v16.2.7)

Updates `i18next` from 25.6.0 to 25.7.3
- [Release notes](https://github.com/i18next/i18next/releases)
- [Changelog](https://github.com/i18next/i18next/blob/master/CHANGELOG.md)
- [Commits](https://github.com/i18next/i18next/compare/v25.6.0...v25.7.3)

Updates `keycloak-js` from 26.2.0 to 26.2.2
- [Release notes](https://github.com/keycloak/keycloak-js/releases)
- [Changelog](https://github.com/keycloak/keycloak-js/blob/main/RELEASE-CHECKLIST.md)
- [Commits](https://github.com/keycloak/keycloak-js/compare/26.2.0...26.2.2)

Updates `lodash-es` from 4.17.21 to 4.17.22
- [Release notes](https://github.com/lodash/lodash/releases)
- [Commits](https://github.com/lodash/lodash/commits)

Updates `react-hook-form` from 7.63.0 to 7.70.0
- [Release notes](https://github.com/react-hook-form/react-hook-form/releases)
- [Changelog](https://github.com/react-hook-form/react-hook-form/blob/master/CHANGELOG.md)
- [Commits](https://github.com/react-hook-form/react-hook-form/compare/v7.63.0...v7.70.0)

Updates `react-i18next` from 16.0.1 to 16.5.1
- [Changelog](https://github.com/i18next/react-i18next/blob/master/CHANGELOG.md)
- [Commits](https://github.com/i18next/react-i18next/compare/v16.0.1...v16.5.1)

Updates `react-router-dom` from 6.30.1 to 6.30.2
- [Release notes](https://github.com/remix-run/react-router/releases)
- [Changelog](https://github.com/remix-run/react-router/blob/main/CHANGELOG.md)
- [Commits](https://github.com/remix-run/react-router/commits/react-router-dom@6.30.2/packages/react-router-dom)

Updates `@playwright/test` from 1.56.0 to 1.57.0
- [Release notes](https://github.com/microsoft/playwright/releases)
- [Commits](https://github.com/microsoft/playwright/compare/v1.56.0...v1.57.0)

Updates `@vitejs/plugin-react-swc` from 4.1.0 to 4.2.2
- [Release notes](https://github.com/vitejs/vite-plugin-react/releases)
- [Changelog](https://github.com/vitejs/vite-plugin-react/blob/main/packages/plugin-react-swc/CHANGELOG.md)
- [Commits](https://github.com/vitejs/vite-plugin-react/commits/plugin-react-swc@4.2.2/packages/plugin-react-swc)

Updates `vite` from 7.1.11 to 7.3.0
- [Release notes](https://github.com/vitejs/vite/releases)
- [Changelog](https://github.com/vitejs/vite/blob/v7.3.0/packages/vite/CHANGELOG.md)
- [Commits](https://github.com/vitejs/vite/commits/v7.3.0/packages/vite)

Updates `vite-plugin-checker` from 0.11.0 to 0.12.0
- [Release notes](https://github.com/fi3ework/vite-plugin-checker/releases)
- [Commits](https://github.com/fi3ework/vite-plugin-checker/compare/vite-plugin-checker@0.11.0...vite-plugin-checker@0.12.0)

Updates `@dagrejs/dagre` from 1.1.5 to 1.1.8
- [Release notes](https://github.com/dagrejs/dagre/releases)
- [Commits](https://github.com/dagrejs/dagre/compare/v1.1.5...v1.1.8)

Updates `p-debounce` from 5.0.0 to 5.1.0
- [Release notes](https://github.com/sindresorhus/p-debounce/releases)
- [Commits](https://github.com/sindresorhus/p-debounce/compare/v5.0.0...v5.1.0)

Updates `yaml` from 2.8.1 to 2.8.2
- [Release notes](https://github.com/eemeli/yaml/releases)
- [Commits](https://github.com/eemeli/yaml/compare/v2.8.1...v2.8.2)

Updates `@axe-core/playwright` from 4.10.2 to 4.11.0
- [Release notes](https://github.com/dequelabs/axe-core-npm/releases)
- [Changelog](https://github.com/dequelabs/axe-core-npm/blob/develop/CHANGELOG.md)
- [Commits](https://github.com/dequelabs/axe-core-npm/compare/v4.10.2...v4.11.0)

Updates `@testing-library/react` from 16.3.0 to 16.3.1
- [Release notes](https://github.com/testing-library/react-testing-library/releases)
- [Changelog](https://github.com/testing-library/react-testing-library/blob/main/CHANGELOG.md)
- [Commits](https://github.com/testing-library/react-testing-library/compare/v16.3.0...v16.3.1)

Updates `jsdom` from 27.0.0 to 27.4.0
- [Release notes](https://github.com/jsdom/jsdom/releases)
- [Changelog](https://github.com/jsdom/jsdom/blob/main/Changelog.md)
- [Commits](https://github.com/jsdom/jsdom/compare/27.0.0...27.4.0)

Updates `properties-file` from 3.6.1 to 3.6.3
- [Release notes](https://github.com/properties-file/properties-file/releases)
- [Changelog](https://github.com/properties-file/properties-file/blob/main/CHANGELOG.md)
- [Commits](https://github.com/properties-file/properties-file/compare/3.6.1...3.6.3)

Updates `commander` from 14.0.1 to 14.0.2
- [Release notes](https://github.com/tj/commander.js/releases)
- [Changelog](https://github.com/tj/commander.js/blob/master/CHANGELOG.md)
- [Commits](https://github.com/tj/commander.js/compare/v14.0.1...v14.0.2)

Updates `fs-extra` from 11.3.2 to 11.3.3
- [Changelog](https://github.com/jprichardson/node-fs-extra/blob/master/CHANGELOG.md)
- [Commits](https://github.com/jprichardson/node-fs-extra/compare/11.3.2...11.3.3)

Updates `simple-git` from 3.28.0 to 3.30.0
- [Release notes](https://github.com/steveukx/git-js/releases)
- [Changelog](https://github.com/steveukx/git-js/blob/main/simple-git/CHANGELOG.md)
- [Commits](https://github.com/steveukx/git-js/commits/simple-git@3.30.0/simple-git)

Updates `@octokit/rest` from 22.0.0 to 22.0.1
- [Release notes](https://github.com/octokit/rest.js/releases)
- [Commits](https://github.com/octokit/rest.js/compare/v22.0.0...v22.0.1)

Updates `@types/gunzip-maybe` from 1.4.2 to 1.4.3
- [Release notes](https://github.com/DefinitelyTyped/DefinitelyTyped/releases)
- [Commits](https://github.com/DefinitelyTyped/DefinitelyTyped/commits/HEAD/types/gunzip-maybe)

Updates `@faker-js/faker` from 10.1.0 to 10.2.0
- [Release notes](https://github.com/faker-js/faker/releases)
- [Changelog](https://github.com/faker-js/faker/blob/next/CHANGELOG.md)
- [Commits](https://github.com/faker-js/faker/compare/v10.1.0...v10.2.0)

Updates `chai` from 6.2.0 to 6.2.2
- [Release notes](https://github.com/chaijs/chai/releases)
- [Changelog](https://github.com/chaijs/chai/blob/main/History.md)
- [Commits](https://github.com/chaijs/chai/compare/v6.2.0...v6.2.2)

Updates `mocha` from 11.7.4 to 11.7.5
- [Release notes](https://github.com/mochajs/mocha/releases)
- [Changelog](https://github.com/mochajs/mocha/blob/v11.7.5/CHANGELOG.md)
- [Commits](https://github.com/mochajs/mocha/compare/v11.7.4...v11.7.5)

Updates `@rollup/plugin-replace` from 6.0.2 to 6.0.3
- [Changelog](https://github.com/rollup/plugins/blob/master/packages/replace/CHANGELOG.md)
- [Commits](https://github.com/rollup/plugins/commits/babel-v6.0.3/packages/replace)

Updates `rollup` from 4.52.5 to 4.55.1
- [Release notes](https://github.com/rollup/rollup/releases)
- [Changelog](https://github.com/rollup/rollup/blob/master/CHANGELOG.md)
- [Commits](https://github.com/rollup/rollup/compare/v4.52.5...v4.55.1)

---
updated-dependencies:
- dependency-name: "@eslint/eslintrc"
  dependency-version: 3.3.3
  dependency-type: direct:development
  update-type: version-update:semver-patch
  dependency-group: npm-dependencies
- dependency-name: "@eslint/js"
  dependency-version: 9.39.2
  dependency-type: direct:development
  update-type: version-update:semver-minor
  dependency-group: npm-dependencies
- dependency-name: eslint
  dependency-version: 9.39.2
  dependency-type: direct:development
  update-type: version-update:semver-minor
  dependency-group: npm-dependencies
- dependency-name: eslint-plugin-playwright
  dependency-version: 2.4.0
  dependency-type: direct:development
  update-type: version-update:semver-minor
  dependency-group: npm-dependencies
- dependency-name: lint-staged
  dependency-version: 16.2.7
  dependency-type: direct:development
  update-type: version-update:semver-patch
  dependency-group: npm-dependencies
- dependency-name: i18next
  dependency-version: 25.7.3
  dependency-type: direct:production
  update-type: version-update:semver-minor
  dependency-group: npm-dependencies
- dependency-name: keycloak-js
  dependency-version: 26.2.2
  dependency-type: direct:production
  update-type: version-update:semver-patch
  dependency-group: npm-dependencies
- dependency-name: lodash-es
  dependency-version: 4.17.22
  dependency-type: direct:production
  update-type: version-update:semver-patch
  dependency-group: npm-dependencies
- dependency-name: react-hook-form
  dependency-version: 7.70.0
  dependency-type: direct:production
  update-type: version-update:semver-minor
  dependency-group: npm-dependencies
- dependency-name: react-i18next
  dependency-version: 16.5.1
  dependency-type: direct:production
  update-type: version-update:semver-minor
  dependency-group: npm-dependencies
- dependency-name: react-router-dom
  dependency-version: 6.30.2
  dependency-type: direct:production
  update-type: version-update:semver-patch
  dependency-group: npm-dependencies
- dependency-name: "@playwright/test"
  dependency-version: 1.57.0
  dependency-type: direct:development
  update-type: version-update:semver-minor
  dependency-group: npm-dependencies
- dependency-name: "@vitejs/plugin-react-swc"
  dependency-version: 4.2.2
  dependency-type: direct:development
  update-type: version-update:semver-minor
  dependency-group: npm-dependencies
- dependency-name: vite
  dependency-version: 7.3.0
  dependency-type: direct:development
  update-type: version-update:semver-minor
  dependency-group: npm-dependencies
- dependency-name: vite-plugin-checker
  dependency-version: 0.12.0
  dependency-type: direct:development
  update-type: version-update:semver-minor
  dependency-group: npm-dependencies
- dependency-name: "@dagrejs/dagre"
  dependency-version: 1.1.8
  dependency-type: direct:production
  update-type: version-update:semver-patch
  dependency-group: npm-dependencies
- dependency-name: p-debounce
  dependency-version: 5.1.0
  dependency-type: direct:production
  update-type: version-update:semver-minor
  dependency-group: npm-dependencies
- dependency-name: yaml
  dependency-version: 2.8.2
  dependency-type: direct:production
  update-type: version-update:semver-patch
  dependency-group: npm-dependencies
- dependency-name: "@axe-core/playwright"
  dependency-version: 4.11.0
  dependency-type: direct:development
  update-type: version-update:semver-minor
  dependency-group: npm-dependencies
- dependency-name: "@testing-library/react"
  dependency-version: 16.3.1
  dependency-type: direct:development
  update-type: version-update:semver-patch
  dependency-group: npm-dependencies
- dependency-name: jsdom
  dependency-version: 27.4.0
  dependency-type: direct:development
  update-type: version-update:semver-minor
  dependency-group: npm-dependencies
- dependency-name: properties-file
  dependency-version: 3.6.3
  dependency-type: direct:development
  update-type: version-update:semver-patch
  dependency-group: npm-dependencies
- dependency-name: commander
  dependency-version: 14.0.2
  dependency-type: direct:production
  update-type: version-update:semver-patch
  dependency-group: npm-dependencies
- dependency-name: fs-extra
  dependency-version: 11.3.3
  dependency-type: direct:production
  update-type: version-update:semver-patch
  dependency-group: npm-dependencies
- dependency-name: simple-git
  dependency-version: 3.30.0
  dependency-type: direct:production
  update-type: version-update:semver-minor
  dependency-group: npm-dependencies
- dependency-name: "@octokit/rest"
  dependency-version: 22.0.1
  dependency-type: direct:production
  update-type: version-update:semver-patch
  dependency-group: npm-dependencies
- dependency-name: "@types/gunzip-maybe"
  dependency-version: 1.4.3
  dependency-type: direct:production
  update-type: version-update:semver-patch
  dependency-group: npm-dependencies
- dependency-name: "@faker-js/faker"
  dependency-version: 10.2.0
  dependency-type: direct:development
  update-type: version-update:semver-minor
  dependency-group: npm-dependencies
- dependency-name: chai
  dependency-version: 6.2.2
  dependency-type: direct:development
  update-type: version-update:semver-patch
  dependency-group: npm-dependencies
- dependency-name: mocha
  dependency-version: 11.7.5
  dependency-type: direct:development
  update-type: version-update:semver-patch
  dependency-group: npm-dependencies
- dependency-name: "@rollup/plugin-replace"
  dependency-version: 6.0.3
  dependency-type: direct:development
  update-type: version-update:semver-patch
  dependency-group: npm-dependencies
- dependency-name: rollup
  dependency-version: 4.55.1
  dependency-type: direct:development
  update-type: version-update:semver-minor
  dependency-group: npm-dependencies
...

Signed-off-by: dependabot[bot] <support@github.com>
Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com>
 2026-01-05 15:15:40 +00:00
Alexander Schwartz
e43cf55028
Finalizing 26.5 release notes 
Closes #45131

Signed-off-by: Alexander Schwartz <alexander.schwartz@ibm.com>
Signed-off-by: Alexander Schwartz <alexander.schwartz@gmx.net>
Co-authored-by: Stian Thorgersen <stian@redhat.com>
 2026-01-05 14:10:32 +01:00
Pedro Igor
3c0b308bb7
Document limitations when updating workflows 
Closes #45134

Signed-off-by: Pedro Igor <pigor.craveiro@gmail.com>
 2026-01-05 14:10:03 +01:00
dependabot[bot]
014fae99c4
Bump github/codeql-action (#45141) 
Bumps the actions-dependencies group with 1 update in the / directory: [github/codeql-action](https://github.com/github/codeql-action).


Updates `github/codeql-action` from 4.31.3 to 4.31.9
- [Release notes](https://github.com/github/codeql-action/releases)
- [Changelog](https://github.com/github/codeql-action/blob/main/CHANGELOG.md)
- [Commits](014f16e7ab...5d4e8d1aca)

---
updated-dependencies:
- dependency-name: github/codeql-action
  dependency-version: 4.31.9
  dependency-type: direct:production
  update-type: version-update:semver-patch
  dependency-group: actions-dependencies
...

Signed-off-by: dependabot[bot] <support@github.com>
Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com>
 2026-01-05 13:04:59 +00:00
Alexander Schwartz
17fb3677a5
Update clients session values to match user session settings 
Closes #45133

Signed-off-by: Alexander Schwartz <alexander.schwartz@ibm.com>
 2026-01-05 13:48:00 +01:00
Stian Thorgersen
560e418941
Group only minor/patch updates to deps (#45136) 
Signed-off-by: stianst <stianst@gmail.com>
 2026-01-05 13:46:05 +01:00
Rathan Naik
2af7c843af Fix organization invitation redirect to respect account client base URL 
When an organization's redirect URL is left empty, Keycloak currently defaults
to the account console URL, ignoring the account client's configured Home URL
(base URL). This fix checks the account client's base URL before falling back
to the default account console URL.

Changes:
- Added resolveAccountClientBaseUrl() helper method in OrganizationInvitationResource
- Added setBaseUrl() method to ClientAttributeUpdater test utility
- Added integration tests for the new behavior

Closes #45052

Signed-off-by: Rathan Naik <30756840+Rathan-Naik@users.noreply.github.com>
 2026-01-05 08:58:27 -03:00
Alexander Schwartz
a6bf194487
Remove usage of kcSanitize() to avoid printing HTML (#44755) 
Closes #44753


Signed-off-by: Alexander Schwartz <alexander.schwartz@ibm.com>
 2026-01-05 10:45:32 +01:00
Ryan Emerson
cafa1a86eb
Disable state transfer for session caches when persistent sessions are enabled 
Closes #44518

Signed-off-by: Ryan Emerson <remerson@ibm.com>
Signed-off-by: Alexander Schwartz <alexander.schwartz@ibm.com>
Co-authored-by: Alexander Schwartz <alexander.schwartz@ibm.com>
 2026-01-05 08:53:59 +00:00
Ruchika Jha
60b369c622
Validate client session timeout and lifetime settings on realm settings edit 
Closes #44910

Signed-off-by: Ruchika <Ruchika.Jha1@ibm.com>
Signed-off-by: Ryan Emerson <remerson@ibm.com>
Signed-off-by: Alexander Schwartz <alexander.schwartz@ibm.com>
Co-authored-by: Ryan Emerson <remerson@ibm.com>
Co-authored-by: Alexander Schwartz <alexander.schwartz@ibm.com>
 2026-01-05 08:50:56 +00:00
Jens Erat
adeb41e82b
Extend documentation on ServiceMonitor creation (#45071) 
The documentation so far only mentions how to disable the ServiceMonitor, leading to the assumption that it is enabled by default.

Getting a service monitor created also requires enabling metrics in keycloak, though:

658faf210f/operator/src/main/java/org/keycloak/operator/controllers/KeycloakServiceMonitorDependentResource.java (L50)

While the missing setting creates a warning, the administrator should already have this information before applying the configuration.

Closes #45070

Signed-off-by: Jens Erat <email@jenserat.de>
 2026-01-05 09:10:18 +01:00
Stian Thorgersen
f2c527239d
Update JNDI reference in LDAP referrals documentation (#45129) 
Clarified the term 'JNDI' in the LDAP referrals section.

Closes #45040
 2026-01-05 09:01:40 +01:00
Steven Hawkins
6dc2e269be
fix: updating owasp.html.sanitizer.version to addresss CVE-2025-66021 
closes #45097

Signed-off-by: Steve Hawkins <shawkins@redhat.com>
 2026-01-05 08:53:00 +01:00
Robin Meese
0d0d468f27
Add ability to delete offline sessions via account console 
Closes #15502

Signed-off-by: Robin Meese <39960884+robson90@users.noreply.github.com>
Signed-off-by: Alexander Schwartz <alexander.schwartz@gmx.net>
Co-authored-by: Alexander Schwartz <alexander.schwartz@gmx.net>
 2026-01-05 08:26:47 +01:00
Weblate (bot)
4349f8ee6a
Translations update from Hosted Weblate (#45089) 
* Updated translation for Turkish

Language: tr

Co-authored-by: Alpertunga <a_ertin@msn.com>
Co-authored-by: Hosted Weblate <hosted@weblate.org>
Signed-off-by: Alpertunga <a_ertin@msn.com>
Signed-off-by: Hosted Weblate <hosted@weblate.org>

* Updated translation for German

Language: de

Co-authored-by: Alexander Schwartz <alexander.schwartz@gmx.net>
Co-authored-by: Hosted Weblate <hosted@weblate.org>
Signed-off-by: Alexander Schwartz <alexander.schwartz@gmx.net>
Signed-off-by: Hosted Weblate <hosted@weblate.org>

* Updated translation for Russian

Language: ru

Updated translation for Russian

Language: ru

Updated translation for Russian

Language: ru

Co-authored-by: Anton Petrov <petrov9810@gmail.com>
Co-authored-by: Hosted Weblate <hosted@weblate.org>
Signed-off-by: Anton Petrov <petrov9810@gmail.com>
Signed-off-by: Hosted Weblate <hosted@weblate.org>

* Updated translation for French

Language: fr

Updated translation for French

Language: fr

Updated translation for French

Language: fr

Translated using Weblate (French)

Translation: Keycloak/Admin backend
Translate-URL: https://hosted.weblate.org/projects/keycloak/theme-baseadmin/fr/

Translated using Weblate (French)

Translation: Keycloak/Admin backend
Translate-URL: https://hosted.weblate.org/projects/keycloak/theme-baseadmin/fr/

Updated translation for French

Language: fr

Updated translation for French

Language: fr

Translated using Weblate (French)

Translation: Keycloak/Admin backend
Translate-URL: https://hosted.weblate.org/projects/keycloak/theme-baseadmin/fr/

Updated translation for French

Language: fr

Co-authored-by: Alexander Schwartz <alexander.schwartz@gmx.net>
Co-authored-by: Hosted Weblate <hosted@weblate.org>
Co-authored-by: Sylvain Pichon <service@spichon.fr>
Signed-off-by: Alexander Schwartz <alexander.schwartz@gmx.net>
Signed-off-by: Hosted Weblate <hosted@weblate.org>
Signed-off-by: Sylvain Pichon <service@spichon.fr>

* Updated translation for Chinese (Simplified Han script)

Language: zh_Hans

Updated translation for Chinese (Simplified Han script)

Language: zh_Hans

Co-authored-by: Charlie <charlie@mapletree.biz>
Co-authored-by: Hosted Weblate <hosted@weblate.org>
Signed-off-by: Charlie <charlie@mapletree.biz>
Signed-off-by: Hosted Weblate <hosted@weblate.org>

---------

Signed-off-by: Alpertunga <a_ertin@msn.com>
Signed-off-by: Hosted Weblate <hosted@weblate.org>
Signed-off-by: Alexander Schwartz <alexander.schwartz@gmx.net>
Signed-off-by: Anton Petrov <petrov9810@gmail.com>
Signed-off-by: Sylvain Pichon <service@spichon.fr>
Signed-off-by: Charlie <charlie@mapletree.biz>
Co-authored-by: Alpertunga <a_ertin@msn.com>
Co-authored-by: Alexander Schwartz <alexander.schwartz@gmx.net>
Co-authored-by: Anton Petrov <petrov9810@gmail.com>
Co-authored-by: Sylvain Pichon <service@spichon.fr>
Co-authored-by: Charlie <charlie@mapletree.biz>
 2026-01-02 21:36:51 +01:00
Christian Ja
374e45b883
Use default locale from realm an intermediate fallback 
closes #40990

Signed-off-by: Christian Janker <christian.janker@gmx.at>
Signed-off-by: Alexander Schwartz <alexander.schwartz@ibm.com>
Co-authored-by: Alexander Schwartz <alexander.schwartz@ibm.com>
 2026-01-01 14:23:33 +00:00
Robin Meese
35ee49b5d4
Add logout event to UserSessionLimitsAuthenticator 
Closes #44843

Signed-off-by: Robin Meese <39960884+robson90@users.noreply.github.com>
Signed-off-by: Alexander Schwartz <alexander.schwartz@ibm.com>
Co-authored-by: Alexander Schwartz <alexander.schwartz@ibm.com>
 2026-01-01 13:22:54 +00:00
Ricardo Noriega
ac557234a2
Fix typos in documentation (#45101) 
Signed-off-by: Ricardo Noriega De Soto <rnoriega@redhat.com>
 2026-01-01 12:13:52 +00:00
Stefan Guilhen
b567372d20 Use KeycloakModelUtils to resolve groups by path 
Closes #45072

Signed-off-by: Stefan Guilhen <sguilhen@redhat.com>
 2025-12-29 11:29:43 -03:00
Stefan Guilhen
43634dd2ed Update docs/documentation/server_admin/topics/workflows/understanding-workflow-definition.adoc 
Co-authored-by: Pedro Igor <pigor.craveiro@gmail.com>
Signed-off-by: Stefan Guilhen <sguilhen@redhat.com>
 2025-12-29 10:29:38 -03:00
Stefan Guilhen
9865791084 Fix wrong provider references in workflows documentation 
Closes #45077

Signed-off-by: Stefan Guilhen <sguilhen@redhat.com>
 2025-12-29 10:29:38 -03:00
Stefan Guilhen
66f3868ccf Suppress the step's priority in the returned workflow JSON/YAML 
Closes #45075

Signed-off-by: Stefan Guilhen <sguilhen@redhat.com>
 2025-12-29 10:26:21 -03:00
Stefan Guilhen
985ec6d306 Add name uniqueness validation to workflows 
Closes #43914

Signed-off-by: Stefan Guilhen <sguilhen@redhat.com>

# Conflicts:
#	tests/base/src/test/java/org/keycloak/tests/workflow/WorkflowManagementTest.java
 2025-12-29 10:24:56 -03:00
Robin Meese
0957572751
Add logout event to SessionResource 
Closes #44842

Signed-off-by: Robin Meese <39960884+robson90@users.noreply.github.com>
Signed-off-by: Alexander Schwartz <alexander.schwartz@gmx.net>
Co-authored-by: Alexander Schwartz <alexander.schwartz@gmx.net>
 2025-12-29 12:25:45 +00:00
Muhammed Oğuz
6519142f43
Add missing repeatHelp translation key 
Closes #45085

Signed-off-by: Muhammed Oguz <muhammed0748@outlook.com>
 2025-12-27 18:58:46 +01:00
Weblate (bot)
133b993b01
Translations update from Hosted Weblate (#45056) 
* Updated translation for German

Language: de

Co-authored-by: Hosted Weblate <hosted@weblate.org>
Co-authored-by: Till Reymann <till.reymann@gmail.com>
Signed-off-by: Hosted Weblate <hosted@weblate.org>
Signed-off-by: Till Reymann <till.reymann@gmail.com>

* Updated translation for Russian

Language: ru

Updated translation for Russian

Language: ru

Translated using Weblate (Russian)

Translation: Keycloak/Admin backend
Translate-URL: https://hosted.weblate.org/projects/keycloak/theme-baseadmin/ru/

Co-authored-by: Anton Petrov <petrov9810@gmail.com>
Co-authored-by: Hosted Weblate <hosted@weblate.org>
Signed-off-by: Anton Petrov <petrov9810@gmail.com>
Signed-off-by: Hosted Weblate <hosted@weblate.org>

* Updated translation for Japanese

Language: ja

Translated using Weblate (Japanese)

Translation: Keycloak/Admin backend
Translate-URL: https://hosted.weblate.org/projects/keycloak/theme-baseadmin/ja/

Co-authored-by: Hosted Weblate <hosted@weblate.org>
Co-authored-by: Kohei Tamura <ktamura.biz.80@gmail.com>
Signed-off-by: Hosted Weblate <hosted@weblate.org>
Signed-off-by: Kohei Tamura <ktamura.biz.80@gmail.com>

* Updated translation for Czech

Language: cs

Translated using Weblate (Czech)

Translation: Keycloak/Admin backend
Translate-URL: https://hosted.weblate.org/projects/keycloak/theme-baseadmin/cs/

Co-authored-by: Hosted Weblate <hosted@weblate.org>
Co-authored-by: Martin Kylián <martin.kylian@gmail.com>
Signed-off-by: Hosted Weblate <hosted@weblate.org>
Signed-off-by: Martin Kylián <martin.kylian@gmail.com>

* Updated translation for Spanish

Language: es

Translated using Weblate (Spanish)

Translation: Keycloak/Admin backend
Translate-URL: https://hosted.weblate.org/projects/keycloak/theme-baseadmin/es/

Updated translation for Spanish

Language: es

Updated translation for Spanish

Language: es

Updated translation for Spanish

Language: es

Updated translation for Spanish

Language: es

Updated translation for Spanish

Language: es

Co-authored-by: Ariel Anthieni <aanthieni@kan.com.ar>
Co-authored-by: Hosted Weblate <hosted@weblate.org>
Signed-off-by: Ariel Anthieni <aanthieni@kan.com.ar>
Signed-off-by: Hosted Weblate <hosted@weblate.org>

* Updated translation for French

Language: fr

Updated translation for French

Language: fr

Updated translation for French

Language: fr

Updated translation for French

Language: fr

Updated translation for French

Language: fr

Co-authored-by: Hosted Weblate <hosted@weblate.org>
Co-authored-by: Sylvain Pichon <service@spichon.fr>
Signed-off-by: Hosted Weblate <hosted@weblate.org>
Signed-off-by: Sylvain Pichon <service@spichon.fr>

* Updated translation for Chinese (Traditional Han script)

Language: zh_Hant

Translated using Weblate (Chinese (Traditional Han script))

Translation: Keycloak/Admin backend
Translate-URL: https://hosted.weblate.org/projects/keycloak/theme-baseadmin/zh_Hant/

Co-authored-by: Hosted Weblate <hosted@weblate.org>
Co-authored-by: 秉虎 <s96016641@gmail.com>
Signed-off-by: Hosted Weblate <hosted@weblate.org>
Signed-off-by: 秉虎 <s96016641@gmail.com>

* Updated translation for Chinese (Simplified Han script)

Language: zh_Hans

Updated translation for Chinese (Simplified Han script)

Language: zh_Hans

Updated translation for Chinese (Simplified Han script)

Language: zh_Hans

Co-authored-by: Charlie <charlie@mapletree.biz>
Co-authored-by: Hosted Weblate <hosted@weblate.org>
Signed-off-by: Charlie <charlie@mapletree.biz>
Signed-off-by: Hosted Weblate <hosted@weblate.org>

---------

Signed-off-by: Hosted Weblate <hosted@weblate.org>
Signed-off-by: Till Reymann <till.reymann@gmail.com>
Signed-off-by: Anton Petrov <petrov9810@gmail.com>
Signed-off-by: Kohei Tamura <ktamura.biz.80@gmail.com>
Signed-off-by: Martin Kylián <martin.kylian@gmail.com>
Signed-off-by: Ariel Anthieni <aanthieni@kan.com.ar>
Signed-off-by: Sylvain Pichon <service@spichon.fr>
Signed-off-by: 秉虎 <s96016641@gmail.com>
Signed-off-by: Charlie <charlie@mapletree.biz>
Co-authored-by: Till Reymann <till.reymann@gmail.com>
Co-authored-by: Anton Petrov <petrov9810@gmail.com>
Co-authored-by: Kohei Tamura <ktamura.biz.80@gmail.com>
Co-authored-by: Martin Kylián <martin.kylian@gmail.com>
Co-authored-by: Ariel Anthieni <aanthieni@kan.com.ar>
Co-authored-by: Sylvain Pichon <service@spichon.fr>
Co-authored-by: 秉虎 <s96016641@gmail.com>
Co-authored-by: Charlie <charlie@mapletree.biz>
 2025-12-27 18:30:37 +01:00
Bailey Lissington
b1536cf523
fix typo in authentication flows descriptions 
Closes #45066

Signed-off-by: Bailey Lissington <54869395+llamington@users.noreply.github.com>
 2025-12-23 13:40:33 +00:00
Weblate (bot)
658faf210f
Translations update from Hosted Weblate (#44953) 
* Updated translation for Turkish

Language: tr

Updated translation for Turkish

Language: tr

Co-authored-by: Alpertunga <a_ertin@msn.com>
Co-authored-by: Arif EROL <arif.erol16@gmail.com>
Co-authored-by: Hosted Weblate <hosted@weblate.org>
Signed-off-by: Alpertunga <a_ertin@msn.com>
Signed-off-by: Arif EROL <arif.erol16@gmail.com>
Signed-off-by: Hosted Weblate <hosted@weblate.org>

* Updated translation for German

Language: de

Co-authored-by: Alexander Schwartz <alexander.schwartz@gmx.net>
Co-authored-by: Hosted Weblate <hosted@weblate.org>
Signed-off-by: Alexander Schwartz <alexander.schwartz@gmx.net>
Signed-off-by: Hosted Weblate <hosted@weblate.org>

* Updated translation for Russian

Language: ru

Translated using Weblate (Russian)

Translation: Keycloak/Admin backend
Translate-URL: https://hosted.weblate.org/projects/keycloak/theme-baseadmin/ru/

Updated translation for Russian

Language: ru

Updated translation for Russian

Language: ru

Co-authored-by: Anton Petrov <petrov9810@gmail.com>
Co-authored-by: Dmitry Mazurov <dimabzz@gmail.com>
Co-authored-by: Hosted Weblate <hosted@weblate.org>
Co-authored-by: Алексей Корн <korn3r@gmail.com>
Signed-off-by: Anton Petrov <petrov9810@gmail.com>
Signed-off-by: Dmitry Mazurov <dimabzz@gmail.com>
Signed-off-by: Hosted Weblate <hosted@weblate.org>
Signed-off-by: Алексей Корн <korn3r@gmail.com>

* Updated translation for Catalan

Language: ca

Co-authored-by: Hosted Weblate <hosted@weblate.org>
Co-authored-by: Jordi Mallach <jordi@mallach.net>
Signed-off-by: Hosted Weblate <hosted@weblate.org>
Signed-off-by: Jordi Mallach <jordi@mallach.net>

* Translated using Weblate (Czech)

Translation: Keycloak/Admin backend
Translate-URL: https://hosted.weblate.org/projects/keycloak/theme-baseadmin/cs/

Co-authored-by: Hosted Weblate <hosted@weblate.org>
Co-authored-by: Martin Kylián <martin.kylian@gmail.com>
Signed-off-by: Martin Kylián <martin.kylian@gmail.com>

* Updated translation for Spanish

Language: es

Co-authored-by: Ariel Anthieni <aanthieni@kan.com.ar>
Co-authored-by: Hosted Weblate <hosted@weblate.org>
Signed-off-by: Ariel Anthieni <aanthieni@kan.com.ar>
Signed-off-by: Hosted Weblate <hosted@weblate.org>

* Updated translation for French

Language: fr

Updated translation for French

Language: fr

Updated translation for French

Language: fr

Updated translation for French

Language: fr

Updated translation for French

Language: fr

Co-authored-by: Hosted Weblate <hosted@weblate.org>
Co-authored-by: Sylvain Pichon <service@spichon.fr>
Signed-off-by: Hosted Weblate <hosted@weblate.org>
Signed-off-by: Sylvain Pichon <service@spichon.fr>

* Updated translation for Chinese (Traditional Han script)

Language: zh_Hant

Updated translation for Chinese (Traditional Han script)

Language: zh_Hant

Updated translation for Chinese (Traditional Han script)

Language: zh_Hant

Co-authored-by: Hosted Weblate <hosted@weblate.org>
Co-authored-by: 秉虎 <s96016641@gmail.com>
Co-authored-by: 翁震軒 <benwater12@gmail.com>
Signed-off-by: Hosted Weblate <hosted@weblate.org>
Signed-off-by: 秉虎 <s96016641@gmail.com>
Signed-off-by: 翁震軒 <benwater12@gmail.com>

---------

Signed-off-by: Alpertunga <a_ertin@msn.com>
Signed-off-by: Arif EROL <arif.erol16@gmail.com>
Signed-off-by: Hosted Weblate <hosted@weblate.org>
Signed-off-by: Alexander Schwartz <alexander.schwartz@gmx.net>
Signed-off-by: Anton Petrov <petrov9810@gmail.com>
Signed-off-by: Dmitry Mazurov <dimabzz@gmail.com>
Signed-off-by: Алексей Корн <korn3r@gmail.com>
Signed-off-by: Jordi Mallach <jordi@mallach.net>
Signed-off-by: Martin Kylián <martin.kylian@gmail.com>
Signed-off-by: Ariel Anthieni <aanthieni@kan.com.ar>
Signed-off-by: Sylvain Pichon <service@spichon.fr>
Signed-off-by: 秉虎 <s96016641@gmail.com>
Signed-off-by: 翁震軒 <benwater12@gmail.com>
Co-authored-by: Alpertunga <a_ertin@msn.com>
Co-authored-by: Arif EROL <arif.erol16@gmail.com>
Co-authored-by: Alexander Schwartz <alexander.schwartz@gmx.net>
Co-authored-by: Anton Petrov <petrov9810@gmail.com>
Co-authored-by: Dmitry Mazurov <dimabzz@gmail.com>
Co-authored-by: Алексей Корн <korn3r@gmail.com>
Co-authored-by: Jordi Mallach <jordi@mallach.net>
Co-authored-by: Martin Kylián <martin.kylian@gmail.com>
Co-authored-by: Ariel Anthieni <aanthieni@kan.com.ar>
Co-authored-by: Sylvain Pichon <service@spichon.fr>
Co-authored-by: 秉虎 <s96016641@gmail.com>
Co-authored-by: 翁震軒 <benwater12@gmail.com>
 2025-12-21 22:15:31 +01:00
Stefan Guilhen
e6b2f0dc60
Review workflows test coverage (#45041) 
Closes #42694

Signed-off-by: Stefan Guilhen <sguilhen@redhat.com>
 2025-12-19 13:06:30 -05:00
Stefan Guilhen
44c492ed97
Add OpenAPI annotations to workflows resources (#45007) 
* feat(openapi): add missing OpenAPI annotations to API methods

Add missing OpenAPI annotations to API methods across the REST services so the generated OpenAPI spec and Swagger UI include the complete API metadata.

Ensures consistent tagging and parameter/response descriptions for admin endpoints.

No behavior change; only adds documentation annotations.

Closes #42695

Signed-off-by: MOUNIAT-1002 <20225680@etud.univ-evry.fr>

* Add missing OpenAPI annotations

Closes #42695

Signed-off-by: Stefan Guilhen <sguilhen@redhat.com>

---------

Signed-off-by: MOUNIAT-1002 <20225680@etud.univ-evry.fr>
Signed-off-by: Stefan Guilhen <sguilhen@redhat.com>
Co-authored-by: MOUNIAT-1002 <20225680@etud.univ-evry.fr>
 2025-12-19 13:02:23 -05:00
Stefan Guilhen
0d09f755f1
Fix wrong event names in workflows documentation (#45002) 
Closes #45001

Signed-off-by: Stefan Guilhen <sguilhen@redhat.com>
 2025-12-19 13:01:20 -05:00
Peter Zaoral
7da8a8a2e3
feat: add Windows service support (#44496) 
Closes: #37704

Signed-off-by: Peter Zaoral <pepo48@gmail.com>
 2025-12-19 16:55:42 +00:00
Pedro Ruivo
04c0c874f9
Fix testsuite after migration to new testsuite (#45045) 
Signed-off-by: Pedro Ruivo <1492066+pruivo@users.noreply.github.com>
Co-authored-by: Pedro Ruivo <1492066+pruivo@users.noreply.github.com>
 2025-12-19 16:56:12 +01:00
Stian Thorgersen
78274ccc5d
Migrate parts of model package to new test framework (#45024) 
Part of #44983

Signed-off-by: stianst <stianst@gmail.com>
 2025-12-19 14:52:23 +01:00
Steven Hawkins
6bb586e871
fix: updating the health check docs 
closes: #44634

Signed-off-by: Steve Hawkins <shawkins@redhat.com>
Signed-off-by: Steven Hawkins <shawkins@redhat.com>
Co-authored-by: Alexander Schwartz <alexander.schwartz@gmx.net>
Co-authored-by: Klemens Böswirth <23529132+kodebach@users.noreply.github.com>
 2025-12-19 14:31:22 +01:00
Stephan Seifermann
aefecade5c
Client cert lookup provider compliant to RFC 9440 (#36161) 
* Client cert lookup provider compliant to RFC 9440 (#20761)

Signed-off-by: Stephan Seifermann <seiferma@users.noreply.github.com>

* Release notes

Signed-off-by: Václav Muzikář <vmuzikar@redhat.com>

---------

Signed-off-by: Stephan Seifermann <seiferma@users.noreply.github.com>
Signed-off-by: Václav Muzikář <vmuzikar@redhat.com>
Co-authored-by: Stephan Seifermann <seiferma@users.noreply.github.com>
Co-authored-by: Václav Muzikář <vmuzikar@redhat.com>
 2025-12-19 12:38:54 +01:00
Ricardo Martin
efc75f09b0
Fix link to https://azure.microsoft.com/en-us (#45036) 
Closes #45023

Signed-off-by: rmartinc <rmartinc@redhat.com>
 2025-12-19 12:27:05 +01:00
Vlasta Ramik
dc6f23146d
Flaky test: org.keycloak.testsuite.broker.KcOidcBrokerTest#loginWithExistingUserWithBruteForceEnabled (#45014) 
Closes #43637

Signed-off-by: vramik <vramik@redhat.com>
 2025-12-19 09:10:12 +00:00
khimportiert
3231c2cba0
Fix German translation placeholder for organization membership title 
Closes #45020

Signed-off-by: khimportiert <khimpaully@gmail.com>
 2025-12-19 08:37:20 +00:00
rmartinc
7be37f1e0d Add webauthn for organization authenticator when org is selected 
Closes #44735

Signed-off-by: rmartinc <rmartinc@redhat.com>
 2025-12-19 08:45:10 +01:00
Steven Hawkins
7ecc4c5774
fix: updating test crdtest expectation 
closes: #45017

Signed-off-by: Steve Hawkins <shawkins@redhat.com>
 2025-12-19 08:15:12 +01:00
Martin Kanis
5b437f0a27
Cannot run arquillian testsuite with quarkus-embedded due to dependency conflict (#44991) 
Closes #44990

Signed-off-by: Martin Kanis <mkanis@redhat.com>
 2025-12-18 16:17:34 +00:00
Stian Thorgersen
47c1afde5a
Migrate parts of model package to new test framework (#44988) 
Part of #44983

Signed-off-by: stianst <stianst@gmail.com>
 2025-12-18 16:48:58 +01:00
mposolda
ff1274c07a Mandatory claims are not enforced for OID4VCI 
closes #44796

Signed-off-by: mposolda <mposolda@gmail.com>
 2025-12-18 16:04:13 +01:00
Pedro Igor
6a437521a9
Only allow LDAP URL references when following referrals (#44993) 
Signed-off-by: Pedro Igor <pigor.craveiro@gmail.com>
Signed-off-by: Alexander Schwartz <alexander.schwartz@ibm.com>
Signed-off-by: Stian Thorgersen <stian@redhat.com>
Co-authored-by: Alexander Schwartz <alexander.schwartz@ibm.com>
Co-authored-by: Stian Thorgersen <stianst@gmail.com>
 2025-12-18 14:27:10 +01:00
Stian Thorgersen
94dc60822b
Update testframework registry to explicitly declare dependencies in all suppliers (#44974) 
Closes #44947, Closes #40756

Signed-off-by: stianst <stianst@gmail.com>
 2025-12-18 14:08:32 +01:00
Pedro Igor
7512a0412b
wip - workflows doc (#44685) 
Signed-off-by: Pedro Igor <pigor.craveiro@gmail.com>
Co-authored-by: Stan Silvert <ssilvert@redhat.com>
 2025-12-18 07:52:41 -05:00
Takashi Norimatsu
ce67ec0d22
MCP Documentation for 26.5 (#44572) 
closes #44571

Signed-off-by: Takashi Norimatsu <takashi.norimatsu.ws@hitachi.com>
Co-authored-by: Alexander Schwartz <alexander.schwartz@ibm.com>
 2025-12-18 13:49:16 +01:00
Pedro Igor
f36819e943
Adding join and leave group steps (#44841) 
Closes #44649

Signed-off-by: Pedro Igor <pigor.craveiro@gmail.com>
 2025-12-18 13:07:23 +01:00
mposolda
08e96435c8 DefaultCryptoSdJwsTest.shouldValidateAgeSinceIssued_IfJwtIsTooOld() sometimes fails in CI 
closes #44971

Signed-off-by: mposolda <mposolda@gmail.com>
 2025-12-18 10:59:34 +01:00
Marek Posolda
92314bccc6
More capabilities in SdJwtVP API when creating presentations (#44977) 
closes #44976

Signed-off-by: mposolda <mposolda@gmail.com>
 2025-12-18 10:58:55 +01:00
Marek Posolda
4b68f6998b
Release notes update for Keycloak 26.5 with core-clients related contributions (#44986) 
closes #44192

Signed-off-by: mposolda <mposolda@gmail.com>
 2025-12-18 10:48:27 +01:00
Giuseppe Graziano
790fb557db
Limit access Token expiration for jwt authorization grant (#44775) 
Closes #43972


Signed-off-by: Giuseppe Graziano <g.graziano94@gmail.com>
 2025-12-18 09:21:29 +01:00
forkimenjeckayang
f5a3086027
Use correct parameter for the getCredentialOfferPreflight method (#44931) 
Closes #44742

Signed-off-by: forkimenjeckayang <forkimenjeckayang@gmail.com>
 2025-12-17 18:41:57 +01:00
Pascal Knüppel
b2778a6792
[OID4VCI] Add mapper for mapping unmanaged attributes (#44828) 
closes #44780


Signed-off-by: Pascal Knüppel <pascal.knueppel@governikus.de>
 2025-12-17 18:39:00 +01:00
Martin Bartoš
548a89c823
[OTel] Micrometer to OpenTelemetry bridge support for metrics (#41716) 
* [OTel] Micrometer to OpenTelemetry bridge support for metrics

Closes #41006

Signed-off-by: Martin Bartoš <mabartos@redhat.com>

* Review: Docs rewording

Signed-off-by: Ryan Emerson <remerson@ibm.com>

* Review: Make TELEMETRY Option descriptions consistently use OpenTelemetry to reflect pattern established by telemetry-enabled, telemetry-endpoint etc

Signed-off-by: Ryan Emerson <remerson@ibm.com>

---------

Signed-off-by: Martin Bartoš <mabartos@redhat.com>
Signed-off-by: Ryan Emerson <remerson@ibm.com>
Co-authored-by: Ryan Emerson <remerson@ibm.com>
 2025-12-17 17:03:56 +01:00
Lukas Hanusovsky
92849ef5d3
Move AdminClientTest to the new testsuite (#44705) 
* Moving files to the new test suite

Signed-off-by: Simon Vacek <simonvacky@email.cz>

* Move AdminClientTest to the new testsuite

Part of: #35040

Signed-off-by: Simon Vacek <simonvacky@email.cz>
Co-authored: Lukas Hanusovsky <lhanusov@redhat.com>

* Refactoring of ManagedCertificates

* Fix compatiblity issue with ManagedCertificates dependency

Signed-off-by: stianst <stianst@gmail.com>

* Fixing trustStrategy for SSLContext truststore.

Signed-off-by: Lukas Hanusovsky <lhanusov@redhat.com>

* Fix FIPS

Signed-off-by: stianst <stianst@gmail.com>

---------

Signed-off-by: Simon Vacek <simonvacky@email.cz>
Signed-off-by: stianst <stianst@gmail.com>
Signed-off-by: Lukas Hanusovsky <lhanusov@redhat.com>
Co-authored-by: Simon Vacek <simonvacky@email.cz>
Co-authored-by: stianst <stianst@gmail.com>
 2025-12-17 14:31:22 +00:00
forkimenjeckayang
ca617d9711
[OID4VCI]: Use Keycloak time utility for OID4VC related timestamps (#44871) 
Closes: #44235


Signed-off-by: forkimenjeckayang <forkimenjeckayang@gmail.com>
 2025-12-17 14:58:01 +01:00
Awambeng Rodrick
3218cd1847 Adjust OID4VC request logging verbosity 
- Downgrade request-level INFO logs in the OID4VC issuer flow to DEBUG and log malformed display metadata as WARN instead of INFO to keep lifecycle logs clean.

Closes #44675

Signed-off-by: Awambeng Rodrick <awambengrodrick@gmail.com>
Signed-off-by: Awambeng <awambengrodrick@gmail.com>
 2025-12-17 14:08:02 +01:00
Stian Thorgersen
aa6890f539
Support running test methods on the server side (#44937) 
Closes #44936

Signed-off-by: stianst <stianst@gmail.com>
 2025-12-17 13:15:42 +01:00
Sebastian Łaskawiec
9597537bf3
Additional fields for the Welcome Resource (#44758) 
* Additional fields added to the Welcome Page

Signed-off-by: Sebastian Łaskawiec <sebastian.laskawiec@gmail.com>

* Updated the order of fields

Signed-off-by: Sebastian Łaskawiec <sebastian.laskawiec@gmail.com>

---------

Signed-off-by: Sebastian Łaskawiec <sebastian.laskawiec@gmail.com>
 2025-12-17 13:11:44 +01:00
Peter Zaoral
7b80e1f7a4
Remove unused azure-credentials input from azure-create-database action (#44958) 
Closes: #44956

Signed-off-by: Peter Zaoral <pepo48@gmail.com>
 2025-12-17 12:48:14 +01:00
Ryan Emerson
9f6b8159ec
Create a LocalCacheProvider SPI (#44950) 
Closes #42223

Signed-off-by: Ryan Emerson <remerson@ibm.com>
 2025-12-17 12:46:05 +01:00
Martin Kanis
012cefb654 The existence of an organization attribute called id is not validated 
Closes #44522

Signed-off-by: Martin Kanis <mkanis@redhat.com>
 2025-12-17 08:05:32 -03:00
Xabi
bf18942c34
Basque (eu) translation (#44916) 
* Add Basque translations for login messages

Added Basque language translations for login messages.

Signed-off-by: Xabi <xezpeleta@gmail.com>

* Add Basque email messages for notifications

Signed-off-by: Xabi <xezpeleta@gmail.com>

* Create Account messages basque translation

Add Basque language translations for account messages.

Signed-off-by: Xabi <xezpeleta@gmail.com>

* Add Basque localization for admin messages

Added various error messages and validation prompts in Basque for password policies, LDAP configurations, client redirect URIs, and other client-related settings.

Signed-off-by: Xabi <xezpeleta@gmail.com>

* Add Basque localization for account messages

Introduced a new properties file containing Basque translations for various account-related messages, including error prompts, user interactions, and notifications.

Signed-off-by: Xabi Ezpeleta <xezpeleta@gmail.com>

* Add Basque localization for admin messages

Introduced a new properties file containing Basque translations for various admin-related messages, including user management, permissions, and notifications.

Signed-off-by: Xabi Ezpeleta <xezpeleta@gmail.com>

* Add Basque localization for various themes

Updated theme properties files to include Basque translations for account, admin, email, and login messages, enhancing multilingual support across the application.

Signed-off-by: Xabi Ezpeleta <xezpeleta@gmail.com>

* Add Basque localization for admin messages (work-in-progress)

Signed-off-by: Xabi Ezpeleta <xezpeleta@gmail.com>

---------

Signed-off-by: Xabi <xezpeleta@gmail.com>
Signed-off-by: Xabi Ezpeleta <xezpeleta@gmail.com>
 2025-12-17 11:47:55 +01:00
Pedro Ruivo
ba495d1ab1
Remote Infinispan should return count per client only for the current realm (#44948) 
Closes #44577

Signed-off-by: Pedro Ruivo <1492066+pruivo@users.noreply.github.com>
Co-authored-by: Pedro Ruivo <1492066+pruivo@users.noreply.github.com>
 2025-12-17 07:40:49 +01:00
Vlasta Ramik
ab546c9184
Flaky test: org.keycloak.testsuite.broker.KcOidcBrokerTest#testPostBrokerLoginFlowWithOTP (#44945) 
Closes #43973

Signed-off-by: vramik <vramik@redhat.com>
 2025-12-16 14:58:53 -05:00
Steven Hawkins
148d14816c
fix: allowing settable connection request timeout (#44592) 
also defaulting to 5000

closes: #44500

Signed-off-by: Steve Hawkins <shawkins@redhat.com>
 2025-12-16 16:35:01 +00:00
Steven Hawkins
5bf740e383
fix: preventing raw stacktrace response and error log (#44815) 
closes: #44712

Signed-off-by: Steve Hawkins <shawkins@redhat.com>
 2025-12-16 15:28:29 +01:00
rmartinc
40eb51f10c Add timeout option for keycloak-admin-client 
Closes #42644

Signed-off-by: rmartinc <rmartinc@redhat.com>
 2025-12-16 14:49:35 +01:00
Palpable
94ee6d81fb
[OID4VCI] Realign naming of attribute configuring algorithms for credential (#44765) 
Closes #44621


Signed-off-by: Vitalisn4 <ngamvitalisyuh@gmail.com>
Signed-off-by: mposolda <mposolda@gmail.com>
Signed-off-by: Ingrid Kamga <Ingrid.Kamga@adorsys.com>
Co-authored-by: Marek Posolda <mposolda@gmail.com>
Co-authored-by: Ingrid Kamga <Ingrid.Kamga@adorsys.com>
 2025-12-16 14:46:17 +01:00
Stian Thorgersen
5ae60f3513
Fix NPE in JWT authenticators (#44941) 
Closes #44940

Signed-off-by: stianst <stianst@gmail.com>
 2025-12-16 14:41:14 +01:00
Weblate (bot)
33e3e680be
Translations update from Hosted Weblate (#44766) 
* Update translation files

Updated by "Cleanup translation files" hook in Weblate.

Update translation files

Updated by "Cleanup translation files" hook in Weblate.

Update translation files

Updated by "Cleanup translation files" hook in Weblate.

Updated translation for Turkish

Language: tr

Translated using Weblate (Turkish)

Translation: Keycloak/Theme base/admin
Translate-URL: https://hosted.weblate.org/projects/keycloak/theme-baseadmin/tr/

Co-authored-by: Arif EROL <arif.erol16@gmail.com>
Co-authored-by: Hosted Weblate <hosted@weblate.org>
Signed-off-by: Arif EROL <arif.erol16@gmail.com>
Signed-off-by: Hosted Weblate <hosted@weblate.org>

* Update translation files

Updated by "Cleanup translation files" hook in Weblate.

Update translation files

Updated by "Cleanup translation files" hook in Weblate.

Co-authored-by: Hosted Weblate <hosted@weblate.org>
Signed-off-by: Hosted Weblate <hosted@weblate.org>

* Update translation files

Updated by "Cleanup translation files" hook in Weblate.

Update translation files

Updated by "Cleanup translation files" hook in Weblate.

Translated using Weblate (German)

Translation: Keycloak/Admin backend
Translate-URL: https://hosted.weblate.org/projects/keycloak/theme-baseadmin/de/

Updated translation for German

Language: de

Co-authored-by: Alexander Schwartz <alexander.schwartz@gmx.net>
Co-authored-by: Hosted Weblate <hosted@weblate.org>
Signed-off-by: Alexander Schwartz <alexander.schwartz@gmx.net>
Signed-off-by: Hosted Weblate <hosted@weblate.org>

* Update translation files

Updated by "Cleanup translation files" hook in Weblate.

Update translation files

Updated by "Cleanup translation files" hook in Weblate.

Update translation files

Updated by "Cleanup translation files" hook in Weblate.

Co-authored-by: Hosted Weblate <hosted@weblate.org>
Signed-off-by: Hosted Weblate <hosted@weblate.org>

* Update translation files

Updated by "Cleanup translation files" hook in Weblate.

Update translation files

Updated by "Cleanup translation files" hook in Weblate.

Update translation files

Updated by "Cleanup translation files" hook in Weblate.

Co-authored-by: Hosted Weblate <hosted@weblate.org>
Signed-off-by: Hosted Weblate <hosted@weblate.org>

* Update translation files

Updated by "Cleanup translation files" hook in Weblate.

Updated translation for Catalan

Language: ca

Updated translation for Catalan

Language: ca

Co-authored-by: Alexander Schwartz <alexander.schwartz@gmx.net>
Co-authored-by: Hosted Weblate <hosted@weblate.org>
Co-authored-by: Jordi Mallach <jordi@mallach.net>
Signed-off-by: Alexander Schwartz <alexander.schwartz@gmx.net>
Signed-off-by: Hosted Weblate <hosted@weblate.org>
Signed-off-by: Jordi Mallach <jordi@mallach.net>

* Update translation files

Updated by "Cleanup translation files" hook in Weblate.

Updated translation for Czech

Language: cs

Co-authored-by: Hosted Weblate <hosted@weblate.org>
Co-authored-by: Martin Kluska <martin@kluska.cz>
Signed-off-by: Hosted Weblate <hosted@weblate.org>
Signed-off-by: Martin Kluska <martin@kluska.cz>

* Update translation files

Updated by "Cleanup translation files" hook in Weblate.

Co-authored-by: Hosted Weblate <hosted@weblate.org>
Signed-off-by: Hosted Weblate <hosted@weblate.org>

* Update translation files

Updated by "Cleanup translation files" hook in Weblate.

Co-authored-by: Hosted Weblate <hosted@weblate.org>
Signed-off-by: Hosted Weblate <hosted@weblate.org>

* Update translation files

Updated by "Cleanup translation files" hook in Weblate.

Update translation files

Updated by "Cleanup translation files" hook in Weblate.

Update translation files

Updated by "Cleanup translation files" hook in Weblate.

Co-authored-by: Hosted Weblate <hosted@weblate.org>
Signed-off-by: Hosted Weblate <hosted@weblate.org>

* Update translation files

Updated by "Cleanup translation files" hook in Weblate.

Update translation files

Updated by "Cleanup translation files" hook in Weblate.

Update translation files

Updated by "Cleanup translation files" hook in Weblate.

Updated translation for French

Language: fr

Updated translation for French

Language: fr

Updated translation for French

Language: fr

Updated translation for French

Language: fr

Updated translation for French

Language: fr

Updated translation for French

Language: fr

Updated translation for French

Language: fr

Updated translation for French

Language: fr

Updated translation for French

Language: fr

Updated translation for French

Language: fr

Updated translation for French

Language: fr

Updated translation for French

Language: fr

Co-authored-by: Hosted Weblate <hosted@weblate.org>
Co-authored-by: Sylvain Pichon <service@spichon.fr>
Signed-off-by: Hosted Weblate <hosted@weblate.org>
Signed-off-by: Sylvain Pichon <service@spichon.fr>

* Update translation files

Updated by "Cleanup translation files" hook in Weblate.

Co-authored-by: Hosted Weblate <hosted@weblate.org>
Signed-off-by: Hosted Weblate <hosted@weblate.org>

* Update translation files

Updated by "Cleanup translation files" hook in Weblate.

Update translation files

Updated by "Cleanup translation files" hook in Weblate.

Update translation files

Updated by "Cleanup translation files" hook in Weblate.

Co-authored-by: Hosted Weblate <hosted@weblate.org>
Signed-off-by: Hosted Weblate <hosted@weblate.org>

* Update translation files

Updated by "Cleanup translation files" hook in Weblate.

Update translation files

Updated by "Cleanup translation files" hook in Weblate.

Update translation files

Updated by "Cleanup translation files" hook in Weblate.

Updated translation for Chinese (Simplified Han script)

Language: zh_Hans

Co-authored-by: DeathGun5201 <3124836676@qq.com>
Co-authored-by: Hosted Weblate <hosted@weblate.org>
Signed-off-by: DeathGun5201 <3124836676@qq.com>
Signed-off-by: Hosted Weblate <hosted@weblate.org>

---------

Signed-off-by: Arif EROL <arif.erol16@gmail.com>
Signed-off-by: Hosted Weblate <hosted@weblate.org>
Signed-off-by: Alexander Schwartz <alexander.schwartz@gmx.net>
Signed-off-by: Jordi Mallach <jordi@mallach.net>
Signed-off-by: Martin Kluska <martin@kluska.cz>
Signed-off-by: Sylvain Pichon <service@spichon.fr>
Signed-off-by: DeathGun5201 <3124836676@qq.com>
Co-authored-by: Arif EROL <arif.erol16@gmail.com>
Co-authored-by: Alexander Schwartz <alexander.schwartz@gmx.net>
Co-authored-by: Jordi Mallach <jordi@mallach.net>
Co-authored-by: Martin Kluska <martin@kluska.cz>
Co-authored-by: Sylvain Pichon <service@spichon.fr>
Co-authored-by: DeathGun5201 <3124836676@qq.com>
 2025-12-16 14:01:38 +01:00
Awambeng Rodrick
a1bffa3ddc Add spec-compliant jwt vc issuer well-known endpoint 
- expose /.well-known/jwt-vc-issuer/realms/{realm} and keep legacy route with deprecation headers
- build consumer metadata URL per draft-ietf-oauth-sd-jwt-vc-13 and add realm-path coverage
- add integration test for new path plus deprecation headers on legacy endpoint

Closes #44256

Signed-off-by: Awambeng Rodrick <awambengrodrick@gmail.com>
Signed-off-by: Awambeng <awambengrodrick@gmail.com>
 2025-12-16 13:46:06 +01:00
Ogen Bertrand
741c0ad959
[OID4VCI] Expose advanced realm-level OID4VCI settings in the Admin UI (#44615) 
closes #43900


Signed-off-by: Ogenbertrand <ogenbertrand@gmail.com>
 2025-12-16 12:54:12 +01:00
forkimenjeckayang
2f7045d7dd
Remove deferred credential endpoint from OID4VC metadata (#44907) 
Closes #44779

Signed-off-by: forkimenjeckayang <forkimenjeckayang@gmail.com>
 2025-12-16 12:50:12 +01:00
Robin Meese
ae853466fa
remove "createFlowHelp" key from I18n 
Closes #44925

Signed-off-by: Robin Meese <39960884+robson90@users.noreply.github.com>
Signed-off-by: Alexander Schwartz <alexander.schwartz@ibm.com>
Co-authored-by: Alexander Schwartz <alexander.schwartz@ibm.com>
 2025-12-16 10:53:17 +00:00
Robin Meese
c8983e0388
Improve grammar on keys and remove unused 
Closes #44927

Signed-off-by: Robin Meese <39960884+robson90@users.noreply.github.com>
Signed-off-by: Alexander Schwartz <alexander.schwartz@ibm.com>
Co-authored-by: Alexander Schwartz <alexander.schwartz@ibm.com>
 2025-12-16 10:43:45 +01:00
Stian Thorgersen
6bcbd5ab59
Clear classes loaded on the server side for run-on-server when a new execution happens (#44909) 
Closes #44908

Signed-off-by: stianst <stianst@gmail.com>
 2025-12-16 10:25:39 +01:00
Stan Silvert
6b300833e2 Enable workflows feature for Admin UI E2E 
Signed-off-by: Stan Silvert <ssilvert@redhat.com>
 2025-12-16 08:18:19 +01:00
Martin Bartoš
917fb86438
[docs] Remove paragraph about Quarkus OTel logging guide reference (#44911) 
Signed-off-by: Martin Bartoš <mabartos@redhat.com>
 2025-12-15 19:43:08 +01:00
Lukas Hanusovsky
e8c6a7b98d
[Test Framework] Migrate initial WebAuthn setup + WebAuthnRegisterAndLoginTest. (#44016) 
Signed-off-by: Lukas Hanusovsky <lhanusov@redhat.com>
 2025-12-15 15:01:42 +01:00
Martin Bartoš
29fdcedbc8
[OTel] Introduce preview support for OpenTelemetry Logs (#41265) 
Closes #41264

Co-authored-by: Ryan Emerson <remerson@redhat.com

Signed-off-by: Martin Bartoš <mabartos@redhat.com>
 2025-12-15 10:50:30 +01:00
Stian Thorgersen
ab9c6e36ee
Remove legacy/jakarta Undertow as we only need one, and upgrade to the latest to fix CVEs (#44901) 
Closes #44814

Signed-off-by: stianst <stianst@gmail.com>
 2025-12-15 10:39:19 +01:00
Pedro Igor
5833252872 Fixing error when importing realm 
Closes #44882

Signed-off-by: Pedro Igor <pigor.craveiro@gmail.com>
 2025-12-15 10:33:27 +01:00
Václav Muzikář
da6c4df5ec
Support EDB 18 (#44856) 
* Support EDB 18

Closes #44494

Signed-off-by: Václav Muzikář <vmuzikar@redhat.com>

* Update test-framework/db-edb/container/README.md

Co-authored-by: Steven Hawkins <shawkins@redhat.com>
Signed-off-by: Václav Muzikář <vaclav@muzikari.cz>

---------

Signed-off-by: Václav Muzikář <vmuzikar@redhat.com>
Signed-off-by: Václav Muzikář <vaclav@muzikari.cz>
Co-authored-by: Steven Hawkins <shawkins@redhat.com>
 2025-12-15 07:36:26 +01:00
Stefan Guilhen
22c144dd30 Rename workflow events 
- USER_ADDED -> USER_CREATED
- USER_ROLE_ADDED -> USER_ROLE_GRANTED
- USER_ROLE_REMOVED -> USER_ROLE_REVOKED

Closes #44879

Signed-off-by: Stefan Guilhen <sguilhen@redhat.com>
 2025-12-12 14:15:24 -03:00
Stefan Guilhen
7858e6ff6b Change workflow condition grammar to accept the token 'not' as the negation operator instead of '!' 
Closes #44880

Signed-off-by: Stefan Guilhen <sguilhen@redhat.com>
 2025-12-12 13:31:55 -03:00
Stefan Guilhen
0fc9650acc Set Workflows as tech preview 
Closes #44881

Signed-off-by: Stefan Guilhen <sguilhen@redhat.com>
 2025-12-12 13:05:59 -03:00
stianst
a07500045f Move workflow tests out of admin package 
Closes #44847

Signed-off-by: stianst <stianst@gmail.com>
 2025-12-12 11:54:58 -03:00
Awambeng
af8e905774
refactor(oid4vc): remove notification ID handling and related endpoint (#44844) 
Closes #44802


Signed-off-by: Awambeng Rodrick <awambengrodrick@gmail.com>
 2025-12-12 14:38:01 +01:00
Pedro Igor
0419d6711f Workflow database queries not filtering based on the realm 
Closes #44858

Signed-off-by: Pedro Igor <pigor.craveiro@gmail.com>
 2025-12-12 09:40:17 -03:00
Pedro Igor
84a0324d60 Adding grant and revoke role steps 
Closes #44648

Signed-off-by: Pedro Igor <pigor.craveiro@gmail.com>
 2025-12-12 09:38:39 -03:00
Pedro Igor
138d1e0588 Allow restarting the step chain at a specific position 
Closes #44789

Signed-off-by: Pedro Igor <pigor.craveiro@gmail.com>
 2025-12-12 09:38:01 -03:00
Stian Thorgersen
0e0534697e
Remove Log4j from parent pom (#44845) 
Closes #27932

Signed-off-by: stianst <stianst@gmail.com>
 2025-12-11 16:03:06 +01:00
Alexander Schwartz
3bd33528f3
Avoid flushing user information in batch mode 
Closes #44787

Signed-off-by: Alexander Schwartz <alexander.schwartz@ibm.com>
 2025-12-11 14:02:45 +01:00
Ruchika Jha
26fe8dc7d8
Added validation for client session timeout post comparing the realm session timeouts 
Closes #41019

Signed-off-by: ruchikajha95 <Ruchika.Jha1@ibm.com>
Signed-off-by: Alexander Schwartz <alexander.schwartz@ibm.com>
 2025-12-11 13:58:04 +01:00
Pedro Ruivo
2feb158554
ProtoStream marshaller for lambas 
Closes #44811

Signed-off-by: Pedro Ruivo <1492066+pruivo@users.noreply.github.com>
Co-authored-by: Pedro Ruivo <1492066+pruivo@users.noreply.github.com>
 2025-12-11 12:47:27 +01:00
Stian Thorgersen
421abedaa4
Remove log4j 1.x from Arquillian testsuite (#44827) 
Closes #44555

Signed-off-by: stianst <stianst@gmail.com>
 2025-12-11 11:31:11 +00:00
Christian Ja
4e01d85772
Add configurable SMTP timeouts (#43594) 
* Add configurable SMTP timeouts

closes #35836 #14509

Signed-off-by: Christian Janker <christian.janker@gmx.at>

* Allow setting SMTP timeout in realm settings

Signed-off-by: Pedro Igor <pigor.craveiro@gmail.com>

---------

Signed-off-by: Christian Janker <christian.janker@gmx.at>
Signed-off-by: Pedro Igor <pigor.craveiro@gmail.com>
Co-authored-by: Pedro Igor <pigor.craveiro@gmail.com>
 2025-12-11 11:19:09 +00:00
Giuseppe Graziano
c0c4067bdd JWT Authorization Grant feature to preview 
Closes #44492

Signed-off-by: Giuseppe Graziano <g.graziano94@gmail.com>
 2025-12-11 10:37:30 +01:00
Stian Thorgersen
2f1628d1a9
Remove log4j 1.x from testsuite/model 
Closes #44554

Signed-off-by: stianst <stianst@gmail.com>
 2025-12-11 10:23:03 +01:00
Stian Thorgersen
058200062c
Disable TiDB testing in GitHub Actions 
Closes #44829

Signed-off-by: stianst <stianst@gmail.com>
 2025-12-11 10:20:28 +01:00
Stian Thorgersen
5653b37e8e
Apply Spotless to docs, distribution, and operator (#44826) 
Closes #44367

Signed-off-by: stianst <stianst@gmail.com>
 2025-12-11 08:50:54 +01:00
Stian Thorgersen
ed69f65a9c
Remove jpa-performance 
Closes #44812

Signed-off-by: stianst <stianst@gmail.com>
 2025-12-10 23:16:47 +00:00
Stan Silvert
2e66f5c56c
UI tests for workflows 2025-12-10 19:13:23 -03:00
Stian Thorgersen
7eb3b693b2
Remove log4j 1.x from testsuite/utils 
Closes #44557

Signed-off-by: stianst <stianst@gmail.com>
 2025-12-10 20:08:03 +00:00
Stian Thorgersen
d25a731ae5
Fix Chrome and Firefox in new test framework on GitHub Actions (#44804) 
Closes #44776

Signed-off-by: stianst <stianst@gmail.com>
 2025-12-10 12:22:47 -03:00
Stian Thorgersen
d9aa424d51
Remove log4j 1.x from util/embedded-ldap (#44806) 
Closes #44556

Signed-off-by: stianst <stianst@gmail.com>
 2025-12-10 16:02:55 +01:00
Alexander Schwartz
1231590a52
Avoid lookup of existing workflow instances when not needed 
Closes #44791

Signed-off-by: Alexander Schwartz <alexander.schwartz@ibm.com>
 2025-12-10 11:53:50 -03:00
PavlNekrasov
1d16429530 Handle RuntimeException thrown in SAMLParser.parse() 
Signed-off-by: PavlNekrasov <95914807+PavlNekrasov@users.noreply.github.com>
 2025-12-10 13:04:04 +01:00
Martin Bartoš
8def691053
[OTel] Provide general options for telemetry settings (#41705) 
* [OTel] Provide general options for telemetry settings

Closes #41263

Co-authored-by: Ryan Emerson <remerson@redhat.com>
Signed-off-by: Martin Bartoš <mabartos@redhat.com>

* Update docs/guides/observability/telemetry.adoc

Co-authored-by: Václav Muzikář <vaclav@muzikari.cz>
Signed-off-by: Martin Bartoš <mabartos@redhat.com>

* Provide release notes and deprecation note

Signed-off-by: Martin Bartoš <mabartos@redhat.com>

* Ignore link to the telemetry guide for now

Signed-off-by: Martin Bartoš <mabartos@redhat.com>

---------

Signed-off-by: Martin Bartoš <mabartos@redhat.com>
Co-authored-by: Ryan Emerson <remerson@redhat.com>
Co-authored-by: Václav Muzikář <vaclav@muzikari.cz>
 2025-12-10 12:03:46 +00:00
forkimenjeckayang
be22a4bd62
[OID4VCI] Fix OID4VC wallet interoperability issues (#44682) 
closes #44736


Signed-off-by: forkimenjeckayang <forkimenjeckayang@gmail.com>
 2025-12-10 12:08:01 +01:00
Marek Posolda
f641269ac1
CredentialRequest with credentialIdentifier does not work when creden… (#44794) 
closes #44793


Signed-off-by: mposolda <mposolda@gmail.com>
 2025-12-10 12:02:52 +01:00
Christian Glasmachers
921b10ee80
Login failure cache: Evict entries after the configured failure reset time 
Closes #44801

Signed-off-by: Alexander Schwartz <alexander.schwartz@ibm.com>
Signed-off-by: Alexander Schwartz <alexander.schwartz@gmx.net>
Signed-off-by: Pedro Ruivo <pruivo@redhat.com>
Co-authored-by: Christian Glasmachers <Christian.Glasmachers-extern@deutschebahn.com>
Co-authored-by: Alexander Schwartz <alexander.schwartz@ibm.com>
Co-authored-by: Alexander Schwartz <alexander.schwartz@gmx.net>
Co-authored-by: Pedro Ruivo <pruivo@users.noreply.github.com>
 2025-12-10 11:20:19 +01:00
Martin Kanis
ef011ea4d2
Fix compilation error in AbstractUserTest after merging #43620 (#44777) 
Signed-off-by: Martin Kanis <mkanis@redhat.com>
 2025-12-09 13:57:46 +01:00
Martin Kanis
5ee4cb5157
Fix for missing object representation in admin event log when deleting user, group, client (#43620) 
* Fix for missing object representation in admin event log when deleting user, group, client

Closes #33009

Signed-off-by: jwozniakowski <wozniakowski@netguardians.ch>

* Fix issues and add role representation when deleting a role

Closes #33009

Signed-off-by: Martin Kanis <mkanis@redhat.com>

---------

Signed-off-by: jwozniakowski <wozniakowski@netguardians.ch>
Signed-off-by: Martin Kanis <mkanis@redhat.com>
Co-authored-by: jwozniakowski <wozniakowski@netguardians.ch>
 2025-12-09 12:32:18 +01:00
rmartinc
c9686cc040 Documentation for JWT Authorization Grant 
Closes #44136

Signed-off-by: rmartinc <rmartinc@redhat.com>
 2025-12-09 12:13:21 +01:00
rmartinc
43c1a169e4 Manage service accounts when updating a client using registration 
Closes #44257

Signed-off-by: rmartinc <rmartinc@redhat.com>
 2025-12-09 12:11:11 +01:00
Pedro Igor
590538c99d
Wrong keycloak session when restarting workflows 
Closes #44756

Signed-off-by: Pedro Igor <pigor.craveiro@gmail.com>
 2025-12-09 10:17:28 +01:00
Weblate (bot)
96b92b1c70
Translations update from Hosted Weblate (#44652) 
* Updated translation for Turkish

Language: tr

Updated translation for Turkish

Language: tr

Updated translation for Turkish

Language: tr

Co-authored-by: Alpertunga <a_ertin@msn.com>
Co-authored-by: Arif EROL <arif.erol16@gmail.com>
Co-authored-by: Hosted Weblate <hosted@weblate.org>
Signed-off-by: Alpertunga <a_ertin@msn.com>
Signed-off-by: Arif EROL <arif.erol16@gmail.com>
Signed-off-by: Hosted Weblate <hosted@weblate.org>

* Updated translation for Romanian

Language: ro

Updated translation for Romanian

Language: ro

Translated using Weblate (Romanian)

Translation: Keycloak/Theme base/admin
Translate-URL: https://hosted.weblate.org/projects/keycloak/theme-baseadmin/ro/

Updated translation for Romanian

Language: ro

Co-authored-by: Hosted Weblate <hosted@weblate.org>
Co-authored-by: Liviu Roman <contact@liviuroman.com>
Signed-off-by: Hosted Weblate <hosted@weblate.org>
Signed-off-by: Liviu Roman <contact@liviuroman.com>

* Updated translation for French

Language: fr

Updated translation for French

Language: fr

Updated translation for French

Language: fr

Updated translation for French

Language: fr

Updated translation for French

Language: fr

Updated translation for French

Language: fr

Translated using Weblate (French)

Translation: Keycloak/Theme base/admin
Translate-URL: https://hosted.weblate.org/projects/keycloak/theme-baseadmin/fr/

Updated translation for French

Language: fr

Co-authored-by: Dodouce <marin.pau22@gmail.com>
Co-authored-by: Hosted Weblate <hosted@weblate.org>
Co-authored-by: Sylvain Pichon <service@spichon.fr>
Signed-off-by: Dodouce <marin.pau22@gmail.com>
Signed-off-by: Hosted Weblate <hosted@weblate.org>
Signed-off-by: Sylvain Pichon <service@spichon.fr>

* Updated translation for Chinese (Traditional Han script)

Language: zh_Hant

Co-authored-by: Hosted Weblate <hosted@weblate.org>
Co-authored-by: 秉虎 <s96016641@gmail.com>
Signed-off-by: Hosted Weblate <hosted@weblate.org>
Signed-off-by: 秉虎 <s96016641@gmail.com>

---------

Signed-off-by: Alpertunga <a_ertin@msn.com>
Signed-off-by: Arif EROL <arif.erol16@gmail.com>
Signed-off-by: Hosted Weblate <hosted@weblate.org>
Signed-off-by: Liviu Roman <contact@liviuroman.com>
Signed-off-by: Dodouce <marin.pau22@gmail.com>
Signed-off-by: Sylvain Pichon <service@spichon.fr>
Signed-off-by: 秉虎 <s96016641@gmail.com>
Co-authored-by: Alpertunga <a_ertin@msn.com>
Co-authored-by: Arif EROL <arif.erol16@gmail.com>
Co-authored-by: Liviu Roman <contact@liviuroman.com>
Co-authored-by: Dodouce <marin.pau22@gmail.com>
Co-authored-by: Sylvain Pichon <service@spichon.fr>
Co-authored-by: 秉虎 <s96016641@gmail.com>
 2025-12-09 10:15:44 +01:00
Stefan Guilhen
21eeb95fbc Rename workflow event USER_LOGGED_IN to USER_AUTHENTICATED 
Closes #44717

Signed-off-by: Stefan Guilhen <sguilhen@redhat.com>
 2025-12-08 19:00:25 -03:00
Ricardo Martin
93812a6e14
Enable unit tests for keycloak-admin-client 
Closes #44268

Signed-off-by: rmartinc <rmartinc@redhat.com>
 2025-12-08 18:14:13 +01:00
Pedro Igor
89a8cddfd6
Make sure group permissions on view scope are not processed when querying users 
Closes #44329

Signed-off-by: Pedro Igor <pigor.craveiro@gmail.com>
Co-authored-by: vramik <vramik@redhat.com>
 2025-12-08 14:39:40 +01:00
vramik
5dbc91e028 Deprecate Fine-Grained Admin Permissions v1 
Closes #44121

Signed-off-by: vramik <vramik@redhat.com>
 2025-12-08 10:26:27 -03:00
Stefan Guilhen
fe3507b251 Promote workflows to supported state 
Closes #43492

Signed-off-by: Stefan Guilhen <sguilhen@redhat.com>
 2025-12-08 10:06:40 -03:00
Stefan Guilhen
484980dbbe Add API method to allow activating a workflow for all eligible resources 
Closes #44643

Signed-off-by: Stefan Guilhen <sguilhen@redhat.com>
 2025-12-08 09:45:45 -03:00
Alexander Schwartz
2f81a2fb76
Updating and ordering the release notes 
Closes #44706

Signed-off-by: Alexander Schwartz <alexander.schwartz@ibm.com>
 2025-12-08 10:55:33 +01:00
mposolda
3e001a378f Credential offer endpoint has parameter user_id, but expects username 
closes #44642

Signed-off-by: mposolda <mposolda@gmail.com>
 2025-12-08 10:42:35 +01:00
alyneldc
56b08c02ed
Add documentation warning about 0.0.0.0 binding in dev mode (#43522) 
Inform users that Keycloak binds to all network addresses (0.0.0.0) by default in development mode. Add warning in Getting Started guide and configuration documentation, and enhance HttpOptions description.

Closes #43522

Signed-off-by: Lopes De Carvalho Alyne <alynelopes298@gmail.com>
 2025-12-07 14:45:34 +00:00
Tim Hallmann
b90e95d878
fix(theme): close form tag in link-idp-action.ftl 
Closes #44725

Signed-off-by: Tim Hallmann <t.hallmann@fz-juelich.de>
 2025-12-06 20:54:47 +00:00
Marek Posolda
11210743f7
Arquillian tests fails when running from Intellij Idea 
closes #44713

Signed-off-by: mposolda <mposolda@gmail.com>
 2025-12-06 21:44:11 +01:00
Pedro Igor
985777ebcc
Improvements to the notify step 
Closes #44708

Signed-off-by: Pedro Igor <pigor.craveiro@gmail.com>
 2025-12-05 18:58:03 +01:00
Pascal Knüppel
46e5979b17
[OID4VCI] Handle key_attestation_required in metadata endpoint (#44471) 
fixes #43801


Signed-off-by: Pascal Knüppel <pascal.knueppel@governikus.de>
Signed-off-by: Pascal Knüppel <captain.p.goldfish@gmx.de>
Signed-off-by: Captain-P-Goldfish <captain.p.goldfish@gmx.de>
Co-authored-by: Ingrid Kamga <xingridkamga@gmail.com>
 2025-12-05 16:00:32 +01:00
Giuseppe Graziano
b39231fab8 Fix alias edit in JWT Authorization Grant idp 
Closes #44702

Signed-off-by: Giuseppe Graziano <g.graziano94@gmail.com>
 2025-12-05 15:33:36 +01:00
Stefan Guilhen
b14d00e08f Improve workflow concurrency settings 
- allow restarting based on events
 - allow cancelling based on events

Closes #44645

Signed-off-by: Stefan Guilhen <sguilhen@redhat.com>
 2025-12-05 11:28:18 -03:00
Sebastian Schuster
b5178a2bec
Added section on recommended isolation level to db guides 
Closes #44611

Signed-off-by: Sebastian Schuster <sebastian.schuster@bosch.com>
Signed-off-by: Alexander Schwartz <alexander.schwartz@ibm.com>
Co-authored-by: Alexander Schwartz <alexander.schwartz@ibm.com>
 2025-12-05 14:48:31 +01:00
Martin Bartoš
52bf0face3
ModelTests are broken after consolidating config logic 
Closes #44700

Signed-off-by: Martin Bartoš <mabartos@redhat.com>
 2025-12-05 11:27:18 +00:00
Steve Hawkins
25186278fc fix: consolidating config logic 
closes: #42000

Signed-off-by: Steve Hawkins <shawkins@redhat.com>
 2025-12-04 14:25:56 -03:00
forkimenjeckayang
3099cc2294
[OID4VCI]: Add UI for OID4VCI Protocol Mapper Configuration (#44390) 
Closes: #43901


Signed-off-by: forkimenjeckayang <forkimenjeckayang@gmail.com>
 2025-12-04 14:18:37 +01:00
Ricardo Martin
44cf6d6808
Move link changed for developer.mozilla.org 
Closes #44661

Signed-off-by: rmartinc <rmartinc@redhat.com>
 2025-12-04 10:21:52 +01:00
forkimenjeckayang
4dd68c0316
[OID4VCI] Conformance Test Fixes (#44439) 
closes #44659


Signed-off-by: forkimenjeckayang <forkimenjeckayang@gmail.com>
 2025-12-04 09:03:38 +01:00
Robin Meese
25cbc45002
Add Romanian to account, admin, email, login properties 
Closes: #44543

Signed-off-by: Robin Meese <39960884+robson90@users.noreply.github.com>
 2025-12-04 08:50:10 +01:00
dependabot[bot]
91f425e74f Bump vite from 7.1.10 to 7.1.11 in /js 
Bumps [vite](https://github.com/vitejs/vite/tree/HEAD/packages/vite) from 7.1.10 to 7.1.11.
- [Release notes](https://github.com/vitejs/vite/releases)
- [Changelog](https://github.com/vitejs/vite/blob/main/packages/vite/CHANGELOG.md)
- [Commits](https://github.com/vitejs/vite/commits/v7.1.11/packages/vite)

---
updated-dependencies:
- dependency-name: vite
  dependency-version: 7.1.11
  dependency-type: direct:development
...

Signed-off-by: dependabot[bot] <support@github.com>
 2025-12-03 13:56:34 -03:00
Martin Bartoš
bf969b7e9d
[admin-api-v2] Remove GlassFish Expressly dependency for Hibernate Validator (#44628) 
Closes #43569

Signed-off-by: Martin Bartoš <mabartos@redhat.com>
 2025-12-03 14:18:17 +00:00
Stefan Guilhen
65ab7f541d Add API method that fetches the scheduled workflow steps for a resource 
Closes #43660

Signed-off-by: Stefan Guilhen <sguilhen@redhat.com>
 2025-12-03 11:09:55 -03:00
Weblate (bot)
6fa890fd87
Translations update from Hosted Weblate (#44561) 
* Updated translation for Turkish

Language: tr

Updated translation for Turkish

Language: tr

Updated translation for Turkish

Language: tr

Co-authored-by: Alpertunga <a_ertin@msn.com>
Co-authored-by: Arif EROL <arif.erol16@gmail.com>
Co-authored-by: Hosted Weblate <hosted@weblate.org>
Signed-off-by: Alpertunga <a_ertin@msn.com>
Signed-off-by: Arif EROL <arif.erol16@gmail.com>
Signed-off-by: Hosted Weblate <hosted@weblate.org>

* Updated translation for Portuguese (Brazil)

Language: pt_BR

Updated translation for Portuguese (Brazil)

Language: pt_BR

Co-authored-by: Felipe Zorzo <felipe.b.zorzo@gmail.com>
Co-authored-by: Hosted Weblate <hosted@weblate.org>
Signed-off-by: Felipe Zorzo <felipe.b.zorzo@gmail.com>
Signed-off-by: Hosted Weblate <hosted@weblate.org>

* Updated translation for German

Language: de

Updated translation for German

Language: de

Co-authored-by: Hosted Weblate <hosted@weblate.org>
Co-authored-by: Robin <39960884+robson90@users.noreply.github.com>
Co-authored-by: Till Reymann <till.reymann@gmail.com>
Signed-off-by: Hosted Weblate <hosted@weblate.org>
Signed-off-by: Robin <39960884+robson90@users.noreply.github.com>
Signed-off-by: Till Reymann <till.reymann@gmail.com>

* Updated translation for Russian

Language: ru

Co-authored-by: Eugene Pasternak <pasternake@gmail.com>
Co-authored-by: Hosted Weblate <hosted@weblate.org>
Signed-off-by: Eugene Pasternak <pasternake@gmail.com>
Signed-off-by: Hosted Weblate <hosted@weblate.org>

* Updated translation for Romanian

Language: ro

Updated translation for Romanian

Language: ro

Updated translation for Romanian

Language: ro

Translated using Weblate (Romanian)

Translation: Keycloak/Theme base/admin
Translate-URL: https://hosted.weblate.org/projects/keycloak/theme-baseadmin/ro/

Updated translation for Romanian

Language: ro

Updated translation for Romanian

Language: ro

Updated translation for Romanian

Language: ro

Updated translation for Romanian

Language: ro

Co-authored-by: Hosted Weblate <hosted@weblate.org>
Co-authored-by: Liviu Roman <contact@liviuroman.com>
Signed-off-by: Hosted Weblate <hosted@weblate.org>
Signed-off-by: Liviu Roman <contact@liviuroman.com>

* Updated translation for Catalan

Language: ca

Updated translation for Catalan

Language: ca

Updated translation for Catalan

Language: ca

Updated translation for Catalan

Language: ca

Co-authored-by: Hosted Weblate <hosted@weblate.org>
Co-authored-by: Jordi Mallach <jordi@mallach.net>
Signed-off-by: Hosted Weblate <hosted@weblate.org>
Signed-off-by: Jordi Mallach <jordi@mallach.net>

* Updated translation for French

Language: fr

Updated translation for French

Language: fr

Updated translation for French

Language: fr

Co-authored-by: Hosted Weblate <hosted@weblate.org>
Co-authored-by: Sylvain Pichon <service@spichon.fr>
Signed-off-by: Hosted Weblate <hosted@weblate.org>
Signed-off-by: Sylvain Pichon <service@spichon.fr>

* Updated translation for Chinese (Traditional Han script)

Language: zh_Hant

Updated translation for Chinese (Traditional Han script)

Language: zh_Hant

Updated translation for Chinese (Traditional Han script)

Language: zh_Hant

Co-authored-by: Hosted Weblate <hosted@weblate.org>
Co-authored-by: 秉虎 <s96016641@gmail.com>
Signed-off-by: Hosted Weblate <hosted@weblate.org>
Signed-off-by: 秉虎 <s96016641@gmail.com>

* Updated translation for Chinese (Simplified Han script)

Language: zh_Hans

Updated translation for Chinese (Simplified Han script)

Language: zh_Hans

Translated using Weblate (Chinese (Simplified Han script))

Translation: Keycloak/Theme base/admin
Translate-URL: https://hosted.weblate.org/projects/keycloak/theme-baseadmin/zh_Hans/

Co-authored-by: Hosted Weblate <hosted@weblate.org>
Co-authored-by: Nagi <nagi@mptree.com>
Signed-off-by: Hosted Weblate <hosted@weblate.org>
Signed-off-by: Nagi <nagi@mptree.com>

---------

Signed-off-by: Alpertunga <a_ertin@msn.com>
Signed-off-by: Arif EROL <arif.erol16@gmail.com>
Signed-off-by: Hosted Weblate <hosted@weblate.org>
Signed-off-by: Felipe Zorzo <felipe.b.zorzo@gmail.com>
Signed-off-by: Robin <39960884+robson90@users.noreply.github.com>
Signed-off-by: Till Reymann <till.reymann@gmail.com>
Signed-off-by: Eugene Pasternak <pasternake@gmail.com>
Signed-off-by: Liviu Roman <contact@liviuroman.com>
Signed-off-by: Jordi Mallach <jordi@mallach.net>
Signed-off-by: Sylvain Pichon <service@spichon.fr>
Signed-off-by: 秉虎 <s96016641@gmail.com>
Signed-off-by: Nagi <nagi@mptree.com>
Co-authored-by: Alpertunga <a_ertin@msn.com>
Co-authored-by: Arif EROL <arif.erol16@gmail.com>
Co-authored-by: Felipe Zorzo <felipe.b.zorzo@gmail.com>
Co-authored-by: Robin <39960884+robson90@users.noreply.github.com>
Co-authored-by: Till Reymann <till.reymann@gmail.com>
Co-authored-by: Eugene Pasternak <pasternake@gmail.com>
Co-authored-by: Liviu Roman <contact@liviuroman.com>
Co-authored-by: Jordi Mallach <jordi@mallach.net>
Co-authored-by: Sylvain Pichon <service@spichon.fr>
Co-authored-by: 秉虎 <s96016641@gmail.com>
Co-authored-by: Nagi <nagi@mptree.com>
 2025-12-03 14:09:50 +01:00
Giuseppe Graziano
50179d165c Fix compilation failure in JWTAuthorizationGrantJWTClaimsClientPoliciesTest 
Closes #44626

Signed-off-by: Giuseppe Graziano <g.graziano94@gmail.com>
 2025-12-03 08:16:35 -03:00
Ricardo Martin
f91363d12d
Improve Public Key Management for JWTAuthorizationGrant identity provider 
Closes #44243

Signed-off-by: rmartinc <rmartinc@redhat.com>
 2025-12-03 11:45:34 +01:00
mposolda
9c6a6276e4 Polishing of sd-jwt SDK builder related methods 
closes #44532

Signed-off-by: mposolda <mposolda@gmail.com>
 2025-12-03 11:09:08 +01:00
Martin Bartoš
5828fab258
[admin-api-v2] Incorrect DTO/DAO mapping (#44587) 
* [admin-api-v2] Incorrect DTO/DAO mapping

Closes #44586

Signed-off-by: Martin Bartoš <mabartos@redhat.com>

* Handle roles and service account operations, cleanup service contract

Signed-off-by: Martin Bartoš <mabartos@redhat.com>

---------

Signed-off-by: Martin Bartoš <mabartos@redhat.com>
 2025-12-03 09:41:18 +01:00
rmartinc
ae7e7ba084 New Identity Provider condition for client policies 
Closes #44442

Signed-off-by: rmartinc <rmartinc@redhat.com>
 2025-12-03 08:50:31 +01:00
Robin Meese
a9c1bcc9bd
Add zh_Hans translators to docs/translation.md (#44610) 
Signed-off-by: Robin Meese <39960884+robson90@users.noreply.github.com>

Closes #44609
 2025-12-02 20:50:22 +01:00
Martin Bartoš
265c27e08d
[admin-api-v2] Create client does not return 201 status code (#44541) 
Closes #44540

Signed-off-by: Martin Bartoš <mabartos@redhat.com>
 2025-12-02 10:39:03 +01:00
Keshav Deshpande
cab11cf811
Default values for request obj (#44177) 
* Default values for request obj

Closes #43034

Signed-off-by: Keshav Deshpande <keshavprashantdeshpande@gmail.com>

* Format the lint

Closes #43034

Signed-off-by: Keshav Deshpande <keshavprashantdeshpande@gmail.com>

* Remove attribute conversion

Closes #43034

Signed-off-by: Keshav Deshpande <keshavprashantdeshpande@gmail.com>

* Remove added newline

Closes #43034

Signed-off-by: Keshav Deshpande <keshavprashantdeshpande@gmail.com>

---------

Signed-off-by: Keshav Deshpande <keshavprashantdeshpande@gmail.com>
 2025-12-01 16:08:46 -05:00
Stefan Guilhen
a2562caa11 Cache expression EvaluatorContext in the workflow component model's notes 
Closes #42961

Signed-off-by: Stefan Guilhen <sguilhen@redhat.com>
 2025-12-01 14:29:08 -03:00
forkimenjeckayang
5ae0e0a645
[OID4VCI] Add Essential OID4VCI Client Scope Configuration Fields to Admin UI (#44389) 
Closes: #43902


Signed-off-by: forkimenjeckayang <forkimenjeckayang@gmail.com>
 2025-12-01 15:45:34 +01:00
Martin Bartoš
9a6a7d98b1
[admin-api-v2] Cloud Native team as a code owner for Client API v2 (#44576) 
Signed-off-by: Martin Bartoš <mabartos@redhat.com>
 2025-12-01 15:24:21 +01:00
Pascal Knüppel
9b870d3d8a
Fix ClassCastException on mixing AddressMapper with ClaimsMapper (#44457) 
closes #44455


Signed-off-by: Pascal Knüppel <pascal.knueppel@governikus.de>
Signed-off-by: Captain-P-Goldfish <captain.p.goldfish@gmx.de>
 2025-12-01 14:55:44 +01:00
Stefan Guilhen
cd350082f7 Ensure workflow is only restarted on events that match the activation condition 
Closes #44399

Signed-off-by: Stefan Guilhen <sguilhen@redhat.com>
 2025-12-01 10:53:59 -03:00
Stefan Guilhen
6653b72f88 Ensure delete step is triggering UserRemovedEvent 
Closes #44398

Signed-off-by: Stefan Guilhen <sguilhen@redhat.com>
 2025-12-01 10:52:40 -03:00
Stefan Guilhen
be714d935d Ensure GroupMemberLeaveEvent has a reference to the user leaving the group 
Closes #44400

Signed-off-by: Stefan Guilhen <sguilhen@redhat.com>
 2025-12-01 10:46:43 -03:00
Stefan Guilhen
3e312d91d8 Ensure null values are not serialized when fetching workflows in YAML format 
Closes #44396

Signed-off-by: Stefan Guilhen <sguilhen@redhat.com>
 2025-12-01 10:45:35 -03:00
Pedro Igor
3ec0dd24fe
Avoid multiple calls to LDAP when querying group memberships 
Closes #44558

Signed-off-by: Pedro Igor <pigor.craveiro@gmail.com>
 2025-12-01 14:01:58 +01:00
PavlNekrasov
a92221ba38
Fix NPE when importing SAML EntityDescriptor without SPSSODescriptor (#44431) 
closes #44430


Signed-off-by: PavlNekrasov <95914807+PavlNekrasov@users.noreply.github.com>
 2025-12-01 12:45:35 +01:00
Giuseppe Graziano
2b4855ff97
Executor for checking claims in JWT assertions (#44537) 
Closes #4443


Signed-off-by: Giuseppe Graziano <g.graziano94@gmail.com>
 2025-12-01 11:07:42 +01:00
Pedro Igor
9abe18e86e
Manual sync not executed because of the last sync time 
Closes #44552

Signed-off-by: Pedro Igor <pigor.craveiro@gmail.com>
 2025-11-28 19:45:17 +01:00
Pedro Ruivo
b35dd72392
User session deleted events for invalid sessions 
Closes #44513

Signed-off-by: Pedro Ruivo <1492066+pruivo@users.noreply.github.com>
Co-authored-by: Pedro Ruivo <1492066+pruivo@users.noreply.github.com>
 2025-11-28 15:43:59 +00:00
Sebastian Łaskawiec
aa789dd023 Logout confirmation 
Signed-off-by: Sebastian Łaskawiec <sebastian.laskawiec@gmail.com>
 2025-11-28 14:24:32 +01:00
stianst
f6676ccd76 Migrate i18n package to new testsuite 
Closes #44520

Signed-off-by: stianst <stianst@gmail.com>
 2025-11-28 08:56:11 -03:00
Hisanobu Okuda
efa881d016
Add MariaDB to MySQL description and specify SQL to support UTF-8 
Closes #44548

Signed-off-by: Hisanobu Okuda <hisanobu.okuda@gmail.com>
Signed-off-by: Alexander Schwartz <alexander.schwartz@ibm.com>
Co-authored-by: Alexander Schwartz <alexander.schwartz@ibm.com>
 2025-11-28 11:03:11 +01:00
Weblate (bot)
b6309afd66
Translations update from Hosted Weblate (#44483) 
* Updated translation for Turkish

Language: tr

Updated translation for Turkish

Language: tr

Updated translation for Turkish

Language: tr

Co-authored-by: Alpertunga <a_ertin@msn.com>
Co-authored-by: Arif EROL <arif.erol16@gmail.com>
Co-authored-by: Hosted Weblate <hosted@weblate.org>
Signed-off-by: Alpertunga <a_ertin@msn.com>
Signed-off-by: Arif EROL <arif.erol16@gmail.com>
Signed-off-by: Hosted Weblate <hosted@weblate.org>

* Updated translation for Czech

Language: cs

Updated translation for Czech

Language: cs

Co-authored-by: Hosted Weblate <hosted@weblate.org>
Co-authored-by: Peter Schiffer <peter@pschiffer.eu>
Signed-off-by: Hosted Weblate <hosted@weblate.org>
Signed-off-by: Peter Schiffer <peter@pschiffer.eu>

* Updated translation for Dutch

Language: nl

Updated translation for Dutch

Language: nl

Updated translation for Dutch

Language: nl

Updated translation for Dutch

Language: nl

Updated translation for Dutch

Language: nl

Updated translation for Dutch

Language: nl

Co-authored-by: Hosted Weblate <hosted@weblate.org>
Co-authored-by: henkjan <henkjan@agteresch.nl>
Signed-off-by: Hosted Weblate <hosted@weblate.org>
Signed-off-by: henkjan <henkjan@agteresch.nl>

* Updated translation for Chinese (Traditional Han script)

Language: zh_Hant

Updated translation for Chinese (Traditional Han script)

Language: zh_Hant

Updated translation for Chinese (Traditional Han script)

Language: zh_Hant

Co-authored-by: Hosted Weblate <hosted@weblate.org>
Co-authored-by: 秉虎 <s96016641@gmail.com>
Signed-off-by: Hosted Weblate <hosted@weblate.org>
Signed-off-by: 秉虎 <s96016641@gmail.com>

---------

Signed-off-by: Alpertunga <a_ertin@msn.com>
Signed-off-by: Arif EROL <arif.erol16@gmail.com>
Signed-off-by: Hosted Weblate <hosted@weblate.org>
Signed-off-by: Peter Schiffer <peter@pschiffer.eu>
Signed-off-by: henkjan <henkjan@agteresch.nl>
Signed-off-by: 秉虎 <s96016641@gmail.com>
Co-authored-by: Alpertunga <a_ertin@msn.com>
Co-authored-by: Arif EROL <arif.erol16@gmail.com>
Co-authored-by: Peter Schiffer <peter@pschiffer.eu>
Co-authored-by: henkjan <henkjan@agteresch.nl>
Co-authored-by: 秉虎 <s96016641@gmail.com>
 2025-11-28 10:51:51 +01:00
Marek Posolda
38768819e1
Make sure that signature validation possible to configure for OIDC id… (#44516) 
closes #44473


Signed-off-by: mposolda <mposolda@gmail.com>
Signed-off-by: Marek Posolda <mposolda@gmail.com>
Co-authored-by: Ricardo Martin <rmartinc@redhat.com>
 2025-11-28 08:51:20 +01:00
Martin Bartoš
427d0f181f
Be more explicit when executing individual tests for Admin UI tests (#44499) 
Signed-off-by: Martin Bartoš <mabartos@redhat.com>
 2025-11-28 08:12:37 +01:00
Pedro Ruivo
3ed15e740a
Add new option to schedule user session expiration 
Closes #44068

Signed-off-by: Pedro Ruivo <1492066+pruivo@users.noreply.github.com>
Signed-off-by: Alexander Schwartz <alexander.schwartz@ibm.com>
Signed-off-by: Ryan Emerson <remerson@ibm.com>
Co-authored-by: Pedro Ruivo <1492066+pruivo@users.noreply.github.com>
Co-authored-by: Alexander Schwartz <alexander.schwartz@ibm.com>
Co-authored-by: Ryan Emerson <remerson@ibm.com>
 2025-11-27 23:01:32 +01:00
Thomas Diesler
54bf9206b2
[OID4VCI] Credential Offer must be created by Issuer not Holder (#44255) 
closes #44116


Signed-off-by: Thomas Diesler <tdiesler@ibm.com>
 2025-11-27 16:07:10 +01:00
mposolda
bf23259c0f Removing SdJwtFacade 
closes #44525

Signed-off-by: mposolda <mposolda@gmail.com>
 2025-11-27 14:19:27 +01:00
Steven Hawkins
f7a0bb7cbd
fix: rationalizing cli using hidden options vs hard errors (#43945) 
closes: #43940

Signed-off-by: Steve Hawkins <shawkins@redhat.com>
 2025-11-27 11:43:08 +01:00
Alexander Schwartz
39d1fa2825
Escape passkeys descriptions and labels depending on the context 
Closes #44387

Signed-off-by: Alexander Schwartz <alexander.schwartz@ibm.com>
 2025-11-27 11:16:21 +01:00
Alexander Schwartz
f3cd38219a
Use central method to create a DocumentBuilder for SAML 
Closes #44486

Signed-off-by: Alexander Schwartz <alexander.schwartz@ibm.com>
 2025-11-27 11:11:49 +01:00
Alexis Rico
b0b38176f0
Manage Organization Invites 
Closes #38809

Signed-off-by: Alexis Rico <sferadev@gmail.com>
Signed-off-by: Pedro Igor <pigor.craveiro@gmail.com>
Co-authored-by: Pedro Igor <pigor.craveiro@gmail.com>
 2025-11-27 10:28:52 +01:00
resah
0b3d928ae2
fix: handle localized date formatting in message format 
Closes #44377

Signed-off-by: Theresa Henze <theresa.henze@bare.id>
 2025-11-27 10:05:49 +01:00
Pedro Igor
96aea99d6c
Make sure LDAP sync runs in a single cluster node and respecting the configured period 
Closes #43752

Signed-off-by: Pedro Igor <pigor.craveiro@gmail.com>
Signed-off-by: Alexander Schwartz <alexander.schwartz@ibm.com>
Co-authored-by: Alexander Schwartz <alexander.schwartz@ibm.com>
 2025-11-27 08:08:20 +01:00
vramik
7167262909 Add PK creation for databasechangelog in MySQL to keycloak-database-update.sql when manual migration is used. 
Closes #44349

Signed-off-by: vramik <vramik@redhat.com>
 2025-11-26 17:06:36 -03:00
Stian Thorgersen
33b6065c2a
Introduces a ManagedWebDriver to provide a single entry point for utilities around WebDriver 
This will make it easier to discover various utilities without having to find static methods in various classes; and will also provides us with a wrapper around Selenium where we can add any tweaks needed. It is also now possible to construct a page instance without injection using `page().createPage(MyPage.class)`

Closes #44464

Signed-off-by: stianst <stianst@gmail.com>
 2025-11-26 15:20:23 +01:00
mposolda
cbb823bc0e Make sd-jwt key binding verification work with EdDSA keys 
closes #44369

Signed-off-by: mposolda <mposolda@gmail.com>
 2025-11-26 14:44:29 +01:00
rmartinc
d0e4d1f620 Better events for jwt-bearer and check all details in the tests 
CLoses #44137

Signed-off-by: rmartinc <rmartinc@redhat.com>
 2025-11-26 12:09:51 +01:00
Alexander Schwartz
2210b1ed50
Avoid un-escaped strings in the login templates for HTML entities 
Closes #44296

Signed-off-by: Alexander Schwartz <alexander.schwartz@ibm.com>
 2025-11-26 07:55:35 -03:00
Stian Thorgersen
a8d4336da6
Migrate transactions package to new testsuite 
Closes #44460

Signed-off-by: stianst <stianst@gmail.com>
 2025-11-26 10:57:19 +01:00
Alexander Schwartz
37f2488441
When joining a group, don't rely on cached values if user has already been updated 
Closes #44480

Signed-off-by: Alexander Schwartz <alexander.schwartz@ibm.com>
 2025-11-26 10:52:14 +01:00
Stian Thorgersen
2acfd41b19
Stop looking up client in ClientAssertionState to prevent lookup by clientId in federated client authentication (#44448) 
Closes #44447

Signed-off-by: stianst <stianst@gmail.com>
 2025-11-26 06:31:05 +01:00
ruchikajha95
570ac40025
Promote MDC Logging Feature to Supported State 
Closes #41205

Signed-off-by: Ruchika Jha <ruchika@li-0551ffcc-341d-11b2-a85c-a28deda416be.ibm.com>
Signed-off-by: Alexander Schwartz <alexander.schwartz@ibm.com>
Co-authored-by: Ruchika Jha <ruchika@li-0551ffcc-341d-11b2-a85c-a28deda416be.ibm.com>
Co-authored-by: Alexander Schwartz <alexander.schwartz@ibm.com>
 2025-11-25 18:53:34 +00:00
Weblate (bot)
8a9e585899
Update translation files (#44444) 
Updated by "Cleanup translation files" hook in Weblate.

Signed-off-by: Hosted Weblate <hosted@weblate.org>
 2025-11-25 18:24:41 +01:00
Giuseppe Graziano
b323fea8bc Always allow to setup JWKS URL in oidc idp 
Closes #44217

Signed-off-by: Giuseppe Graziano <g.graziano94@gmail.com>
 2025-11-25 17:09:13 +01:00
dawg
d5a507e90d
fix #43819 - partial import fails to overwrite existing groups (#43924) 
* fix #43819 - partial import fails to overwrite existing groups

- when removal is delayed until insertion of the newly imported group
  this causes a duplicate key constrain violation (`Key (realm_id, parent_group, name)`)
- fixed by flushing group removals

Signed-off-by: Martin Nowak <code@dawg.eu>

* adding a test and using a general fix

Signed-off-by: Steve Hawkins <shawkins@redhat.com>
# Conflicts:
#	services/src/main/java/org/keycloak/partialimport/PartialImportManager.java

---------

Signed-off-by: Martin Nowak <code@dawg.eu>
Signed-off-by: Steve Hawkins <shawkins@redhat.com>
Co-authored-by: Steve Hawkins <shawkins@redhat.com>
 2025-11-25 16:17:51 +01:00
Martin Söderström
b57c0d2f88
Fix race condition in SAML DocumentBuilderFactory creation 
Closes #44438

Signed-off-by: martins <martin.soderstrom@aurorainnovation.com>
Signed-off-by: Alexander Schwartz <alexander.schwartz@ibm.com>
Co-authored-by: Alexander Schwartz <alexander.schwartz@ibm.com>
 2025-11-25 13:01:42 +00:00
Ryan Emerson
c5427b3e5f
Add debug logging to keycloak_ec2_installer ansible-playbook 
Closes #44327

Signed-off-by: Ryan Emerson <remerson@ibm.com>
 2025-11-25 13:09:14 +01:00
Stian Thorgersen
63c7cc7381
Delete MetricsRestServiceTest 
Closes #44451

Signed-off-by: stianst <stianst@gmail.com>
 2025-11-25 12:21:29 +01:00
Thomas Diesler
39264edf3f [OID4VCI] Fix deprecated realm-scoped well-known endpoint access 
Signed-off-by: Thomas Diesler <tdiesler@ibm.com>
 2025-11-25 12:19:17 +01:00
Ryan Emerson
ebd4a6936a
Utilise community wording in downstream high-availability guides 
Closes #4428

Signed-off-by: Ryan Emerson <remerson@ibm.com>
Signed-off-by: Alexander Schwartz <alexander.schwartz@gmx.net>
Co-authored-by: Alexander Schwartz <alexander.schwartz@gmx.net>
 2025-11-25 09:10:21 +00:00
rmartinc
5ab371f1ff Use PrivateKey directly when decrypting SAML 
Closes #44289

Signed-off-by: rmartinc <rmartinc@redhat.com>
 2025-11-25 09:11:05 +01:00
Weblate (bot)
74033d3108
Translations update from Hosted Weblate (#44372) 
* Updated translation for Turkish

Language: tr

Update translation files

Updated by "Cleanup translation files" hook in Weblate.

Co-authored-by: Arif EROL <arif.erol16@gmail.com>
Co-authored-by: Hosted Weblate <hosted@weblate.org>
Signed-off-by: Arif EROL <arif.erol16@gmail.com>
Signed-off-by: Hosted Weblate <hosted@weblate.org>

* Update translation files

Updated by "Cleanup translation files" hook in Weblate.

Updated translation for German

Language: de

Updated translation for German

Language: de

Updated translation for German

Language: de

Updated translation for German

Language: de

Updated translation for German

Language: de

Updated translation for German

Language: de

Updated translation for German

Language: de

Co-authored-by: Alexander Schwartz <alexander.schwartz@gmx.net>
Co-authored-by: Hosted Weblate <hosted@weblate.org>
Co-authored-by: Till Reymann <till.reymann@gmail.com>
Signed-off-by: Alexander Schwartz <alexander.schwartz@gmx.net>
Signed-off-by: Hosted Weblate <hosted@weblate.org>
Signed-off-by: Till Reymann <till.reymann@gmail.com>

* Update translation files

Updated by "Cleanup translation files" hook in Weblate.

Co-authored-by: Hosted Weblate <hosted@weblate.org>
Signed-off-by: Hosted Weblate <hosted@weblate.org>

* Update translation files

Updated by "Cleanup translation files" hook in Weblate.

Co-authored-by: Hosted Weblate <hosted@weblate.org>
Signed-off-by: Hosted Weblate <hosted@weblate.org>

* Updated translation for Chinese (Traditional Han script)

Language: zh_Hant

Update translation files

Updated by "Cleanup translation files" hook in Weblate.

Updated translation for Chinese (Traditional Han script)

Language: zh_Hant

Co-authored-by: Hosted Weblate <hosted@weblate.org>
Co-authored-by: 秉虎 <s96016641@gmail.com>
Signed-off-by: Hosted Weblate <hosted@weblate.org>
Signed-off-by: 秉虎 <s96016641@gmail.com>

---------

Signed-off-by: Arif EROL <arif.erol16@gmail.com>
Signed-off-by: Hosted Weblate <hosted@weblate.org>
Signed-off-by: Alexander Schwartz <alexander.schwartz@gmx.net>
Signed-off-by: Till Reymann <till.reymann@gmail.com>
Signed-off-by: 秉虎 <s96016641@gmail.com>
Co-authored-by: Arif EROL <arif.erol16@gmail.com>
Co-authored-by: Alexander Schwartz <alexander.schwartz@gmx.net>
Co-authored-by: Till Reymann <till.reymann@gmail.com>
Co-authored-by: 秉虎 <s96016641@gmail.com>
 2025-11-24 21:31:50 +00:00
Nagi
1d0806e688
Reorder translation keys for zh_Hans 
Reorder the translation keys in zh_Hans messages to keep the key order align
with en messages.

Closes #44440

Signed-off-by: Nagi <nagi@mptree.com>
 2025-11-24 21:10:29 +01:00
Pedro Ruivo
f7ee930a27
Remove remote call when handling events) 
Closes #44048

Signed-off-by: Pedro Ruivo <1492066+pruivo@users.noreply.github.com>
Signed-off-by: Alexander Schwartz <alexander.schwartz@ibm.com>
Co-authored-by: Pedro Ruivo <1492066+pruivo@users.noreply.github.com>
Co-authored-by: Alexander Schwartz <alexander.schwartz@ibm.com>
 2025-11-24 18:45:00 +00:00
rmartinc
ca205272ba Initial integration of the JWT Authorization Grant in client Policies 
Using the downscope executor for testing
Closes #44201

Signed-off-by: rmartinc <rmartinc@redhat.com>
 2025-11-24 19:37:07 +01:00
Stan Silvert
fc67e54fde Fix NPE 
Fixes #44278

Signed-off-by: Stan Silvert <ssilvert@redhat.com>
 2025-11-24 16:36:05 +01:00
vramik
0825f22331 Add toPredicate implementation for conditions 
Closes #42696

Signed-off-by: vramik <vramik@redhat.com>
 2025-11-24 08:56:36 -03:00
mposolda
49b694bf0a Compilation failure in OID4VCTimeNormalizationSdJwtTest 
closes #44419

Signed-off-by: mposolda <mposolda@gmail.com>
 2025-11-24 08:39:09 -03:00
Awambeng
8406cf34fb
[OID4VCI]: Realm-Configurable Time-Claim Normalization (Randomize/Round) to Mitigate Correlation (#43834) 
Closes #43399


Signed-off-by: Awambeng <awambengrodrick@gmail.com>
 2025-11-24 11:07:07 +01:00
Pascal Knüppel
64d5e1a3d5
[OID4VCI] Redesign SDJwt API and handle keybinding JWT (#44227) 
closes #42091


Signed-off-by: Pascal Knüppel <pascal.knueppel@governikus.de>
Signed-off-by: Captain-P-Goldfish <captain.p.goldfish@gmx.de>
Signed-off-by: mposolda <mposolda@gmail.com>
Co-authored-by: mposolda <mposolda@gmail.com>
 2025-11-24 11:01:19 +01:00
Sebastian Łaskawiec
081d8e5a01
Move Kubernetes IdP to preview 
Closes #42947

Signed-off-by: Sebastian Łaskawiec <sebastian.laskawiec@defenseunicorns.com>
Signed-off-by: Alexander Schwartz <alexander.schwartz@ibm.com>
Co-authored-by: Alexander Schwartz <alexander.schwartz@ibm.com>
 2025-11-22 12:56:09 +01:00
Stian Thorgersen
2a78bc67d7
Refactoring around federated client authenticator to better handling lookup of IdPs and clients. Also, introducing updates to documentation. (#44325) 
Closes #44253
Closes #42987
Closes #44063

Signed-off-by: stianst <stianst@gmail.com>
Co-authored-by: Alexander Schwartz <alexander.schwartz@gmx.net>
 2025-11-22 12:53:22 +01:00
vramik
091b57c1e4 Flaky test: org.keycloak.testsuite.account.AccountRestServiceTest#listApplicationsWithoutPermission 
Closes #43755

Signed-off-by: vramik <vramik@redhat.com>
 2025-11-21 15:05:41 -03:00
Steven Hawkins
3b491bc9bf
fix: removing the keycloak hidden option for disabling http server (#44388) 
closes: #43199

Signed-off-by: Steve Hawkins <shawkins@redhat.com>
 2025-11-21 17:37:52 +00:00
Peter Zaoral
4e5f9acac7
Add CI tests for Azure SQL Database 
Closes: #42986

Signed-off-by: Peter Zaoral <pzaoral@redhat.com>
 2025-11-21 14:42:28 +00:00
Stian Thorgersen
2c21d1b5c9
Schedule nightly runs to after nightly release (#44381) 
Signed-off-by: stianst <stianst@gmail.com>
 2025-11-21 13:26:16 +01:00
Alexander Schwartz
bb971dc6fc
Efficient row-count on PostgreSQL 
Closes #44057

Signed-off-by: Alexander Schwartz <alexander.schwartz@ibm.com>
 2025-11-21 12:28:09 +01:00
Alexander Rasmussen
99aad0741a
Fix logical error in Danish email verification message 
Added missing 'ikke' (not) to correctly instruct users to ignore
  the email if they did NOT create the account.

Fixes #44342

Signed-off-by: Alexander Rasmussen <a-m-h-r@hotmail.com>
 2025-11-21 10:47:31 +00:00
Weblate (bot)
3d2ae27ae3
Translations update from Hosted Weblate (#44306) 
* Updated translation for Turkish

Language: tr

Updated translation for Turkish

Language: tr

Updated translation for Turkish

Language: tr

Co-authored-by: Arif EROL <arif.erol16@gmail.com>
Co-authored-by: Hosted Weblate <hosted@weblate.org>
Signed-off-by: Arif EROL <arif.erol16@gmail.com>
Signed-off-by: Hosted Weblate <hosted@weblate.org>

* Updated translation for German

Language: de

Updated translation for German

Language: de

Co-authored-by: Hosted Weblate <hosted@weblate.org>
Co-authored-by: Till Reymann <till.reymann@gmail.com>
Signed-off-by: Hosted Weblate <hosted@weblate.org>
Signed-off-by: Till Reymann <till.reymann@gmail.com>

* Updated translation for Japanese

Language: ja

Updated translation for Japanese

Language: ja

Co-authored-by: Hosted Weblate <hosted@weblate.org>
Co-authored-by: Kohei Tamura <ktamura.biz.80@gmail.com>
Signed-off-by: Hosted Weblate <hosted@weblate.org>
Signed-off-by: Kohei Tamura <ktamura.biz.80@gmail.com>

* Updated translation for French

Language: fr

Updated translation for French

Language: fr

Co-authored-by: Hosted Weblate <hosted@weblate.org>
Co-authored-by: Sylvain Pichon <service@spichon.fr>
Signed-off-by: Hosted Weblate <hosted@weblate.org>
Signed-off-by: Sylvain Pichon <service@spichon.fr>

* Updated translation for Chinese (Traditional Han script)

Language: zh_Hant

Updated translation for Chinese (Traditional Han script)

Language: zh_Hant

Co-authored-by: Hosted Weblate <hosted@weblate.org>
Co-authored-by: 秉虎 <s96016641@gmail.com>
Signed-off-by: Hosted Weblate <hosted@weblate.org>
Signed-off-by: 秉虎 <s96016641@gmail.com>

* Updated translation for Chinese (Simplified Han script)

Language: zh_Hans

Updated translation for Chinese (Simplified Han script)

Language: zh_Hans

Updated translation for Chinese (Simplified Han script)

Language: zh_Hans

Updated translation for Chinese (Simplified Han script)

Language: zh_Hans

Updated translation for Chinese (Simplified Han script)

Language: zh_Hans

Updated translation for Chinese (Simplified Han script)

Language: zh_Hans

Updated translation for Chinese (Simplified Han script)

Language: zh_Hans

Updated translation for Chinese (Simplified Han script)

Language: zh_Hans

Updated translation for Chinese (Simplified Han script)

Language: zh_Hans

Updated translation for Chinese (Simplified Han script)

Language: zh_Hans

Updated translation for Chinese (Simplified Han script)

Language: zh_Hans

Translated using Weblate (Chinese (Simplified Han script))

Translation: Keycloak/Theme base/admin
Translate-URL: https://hosted.weblate.org/projects/keycloak/theme-baseadmin/zh_Hans/

Translated using Weblate (Chinese (Simplified Han script))

Translation: Keycloak/Theme base/admin
Translate-URL: https://hosted.weblate.org/projects/keycloak/theme-baseadmin/zh_Hans/

Translated using Weblate (Chinese (Simplified Han script))

Translation: Keycloak/Theme base/admin
Translate-URL: https://hosted.weblate.org/projects/keycloak/theme-baseadmin/zh_Hans/

Updated translation for Chinese (Simplified Han script)

Language: zh_Hans

Updated translation for Chinese (Simplified Han script)

Language: zh_Hans

Updated translation for Chinese (Simplified Han script)

Language: zh_Hans

Updated translation for Chinese (Simplified Han script)

Language: zh_Hans

Updated translation for Chinese (Simplified Han script)

Language: zh_Hans

Updated translation for Chinese (Simplified Han script)

Language: zh_Hans

Updated translation for Chinese (Simplified Han script)

Language: zh_Hans

Updated translation for Chinese (Simplified Han script)

Language: zh_Hans

Updated translation for Chinese (Simplified Han script)

Language: zh_Hans

Updated translation for Chinese (Simplified Han script)

Language: zh_Hans

Updated translation for Chinese (Simplified Han script)

Language: zh_Hans

Updated translation for Chinese (Simplified Han script)

Language: zh_Hans

Translated using Weblate (Chinese (Simplified Han script))

Translation: Keycloak/Theme base/admin
Translate-URL: https://hosted.weblate.org/projects/keycloak/theme-baseadmin/zh_Hans/

Co-authored-by: Alexander Schwartz <alexander.schwartz@gmx.net>
Co-authored-by: Charlie <charlie@mapletree.biz>
Co-authored-by: Hosted Weblate <hosted@weblate.org>
Co-authored-by: Nagi <nagi@mptree.com>
Signed-off-by: Alexander Schwartz <alexander.schwartz@gmx.net>
Signed-off-by: Charlie <charlie@mapletree.biz>
Signed-off-by: Hosted Weblate <hosted@weblate.org>
Signed-off-by: Nagi <nagi@mptree.com>

---------

Signed-off-by: Arif EROL <arif.erol16@gmail.com>
Signed-off-by: Hosted Weblate <hosted@weblate.org>
Signed-off-by: Till Reymann <till.reymann@gmail.com>
Signed-off-by: Kohei Tamura <ktamura.biz.80@gmail.com>
Signed-off-by: Sylvain Pichon <service@spichon.fr>
Signed-off-by: 秉虎 <s96016641@gmail.com>
Signed-off-by: Alexander Schwartz <alexander.schwartz@gmx.net>
Signed-off-by: Charlie <charlie@mapletree.biz>
Signed-off-by: Nagi <nagi@mptree.com>
Co-authored-by: Arif EROL <arif.erol16@gmail.com>
Co-authored-by: Till Reymann <till.reymann@gmail.com>
Co-authored-by: Kohei Tamura <ktamura.biz.80@gmail.com>
Co-authored-by: Sylvain Pichon <service@spichon.fr>
Co-authored-by: 秉虎 <s96016641@gmail.com>
Co-authored-by: Alexander Schwartz <alexander.schwartz@gmx.net>
Co-authored-by: Charlie <charlie@mapletree.biz>
Co-authored-by: Nagi <nagi@mptree.com>
 2025-11-21 09:45:49 +01:00
Pedro Ruivo
2dccc0bf37
Operator Update Logic: add hash based comparison (#44332) 
* Operator Update Logic: add hash based comparation

Fixes #44280

Signed-off-by: Pedro Ruivo <1492066+pruivo@users.noreply.github.com>

* refinements to the update logic

Signed-off-by: Steve Hawkins <shawkins@redhat.com>

---------

Signed-off-by: Pedro Ruivo <1492066+pruivo@users.noreply.github.com>
Signed-off-by: Steve Hawkins <shawkins@redhat.com>
Co-authored-by: Pedro Ruivo <1492066+pruivo@users.noreply.github.com>
Co-authored-by: Steve Hawkins <shawkins@redhat.com>
 2025-11-20 12:35:38 -05:00
Rahul Jain
61b1e53eee
Bump Quarkus to 3.27.1 LTS (#44348) 
Closes #43642
Signed-off-by: Rahul Jain <jainrahul0311@gmail.com>
 2025-11-20 15:36:23 +01:00
Martin Bartoš
a71ceee8f1
[Docs] Warn users about printing headers in HTTP access logs (#44353) 
Closes #43156

Signed-off-by: Martin Bartoš <mabartos@redhat.com>
 2025-11-20 14:48:01 +01:00
Peter Zaoral
0e959ad89e
Delete operation for Client v2 (#44335) 
Closes: #43291

Signed-off-by: Peter Zaoral <pzaoral@redhat.com>
 2025-11-20 12:12:33 +01:00
ruchikajha95
dc62067cfe
Detailed how to skip test while building keycloak 
Closes #44338

Signed-off-by: Ruchika Jha <ruchika@li-0551ffcc-341d-11b2-a85c-a28deda416be.ibm.com>
Signed-off-by: Alexander Schwartz <alexander.schwartz@gmx.net>
Co-authored-by: Ruchika Jha <ruchika@li-0551ffcc-341d-11b2-a85c-a28deda416be.ibm.com>
Co-authored-by: Alexander Schwartz <alexander.schwartz@gmx.net>
 2025-11-20 11:29:56 +01:00
Steven Hawkins
8ae3750348
fix: switching to Boolean instead of boolean (#44340) 
closes: #38843

Signed-off-by: Steve Hawkins <shawkins@redhat.com>
 2025-11-20 08:53:28 +01:00
schnillerman
4e87b1f5a0
Fix grammar in LDAP federation group mapper 
Closes #44341

Signed-off-by: schnillerman <till.reymann@gmail.com>
 2025-11-19 23:11:24 +00:00
Pedro Ruivo
13ef89664c
More accurate user session expiration logic 
Closes #44204

Signed-off-by: Pedro Ruivo <1492066+pruivo@users.noreply.github.com>
Co-authored-by: Pedro Ruivo <1492066+pruivo@users.noreply.github.com>
 2025-11-19 21:06:17 +01:00
Stian Thorgersen
271fdfcf0f
Restore KeycloakServerConfigBuilder to use single --features and --features-disabled arguments (#44322) 
Signed-off-by: stianst <stianst@gmail.com>
 2025-11-19 20:45:06 +01:00
Stian Thorgersen
c089a3a6fe
Add support to use kcw with remote test server 
Closes #44312

Signed-off-by: stianst <stianst@gmail.com>
 2025-11-19 20:43:42 +01:00
Carlos Rodríguez Hernández
2a876c143f
Add support for PostgreSQL 18 (#44288) 
Signed-off-by: Carlos Rodríguez Hernández <carlos.rodriguez-hernandez@broadcom.com>
 2025-11-19 11:39:36 +01:00
Giuseppe Graziano
3e8b2f8ab7
New JWT Authorization Grant Identity provider (#44176) 
Closes #43570

Signed-off-by: Giuseppe Graziano <g.graziano94@gmail.com>
 2025-11-19 09:18:23 +01:00
Steven Hawkins
731414e44a
fix: reverting dev property key changes (#44293) 
closes: #44287

Signed-off-by: Steve Hawkins <shawkins@redhat.com>
 2025-11-19 07:35:50 +01:00
Pedro Ruivo
febb632e17
Update protolock file list 
Closes #44300

Signed-off-by: Pedro Ruivo <1492066+pruivo@users.noreply.github.com>
Co-authored-by: Pedro Ruivo <1492066+pruivo@users.noreply.github.com>
 2025-11-18 18:01:12 +00:00
Weblate (bot)
55091f977f
Translations update from Hosted Weblate (#44226) 
* Updated translation for Turkish

Language: tr

Co-authored-by: Arif EROL <arif.erol16@gmail.com>
Co-authored-by: Hosted Weblate <hosted@weblate.org>
Signed-off-by: Arif EROL <arif.erol16@gmail.com>
Signed-off-by: Hosted Weblate <hosted@weblate.org>

* Updated translation for Czech

Language: cs

Updated translation for Czech

Language: cs

Updated translation for Czech

Language: cs

Updated translation for Czech

Language: cs

Co-authored-by: Hosted Weblate <hosted@weblate.org>
Co-authored-by: Martin Kluska <martin@kluska.cz>
Signed-off-by: Hosted Weblate <hosted@weblate.org>
Signed-off-by: Martin Kluska <martin@kluska.cz>

* Updated translation for Chinese (Traditional Han script)

Language: zh_Hant

Updated translation for Chinese (Traditional Han script)

Language: zh_Hant

Co-authored-by: Hosted Weblate <hosted@weblate.org>
Co-authored-by: 秉虎 <s96016641@gmail.com>
Signed-off-by: Hosted Weblate <hosted@weblate.org>
Signed-off-by: 秉虎 <s96016641@gmail.com>

---------

Signed-off-by: Arif EROL <arif.erol16@gmail.com>
Signed-off-by: Hosted Weblate <hosted@weblate.org>
Signed-off-by: Martin Kluska <martin@kluska.cz>
Signed-off-by: 秉虎 <s96016641@gmail.com>
Co-authored-by: Arif EROL <arif.erol16@gmail.com>
Co-authored-by: Martin Kluska <martin@kluska.cz>
Co-authored-by: 秉虎 <s96016641@gmail.com>
 2025-11-18 18:35:21 +01:00
Jon Koops
f7e4b78f1d Prevent slash duplication in request URLs 
Closes #44269

Signed-off-by: Jon Koops <jonkoops@gmail.com>
 2025-11-18 15:44:40 +01:00
mposolda
68cfb8d720 Fix flaky test ClientAuthSignedJWTTest.testClientWithGeneratedKeysJKS 
closes #43713

Signed-off-by: mposolda <mposolda@gmail.com>
 2025-11-18 11:52:01 +01:00
Awambeng Rodrick
97ae31dfe3 fix(admin-ui): allow assignment of OID4VCI client scopes to clients 
Closes #43899

Signed-off-by: Awambeng Rodrick <awambengrodrick@gmail.com>

Address @forkimenjeckayang review comments

Signed-off-by: Awambeng Rodrick <awambengrodrick@gmail.com>

Address @IngridPuppet review comments

Signed-off-by: Awambeng Rodrick <awambengrodrick@gmail.com>

Address @IngridPuppet review comments

Signed-off-by: Awambeng Rodrick <awambengrodrick@gmail.com>

fix lint error

Signed-off-by: Awambeng Rodrick <awambengrodrick@gmail.com>
 2025-11-18 11:25:23 +01:00
rmartinc
f0f776e5c8 Fix for WebAuthnSigningInTest WebAuthn test 
Closes #43477

Signed-off-by: rmartinc <rmartinc@redhat.com>
 2025-11-18 11:02:13 +01:00
Peter Zaoral
b9d94d325b
Remove JSON Patch support from the Client API v2 MVP (#44120) 
Closes: #43572

Signed-off-by: Peter Zaoral <pzaoral@redhat.com>
 2025-11-18 09:42:10 +00:00
Marek Posolda
a4c583246d
Use the unified constants class for sd-jwt/oid4vc standard data and claims (#44153) 
closes #44152

Signed-off-by: mposolda <mposolda@gmail.com>
 2025-11-18 10:41:04 +01:00
Steven Hawkins
8ee23aaa15
fix: simplifying addResources (#44046) 
closes: #44045

Signed-off-by: Steve Hawkins <shawkins@redhat.com>
 2025-11-18 09:29:50 +01:00
Alexander Schwartz
15a9a36569
Align formatting of referenced RFCs 
Closes #44246

Signed-off-by: Alexander Schwartz <alexander.schwartz@gmx.net>
Co-authored-by: Stian Thorgersen <stian@redhat.com>
 2025-11-17 21:30:13 +01:00
Stan Silvert
0b2d673cb7 Add quotes to payload when adding user to organization. 
Fixes #43812

Signed-off-by: Stan Silvert <ssilvert@redhat.com>
 2025-11-17 10:05:58 -03:00
Stefan Guilhen
464d1a6741 Improve updating existing workflows 
- allow updating entire workflow when no scheduled tasks exist
- allow updating conditions, concurrency, and steps config when scheduled tasks exists

Closes #42618

Signed-off-by: Stefan Guilhen <sguilhen@redhat.com>
 2025-11-17 09:10:29 -03:00
Alexander Schwartz
167249dd6c
Updating the specifics around kubernetes service accounts 
Closes #44064

Signed-off-by: Alexander Schwartz <alexander.schwartz@ibm.com>
 2025-11-17 11:23:39 +01:00
Stian Thorgersen
c284f9ae66
Rename ApiUtil to AdminApiUtil (#44224) 
Closes #44196

Signed-off-by: stianst <stianst@gmail.com>
 2025-11-17 07:52:04 +01:00
Stian Thorgersen
b7815190a2
Merge GenerateKeystoreForTestUtil with CryptoKeyStore (#44223) 
Closes #44195

Signed-off-by: stianst <stianst@gmail.com>
 2025-11-17 07:51:45 +01:00
Stian Thorgersen
f6702decc0
JWK Algorithm Key Pair support (#44203) 
Closes #44141

Signed-off-by: stianst <stianst@gmail.com>
 2025-11-17 07:51:08 +01:00
dependabot[bot]
10f3feeee6
Bump the actions-dependencies group with 3 updates (#44245) 
Bumps the actions-dependencies group with 3 updates: [actions/upload-artifact](https://github.com/actions/upload-artifact), [github/codeql-action](https://github.com/github/codeql-action) and [actions/download-artifact](https://github.com/actions/download-artifact).


Updates `actions/upload-artifact` from 4.6.2 to 5.0.0
- [Release notes](https://github.com/actions/upload-artifact/releases)
- [Commits](ea165f8d65...330a01c490)

Updates `github/codeql-action` from 4.30.8 to 4.31.3
- [Release notes](https://github.com/github/codeql-action/releases)
- [Changelog](https://github.com/github/codeql-action/blob/main/CHANGELOG.md)
- [Commits](f443b600d9...014f16e7ab)

Updates `actions/download-artifact` from 5.0.0 to 6.0.0
- [Release notes](https://github.com/actions/download-artifact/releases)
- [Commits](634f93cb29...018cc2cf5b)

---
updated-dependencies:
- dependency-name: actions/upload-artifact
  dependency-version: 5.0.0
  dependency-type: direct:production
  update-type: version-update:semver-major
  dependency-group: actions-dependencies
- dependency-name: github/codeql-action
  dependency-version: 4.31.3
  dependency-type: direct:production
  update-type: version-update:semver-minor
  dependency-group: actions-dependencies
- dependency-name: actions/download-artifact
  dependency-version: 6.0.0
  dependency-type: direct:production
  update-type: version-update:semver-major
  dependency-group: actions-dependencies
...

Signed-off-by: dependabot[bot] <support@github.com>
Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com>
 2025-11-17 07:47:42 +01:00
Pedro Ruivo
6260622f2e
Find highest sequence number in jgroups_ping 
* Find the highest sequence number in jgroups_ping table to avoid duplicates

Fixes #44189

Signed-off-by: Pedro Ruivo <1492066+pruivo@users.noreply.github.com>
Co-authored-by: Pedro Ruivo <1492066+pruivo@users.noreply.github.com>
 2025-11-14 20:54:52 +01:00
Pedro Ruivo
8d0b64bd59
Deprecate TopologyInfo 
Closes #44047

Signed-off-by: Pedro Ruivo <1492066+pruivo@users.noreply.github.com>
Co-authored-by: Pedro Ruivo <1492066+pruivo@users.noreply.github.com>
 2025-11-14 20:50:31 +01:00
Pedro Ruivo
7dc7c81b25
Fix UserSessionProviderOfflineModelTest#testLoadUserSessionsWithNotDeletedOfflineClientSessions 
Fixes #43886

Signed-off-by: Pedro Ruivo <1492066+pruivo@users.noreply.github.com>
Co-authored-by: Pedro Ruivo <1492066+pruivo@users.noreply.github.com>
 2025-11-14 20:46:02 +01:00
Pedro Igor
d4f9a09236 Fixing encoding of forwarded parameters 
Closes #44125

Signed-off-by: Pedro Igor <pigor.craveiro@gmail.com>
 2025-11-14 15:46:09 -03:00
jhgojbis
fd99aa6244 Bug fix double-encoding for query parameter acr_values 
Related bug fix in Keycloak version 26.4

space with mutiple values results in → "+" → "%2B"

Reported bug: 
https://github.com/keycloak/keycloak/issues/44125

Signed-off-by: jhgojbis <gh_wipe@hotmail.com>
 2025-11-14 15:46:09 -03:00
AvivGuiser
3c8af6dec5
set auto-mount service account token to false in keycloak pods (#40605) 
closes #38843

Signed-off-by: AvivGuiser <avivguiser@gmail.com>
Co-authored-by: Steven Hawkins <shawkins@redhat.com>
 2025-11-14 15:41:39 +00:00
Lucas
5ad1b1efa4
Fix logger call to align arguments with format pattern 
fixes #44229

Signed-off-by: Lucas <lucas.bickel@adfinis.com>
 2025-11-14 15:23:19 +00:00
Stefan Guilhen
3319e8d9b5 Add optional parameter in WorkflowResource.toRepresentation to allow retrieval of the rep without the ids 
Closes #44183

Signed-off-by: Stefan Guilhen <sguilhen@redhat.com>
 2025-11-14 12:20:40 -03:00
Pedro Ruivo
70e1dba2c3
Create remember_me column for user sessions 
Closes #44112

Signed-off-by: Pedro Ruivo <1492066+pruivo@users.noreply.github.com>
Co-authored-by: Pedro Ruivo <1492066+pruivo@users.noreply.github.com>
 2025-11-14 14:41:04 +01:00
Weblate (bot)
cb884d3fd1
Translations update from Hosted Weblate (#44055) 
* Updated translation for Turkish

Language: tr

Update translation files

Updated by "Cleanup translation files" hook in Weblate.

Updated translation for Turkish

Language: tr

Updated translation for Turkish

Language: tr

Co-authored-by: Arif EROL <arif.erol16@gmail.com>
Co-authored-by: Hosted Weblate <hosted@weblate.org>
Signed-off-by: Arif EROL <arif.erol16@gmail.com>
Signed-off-by: Hosted Weblate <hosted@weblate.org>

* Update translation files

Updated by "Cleanup translation files" hook in Weblate.

Co-authored-by: Hosted Weblate <hosted@weblate.org>
Signed-off-by: Hosted Weblate <hosted@weblate.org>

* Updated translation for French

Language: fr

Updated translation for French

Language: fr

Update translation files

Updated by "Cleanup translation files" hook in Weblate.

Updated translation for French

Language: fr

Updated translation for French

Language: fr

Updated translation for French

Language: fr

Updated translation for French

Language: fr

Updated translation for French

Language: fr

Updated translation for French

Language: fr

Updated translation for French

Language: fr

Updated translation for French

Language: fr

Co-authored-by: Alexander Schwartz <alexander.schwartz@gmx.net>
Co-authored-by: Dodouce <marin.pau22@gmail.com>
Co-authored-by: Hosted Weblate <hosted@weblate.org>
Co-authored-by: Sylvain Pichon <service@spichon.fr>
Signed-off-by: Alexander Schwartz <alexander.schwartz@gmx.net>
Signed-off-by: Dodouce <marin.pau22@gmail.com>
Signed-off-by: Hosted Weblate <hosted@weblate.org>
Signed-off-by: Sylvain Pichon <service@spichon.fr>

* Update translation files

Updated by "Cleanup translation files" hook in Weblate.

Co-authored-by: Hosted Weblate <hosted@weblate.org>
Signed-off-by: Hosted Weblate <hosted@weblate.org>

* Update translation files

Updated by "Cleanup translation files" hook in Weblate.

Updated translation for Chinese (Traditional Han script)

Language: zh_Hant

Updated translation for Chinese (Traditional Han script)

Language: zh_Hant

Co-authored-by: Hosted Weblate <hosted@weblate.org>
Co-authored-by: 秉虎 <s96016641@gmail.com>
Signed-off-by: Hosted Weblate <hosted@weblate.org>
Signed-off-by: 秉虎 <s96016641@gmail.com>

---------

Signed-off-by: Arif EROL <arif.erol16@gmail.com>
Signed-off-by: Hosted Weblate <hosted@weblate.org>
Signed-off-by: Alexander Schwartz <alexander.schwartz@gmx.net>
Signed-off-by: Dodouce <marin.pau22@gmail.com>
Signed-off-by: Sylvain Pichon <service@spichon.fr>
Signed-off-by: 秉虎 <s96016641@gmail.com>
Co-authored-by: Arif EROL <arif.erol16@gmail.com>
Co-authored-by: Alexander Schwartz <alexander.schwartz@gmx.net>
Co-authored-by: Dodouce <marin.pau22@gmail.com>
Co-authored-by: Sylvain Pichon <service@spichon.fr>
Co-authored-by: 秉虎 <s96016641@gmail.com>
 2025-11-14 13:43:13 +01:00
Steven Hawkins
f96765c4b4
fix: correcting termination test on openshift (#44181) 
closes: #44179

Signed-off-by: Steve Hawkins <shawkins@redhat.com>
 2025-11-14 13:25:02 +01:00
Stian Thorgersen
f67aea9a00
Avoid downloading spotless dependencies every time 
Closes #44214

Signed-off-by: stianst <stianst@gmail.com>
 2025-11-14 12:26:18 +01:00
Stian Thorgersen
4f80d692c0
Add permissions to stability-* workflows (#44212) 
Signed-off-by: stianst <stianst@gmail.com>
 2025-11-14 12:02:54 +01:00
Giuseppe Graziano
bcf6df545b Fix npe in ConditionalUserConfiguredAuthenticator 
Closes #44156

Signed-off-by: Giuseppe Graziano <g.graziano94@gmail.com>
 2025-11-14 10:09:30 +01:00
Ricardo Martin
20f9bb1570
Fix recaptcha links to the new docs.cloud.google.com site 
Closes #44187

Signed-off-by: rmartinc <rmartinc@redhat.com>
 2025-11-14 09:37:54 +01:00
Stian Thorgersen
a2c1055f8d
Proposed import order (#43432) 
* Add importOrder to Spotless

Closes #43235

Signed-off-by: stianst <stianst@gmail.com>

* Re-order imports with Spotless

Signed-off-by: stianst <stianst@gmail.com>

---------

Signed-off-by: stianst <stianst@gmail.com>
 2025-11-14 09:34:49 +01:00
Hamza Hathoute
8fb8fd5346
fix: add flag to delete-step to control user removal from federation provider 
Closes #43538

Signed-off-by: Hathoute <whitesmith.thedj@gmail.com>
 2025-11-13 22:32:11 +00:00
Pedro Igor
b46b0321d6
Skip FGAP when evaluating permissions for regular clients 
Closes #40712

Signed-off-by: Pedro Igor <pigor.craveiro@gmail.com>
 2025-11-13 22:16:09 +01:00
Vlasta Ramik
d2697232b9
Rename bind endpoint to activate 
Closes #44155

Signed-off-by: vramik <vramik@redhat.com>
 2025-11-13 22:15:33 +01:00
Pedro Ruivo
0876ca9aa1
Use batches to expire entries from Database 
Closes #44067

Signed-off-by: Pedro Ruivo <1492066+pruivo@users.noreply.github.com>
Co-authored-by: Pedro Ruivo <1492066+pruivo@users.noreply.github.com>
 2025-11-13 15:13:15 +00:00
stianst
8dce1eff15 Migrate keys package to new test framework 
Closes #44118

Signed-off-by: stianst <stianst@gmail.com>
 2025-11-13 10:19:53 -03:00
Stan Silvert
f106a63f0b Remove unused messages. 
Closes #43665

Signed-off-by: Stan Silvert <ssilvert@redhat.com>
 2025-11-13 10:04:00 -03:00
Stan Silvert
33b479fa3b Workflows now use YAML instead of JSON. 
Closes #43665

Signed-off-by: Stan Silvert <ssilvert@redhat.com>
 2025-11-13 10:04:00 -03:00
Chance Coleman
b2317dabdc
Add configurable HTTP retry mechanism for OCSP validation (#42535) 
Closes #42401


Signed-off-by: UnicornChance <chance@defenseunicorns.com>
Signed-off-by: Chance Coleman <139784371+chance-coleman@users.noreply.github.com>
 2025-11-13 13:21:13 +01:00
vramik
748b58bf64 Remove creation of default policy, resource and permission upon enabling authorization for a client 
Closes #43867

Signed-off-by: vramik <vramik@redhat.com>
 2025-11-13 09:14:56 -03:00
Rathan-Naik
5c04124d86
Fix duplicate mapper save error by auto-navigating after creation 
Closes #43948

Signed-off-by: Rathan Naik <30756840+Rathan-Naik@users.noreply.github.com>
Signed-off-by: Alexander Schwartz <alexander.schwartz@ibm.com>
Co-authored-by: Alexander Schwartz <alexander.schwartz@ibm.com>
 2025-11-13 08:45:30 +00:00
Sebastian Łaskawiec
3288f83dc9
Adding an integration test with Minikube for Kubernetes Service Account Federated Authenticator 
Closes #42983

Signed-off-by: Sebastian Łaskawiec <sebastian.laskawiec@defenseunicorns.com>
Signed-off-by: Alexander Schwartz <alexander.schwartz@ibm.com>
Co-authored-by: Alexander Schwartz <alexander.schwartz@ibm.com>
 2025-11-13 08:52:46 +01:00
Stefan Guilhen
da7993896d Allow ISO-8601 compatible format for the after field in workflow steps 
- aligns the format with what is used in the JPA connection provider pool max lifetime for time-based configurations

Closes #42913

Signed-off-by: Stefan Guilhen <sguilhen@redhat.com>
 2025-11-12 18:51:49 -03:00
Stefan Guilhen
5ff2e22f18 Fix representation so that workflows can be properly disabled/enabled. 
- also removes empty 'with' configurations from the steps when retrieving the workflow.

Closes #44163

Signed-off-by: Stefan Guilhen <sguilhen@redhat.com>
 2025-11-12 18:51:36 -03:00
Stefan Guilhen
7acf2ceccb Add pagination and search by name capabilities to WorkflowsResource 
Closes #44164

Signed-off-by: Stefan Guilhen <sguilhen@redhat.com>
 2025-11-12 17:18:11 -03:00
vramik
84a679224b Add operation to deactivate a workflow execution for a resource 
Closes #42124

Signed-off-by: vramik <vramik@redhat.com>
 2025-11-12 17:02:17 -03:00
Pedro Igor
9d728dd686 Missing message properties when rendering pages for organization invites 
Closes #44113

Signed-off-by: Pedro Igor <pigor.craveiro@gmail.com>
 2025-11-12 15:56:39 -03:00
Steven Hawkins
26bdee3052
fix: removing unknown field validation parameter (#44173) 
closes: #43728

Signed-off-by: Steve Hawkins <shawkins@redhat.com>
 2025-11-12 17:27:05 +00:00
Martin Kanis
a7c02076a1 UPDATE_EMAIL action invalidates old email 
Closes #43738

Signed-off-by: Martin Kanis <mkanis@redhat.com>
 2025-11-12 11:32:36 -03:00
mposolda
fa3e964df7 Sd-Jwt unit tests in the crypto/fips1402 module 
closes #44104

Signed-off-by: mposolda <mposolda@gmail.com>
 2025-11-12 15:11:39 +01:00
Steven Hawkins
63fc0eec28
task: use client v1 logic for v2 impl (#43982) 
* task: use client v1 logic for v2 impl

closes: #43733

Signed-off-by: Steve Hawkins <shawkins@redhat.com>

* removing the provider module

Signed-off-by: Steve Hawkins <shawkins@redhat.com>

---------

Signed-off-by: Steve Hawkins <shawkins@redhat.com>
 2025-11-12 15:08:27 +01:00
Awambeng
c0be5c42b9
[OID4VCI]: Add backward compatibility for Draft 15 wallets (single proof support) (#43951) 
Closes #43926

Signed-off-by: Awambeng Rodrick <awambengrodrick@gmail.com>
 2025-11-12 14:30:33 +01:00
forkimenjeckayang
a05ed3154c
[OID4VCI] Relax CORS policy on credential offer endpoint (#43182) 
Closes #43183


Signed-off-by: forkimenjeckayang <forkimenjeckayang@gmail.com>
Signed-off-by: Awambeng Rodrick <awambengrodrick@gmail.com>
Co-authored-by: Awambeng Rodrick <awambengrodrick@gmail.com>
 2025-11-12 14:25:20 +01:00
rmartinc
c8c110a049 Use normal scope parameter checking for the JWT Authorization grant 
Closes #43646

Signed-off-by: rmartinc <rmartinc@redhat.com>
 2025-11-12 14:09:00 +01:00
Stian Thorgersen
2a196cb373
Split new base tests into multiple jobs (#44096) 
* Split new base tests into multiple jobs

Closes #38200

Signed-off-by: stianst <stianst@gmail.com>

* Update tests/base/src/test/java/org/keycloak/tests/suites/Base2TestSuite.java

Signed-off-by: Stian Thorgersen <stian@redhat.com>

---------

Signed-off-by: stianst <stianst@gmail.com>
Signed-off-by: Stian Thorgersen <stian@redhat.com>
 2025-11-12 10:12:32 +01:00
Ricardo Martin
de49500393
Client policy to enforce only downscoping in Token Exchange (#44030) 
Closes #43931

Signed-off-by: rmartinc <rmartinc@redhat.com>
 2025-11-12 08:48:42 +01:00
Steven Hawkins
281ced0ca8
fix: performing scale down prior to deletion (#44095) 
closes: #34868

Signed-off-by: Steve Hawkins <shawkins@redhat.com>
 2025-11-11 21:12:50 +00:00
rmartinc
fb13aa5039 Use http for the DockerClientTest to avoid certificate issues 
Closes #44117

Signed-off-by: rmartinc <rmartinc@redhat.com>
 2025-11-11 17:48:44 +01:00
Steven Hawkins
6be362de95
fix: ensure that direct building works (#44042) 
also cleaning up a couple of javadocs

closes: #44031

Signed-off-by: Steve Hawkins <shawkins@redhat.com>
 2025-11-11 16:32:44 +01:00
Steven Hawkins
ed9d6cc40a
fix: adding the built system property to the README (#43850) 
* fix: adding the built system property to the README

closes: #43606

Signed-off-by: Steve Hawkins <shawkins@redhat.com>

* removing the doc / note about directly launching from the jar

Signed-off-by: Steve Hawkins <shawkins@redhat.com>

* Update docs/building.md

Co-authored-by: Václav Muzikář <vaclav@muzikari.cz>
Signed-off-by: Steven Hawkins <shawkins@redhat.com>

* removing one more reference to running the jar directly

Signed-off-by: Steve Hawkins <shawkins@redhat.com>

* Move a chapter in README

Signed-off-by: Václav Muzikář <vmuzikar@redhat.com>

---------

Signed-off-by: Steve Hawkins <shawkins@redhat.com>
Signed-off-by: Steven Hawkins <shawkins@redhat.com>
Signed-off-by: Václav Muzikář <vmuzikar@redhat.com>
Co-authored-by: Václav Muzikář <vaclav@muzikari.cz>
Co-authored-by: Václav Muzikář <vmuzikar@redhat.com>
 2025-11-11 15:06:48 +01:00
Pedro Ruivo
39964befef
Sessions not removed when user is deleted 
Fixes #43323

Signed-off-by: Pedro Ruivo <1492066+pruivo@users.noreply.github.com>
Co-authored-by: Pedro Ruivo <1492066+pruivo@users.noreply.github.com>
 2025-11-11 14:09:05 +01:00
Felix Herbst
f9fd9bce9e
MessageFormatterMethod should detect and map SimpleNumber 
Closes #43993

Fixes: java.lang.IllegalArgumentException: Cannot format given Object as a Number

freemarker.template.SimpleNumber was added as is, expected was freemarker.template.Number from java.text.NumberFormat::format

Signed-off-by: Felix Herbst <ofherbst@googlemail.com>
 2025-11-11 13:21:25 +01:00
Pedro Igor
ded372a57f Adding utility class for working with throwables and updating the cause check to limit the number of iterations on the stacktrace 
Signed-off-by: Pedro Igor <pigor.craveiro@gmail.com>
 2025-11-11 08:48:26 -03:00
Martin Kanis
c28cde359c Local user can't login when ldap error 
Closes #43639

Signed-off-by: Martin Kanis <mkanis@redhat.com>
 2025-11-11 08:48:26 -03:00
Stian Thorgersen
36011008e8
Remove PostgreSQL 13.x support (#44103) 
Closes #42905

Signed-off-by: stianst <stianst@gmail.com>
 2025-11-11 09:35:27 +01:00
Steven Hawkins
0064e060fc
fix: redoing the watching logic to provide a better status (#43817) 
closes: #43777

Signed-off-by: Steve Hawkins <shawkins@redhat.com>
 2025-11-11 09:34:58 +01:00
Ingrid Kamga
ce05241c7f
[OID4VCI] Tolerate clock skew in SD-JWT time checks (#43506) 
Closes #43456

Signed-off-by: Ingrid Kamga <Ingrid.Kamga@adorsys.com>
 2025-11-11 09:02:44 +01:00
Steven Hawkins
9ef7ff22d2
allow non-optimized commands to run without a separate java launch (#43591) 
* fix: allow non-optimized commands to run without a separate java launch

closes: #43611

Signed-off-by: Steve Hawkins <shawkins@redhat.com>

* Update quarkus/runtime/src/main/java/org/keycloak/quarkus/runtime/cli/command/AbstractAutoBuildCommand.java

Co-authored-by: Václav Muzikář <vaclav@muzikari.cz>
Signed-off-by: Steven Hawkins <shawkins@redhat.com>

---------

Signed-off-by: Steve Hawkins <shawkins@redhat.com>
Signed-off-by: Steven Hawkins <shawkins@redhat.com>
Co-authored-by: Václav Muzikář <vaclav@muzikari.cz>
 2025-11-11 08:57:17 +01:00
Šimon Vacek
6926ef83f9
Test framework support for remote databases (#43609) 
Part of #41940

Signed-off-by: Simon Vacek <simonvacky@email.cz>
 2025-11-11 07:59:33 +01:00
Stefan Guilhen
ef3de183df Skip checksum validation for 2.5.0-unicode-oracle, that is preventing migrations when schema name changes 
Closes #43564

Signed-off-by: Stefan Guilhen <sguilhen@redhat.com>
 2025-11-10 12:56:45 -03:00
Pedro Igor
c23d2af65c
The admin roles manage-authorization and view-authorization should have precedence over manage-client when managing authorization settings 
Closes #43883

Signed-off-by: Pedro Igor <pigor.craveiro@gmail.com>
 2025-11-10 16:10:48 +01:00
Martin Kanis
39e1e40be4 Document missing artifact dependency for UserStoragePrivateUtil 
Closes #43212

Signed-off-by: Martin Kanis <mkanis@redhat.com>
 2025-11-10 10:41:12 -03:00
Giuseppe Graziano
c0e34fa45f
Additional configuration and validation for jwt assertion grant (#44014) 
Closes #43873

Signed-off-by: Giuseppe Graziano <g.graziano94@gmail.com>
 2025-11-10 14:34:06 +01:00
Vojtěch Boček
cd4543456e fix: do not re-neable AuthorizationService if it is already enabled 
The enable action needs the realm-wide "modify client" permission,
which restricted admins with the fine-grained-authz feature do not have.

This causes a "forbidden" exception when try try to save a client
with Authorization already enabled, even if the "enable" action
does nothing since it was already enabled.

Fixes #22938

Signed-off-by: Vojtěch Boček <vbocek@gmail.com>
 2025-11-10 10:20:50 -03:00
vramik
302fa3db08 Make LDAPProvidersIntegrationTest import a test realm after each test 
Closes #43754

Signed-off-by: vramik <vramik@redhat.com>
 2025-11-10 10:19:25 -03:00
Bahaa Zaid
b07e2b8666
Fix Admin Console crash when opening Client'a Authz Permission details (#44061) 
Closes #44056

Signed-off-by: Bahaa Zaid <bahaa.zaid@pixelogicmedia.com>
 2025-11-10 07:42:24 -05:00
Stian Thorgersen
d8275fe5df
Remove wildcard imports (#44060) 
Closes #44059

Signed-off-by: stianst <stianst@gmail.com>
 2025-11-10 11:46:05 +01:00
Weblate (bot)
39c4c1ed94
Translations update from Hosted Weblate (#43989) 
* Updated translation for Turkish

Language: tr

Co-authored-by: Arif EROL <arif.erol16@gmail.com>
Co-authored-by: Hosted Weblate <hosted@weblate.org>
Signed-off-by: Arif EROL <arif.erol16@gmail.com>
Signed-off-by: Hosted Weblate <hosted@weblate.org>

* Updated translation for Catalan

Language: ca

Co-authored-by: Ecron <ecron_89@hotmail.com>
Co-authored-by: Hosted Weblate <hosted@weblate.org>
Signed-off-by: Ecron <ecron_89@hotmail.com>
Signed-off-by: Hosted Weblate <hosted@weblate.org>

* Updated translation for Czech

Language: cs

Co-authored-by: Hosted Weblate <hosted@weblate.org>
Co-authored-by: Martin Kluska <martin@kluska.cz>
Signed-off-by: Hosted Weblate <hosted@weblate.org>
Signed-off-by: Martin Kluska <martin@kluska.cz>

* Updated translation for French

Language: fr

Co-authored-by: Sylvain Pichon <service@spichon.fr>
Signed-off-by: Hosted Weblate <hosted@weblate.org>
Signed-off-by: Sylvain Pichon <service@spichon.fr>

* Updated translation for Chinese (Traditional Han script)

Language: zh_Hant

Co-authored-by: Hosted Weblate <hosted@weblate.org>
Co-authored-by: 秉虎 <s96016641@gmail.com>
Signed-off-by: Hosted Weblate <hosted@weblate.org>
Signed-off-by: 秉虎 <s96016641@gmail.com>

---------

Signed-off-by: Arif EROL <arif.erol16@gmail.com>
Signed-off-by: Hosted Weblate <hosted@weblate.org>
Signed-off-by: Ecron <ecron_89@hotmail.com>
Signed-off-by: Martin Kluska <martin@kluska.cz>
Signed-off-by: Sylvain Pichon <service@spichon.fr>
Signed-off-by: 秉虎 <s96016641@gmail.com>
Co-authored-by: Arif EROL <arif.erol16@gmail.com>
Co-authored-by: Ecron <ecron_89@hotmail.com>
Co-authored-by: Martin Kluska <martin@kluska.cz>
Co-authored-by: Sylvain Pichon <service@spichon.fr>
Co-authored-by: 秉虎 <s96016641@gmail.com>
 2025-11-09 10:29:52 +01:00
Pedro Ruivo
18eeef7b26
Create user session expired event 
Closes #43942

Signed-off-by: Pedro Ruivo <1492066+pruivo@users.noreply.github.com>
Signed-off-by: Alexander Schwartz <alexander.schwartz@ibm.com>
Co-authored-by: Pedro Ruivo <1492066+pruivo@users.noreply.github.com>
Co-authored-by: Alexander Schwartz <alexander.schwartz@ibm.com>
 2025-11-07 22:36:47 +00:00
Pedro Ruivo
80895d7fb4
AUTH_SESSION_ID cookie has the incorrect route 
Fixes #43933

Signed-off-by: Pedro Ruivo <1492066+pruivo@users.noreply.github.com>
Co-authored-by: Pedro Ruivo <1492066+pruivo@users.noreply.github.com>
 2025-11-07 21:32:45 +00:00
Pedro Igor
c67b6bc007 Ordering attributes will unset the unmanaged attribute policy 
Closes #44010

Signed-off-by: Pedro Igor <pigor.craveiro@gmail.com>
 2025-11-07 16:03:42 -03:00
Martin Bartoš
d8f1476d7b
Improve test case for single feature option (#44041) 
Closes #44040

Signed-off-by: Martin Bartoš <mabartos@redhat.com>
 2025-11-07 15:40:22 +00:00
Pedro Igor
33f1dda2cf Processing workflow events asynchronously - Part 1 
Closes #42386

Signed-off-by: Pedro Igor <pigor.craveiro@gmail.com>
 2025-11-07 10:57:05 -03:00
Martin Bartoš
1f9694358f
Ability to enable/disable feature via single property (#43542) 
* Ability to enable/disable feature via single property

Closes #43541

Signed-off-by: Martin Bartoš <mabartos@redhat.com>

* Provide support for specifying profile preview

Signed-off-by: Martin Bartoš <mabartos@redhat.com>

* Remove duplication check, use the new WildcardOptionUtil

Signed-off-by: Martin Bartoš <mabartos@redhat.com>

* Create quarkus specific single profile config resolver

Signed-off-by: Martin Bartoš <mabartos@redhat.com>

* Remove the feature profile capability for single feature option

Signed-off-by: Martin Bartoš <mabartos@redhat.com>

---------

Signed-off-by: Martin Bartoš <mabartos@redhat.com>
 2025-11-07 13:35:39 +01:00
Martin Bartoš
229cd9450e
Improve error message for the HTTPS material loading (#44006) 
Closes #44005

Signed-off-by: Martin Bartoš <mabartos@redhat.com>
 2025-11-07 09:48:32 +01:00
Ivan Shcherbakov
442c7a781b
fix(useHash): correctly extract hash from pushState url (#43836) 
Signed-off-by: basedest <basedest@icloud.com>
 2025-11-06 14:34:19 -05:00
Steven Hawkins
4a63fcffaf
fix: considering source ordinality with spi options (#43805) 
closes: #43793

Signed-off-by: Steve Hawkins <shawkins@redhat.com>
 2025-11-06 18:01:18 +01:00
Martin Bartoš
1d3a1b554b
Print a warning on duplicate options (#43918) 
* Print a warning on duplicate options

Closes #43604

Signed-off-by: Martin Bartoš <mabartos@redhat.com>

* Print duplicated CLI keys and even sys props

Signed-off-by: Martin Bartoš <mabartos@redhat.com>

---------

Signed-off-by: Martin Bartoš <mabartos@redhat.com>
 2025-11-06 14:47:29 +00:00
Lukas Hanusovsky
768cea1b82
Add FIPS suite to the new tests (#43431) 
* Add FIPS test suite to the new tests

Signed-off-by: Lukas Hanusovsky <lhanusov@redhat.com>

* Tweaks to FIPS suite in new test

Signed-off-by: stianst <stianst@gmail.com>

---------

Signed-off-by: Lukas Hanusovsky <lhanusov@redhat.com>
Signed-off-by: stianst <stianst@gmail.com>
Co-authored-by: stianst <stianst@gmail.com>
 2025-11-06 14:08:19 +01:00
mposolda
b8a8be33aa Audience validation according to latest specs proposal 
closes #43984

Signed-off-by: mposolda <mposolda@gmail.com>
 2025-11-06 10:21:35 +01:00
Stian Thorgersen
6043027d99
Refactor KubernetesIdentityProvider (#43967) 
Closes #43966

Signed-off-by: stianst <stianst@gmail.com>
 2025-11-05 16:28:07 +01:00
rmartinc
5822c52a30 JWT Authorization grant should not generate refresh and use transient sessions 
Closes #43799

Signed-off-by: rmartinc <rmartinc@redhat.com>
 2025-11-05 14:17:32 +01:00
Stian Thorgersen
b278dbbb3d
Allow identity provider configuration without defaults for user authentication (#43963) 
Closes #43552

Signed-off-by: stianst <stianst@gmail.com>
 2025-11-05 10:13:40 -03:00
Giuseppe Graziano
a9a14bd346 Filter idps by JWT_AUTHORIZATION_GRANT type in client conifig 
Closes #43791

Signed-off-by: Giuseppe Graziano <g.graziano94@gmail.com>
 2025-11-05 13:56:31 +01:00
Steven Hawkins
27252a14ae
fix: adding a single method to get the base uri (#43333) 
* fix: adding a single method to get the base uri

closes: #43330

Signed-off-by: Steve Hawkins <shawkins@redhat.com>

* Update server-spi/src/main/java/org/keycloak/urls/HostnameProvider.java

Co-authored-by: Václav Muzikář <vaclav@muzikari.cz>
Signed-off-by: Steven Hawkins <shawkins@redhat.com>

---------

Signed-off-by: Steve Hawkins <shawkins@redhat.com>
Signed-off-by: Steven Hawkins <shawkins@redhat.com>
Co-authored-by: Václav Muzikář <vaclav@muzikari.cz>
 2025-11-05 12:46:09 +00:00
Bruno Oliveira da Silva
d579bc6cb1
Update maintainers (#43917) 
Signed-off-by: Bruno Oliveira da Silva <bruno@abstractj.com>
 2025-11-05 13:20:40 +01:00
Weblate (bot)
084791ec3e
Translations update from Hosted Weblate (#43822) 
* Updated translation for Turkish

Language: tr

Updated translation for Turkish

Language: tr

Updated translation for Turkish

Language: tr

Co-authored-by: Arif EROL <arif.erol16@gmail.com>
Co-authored-by: Hosted Weblate <hosted@weblate.org>
Signed-off-by: Arif EROL <arif.erol16@gmail.com>
Signed-off-by: Hosted Weblate <hosted@weblate.org>

* Updated translation for German

Language: de

Updated translation for German

Language: de

Co-authored-by: Alexander Schwartz <alexander.schwartz@gmx.net>
Co-authored-by: Hosted Weblate <hosted@weblate.org>
Co-authored-by: Robin <39960884+robson90@users.noreply.github.com>
Signed-off-by: Alexander Schwartz <alexander.schwartz@gmx.net>
Signed-off-by: Hosted Weblate <hosted@weblate.org>
Signed-off-by: Robin <39960884+robson90@users.noreply.github.com>

* Updated translation for Japanese

Language: ja

Updated translation for Japanese

Language: ja

Updated translation for Japanese

Language: ja

Co-authored-by: Hosted Weblate <hosted@weblate.org>
Co-authored-by: Kohei Tamura <ktamura.biz.80@gmail.com>
Signed-off-by: Hosted Weblate <hosted@weblate.org>
Signed-off-by: Kohei Tamura <ktamura.biz.80@gmail.com>

* Updated translation for Czech

Language: cs

Updated translation for Czech

Language: cs

Updated translation for Czech

Language: cs

Added translation for Czech

Language: cs

Added translation for Czech

Language: cs

Co-authored-by: Alexander Schwartz <alexander.schwartz@gmx.net>
Co-authored-by: Hosted Weblate <hosted@weblate.org>
Signed-off-by: Alexander Schwartz <alexander.schwartz@gmx.net>
Signed-off-by: Hosted Weblate <hosted@weblate.org>

* Updated translation for French

Language: fr

Updated translation for French

Language: fr

Updated translation for French

Language: fr

Updated translation for French

Language: fr

Co-authored-by: Alexander Schwartz <alexander.schwartz@gmx.net>
Co-authored-by: Hosted Weblate <hosted@weblate.org>
Co-authored-by: Sylvain Pichon <service@spichon.fr>
Signed-off-by: Alexander Schwartz <alexander.schwartz@gmx.net>
Signed-off-by: Hosted Weblate <hosted@weblate.org>
Signed-off-by: Sylvain Pichon <service@spichon.fr>

* Updated translation for Chinese (Traditional Han script)

Language: zh_Hant

Updated translation for Chinese (Traditional Han script)

Language: zh_Hant

Updated translation for Chinese (Traditional Han script)

Language: zh_Hant

Co-authored-by: Hosted Weblate <hosted@weblate.org>
Co-authored-by: 秉虎 <s96016641@gmail.com>
Signed-off-by: Hosted Weblate <hosted@weblate.org>
Signed-off-by: 秉虎 <s96016641@gmail.com>

---------

Signed-off-by: Arif EROL <arif.erol16@gmail.com>
Signed-off-by: Hosted Weblate <hosted@weblate.org>
Signed-off-by: Alexander Schwartz <alexander.schwartz@gmx.net>
Signed-off-by: Robin <39960884+robson90@users.noreply.github.com>
Signed-off-by: Kohei Tamura <ktamura.biz.80@gmail.com>
Signed-off-by: Sylvain Pichon <service@spichon.fr>
Signed-off-by: 秉虎 <s96016641@gmail.com>
Co-authored-by: Arif EROL <arif.erol16@gmail.com>
Co-authored-by: Alexander Schwartz <alexander.schwartz@gmx.net>
Co-authored-by: Robin <39960884+robson90@users.noreply.github.com>
Co-authored-by: Kohei Tamura <ktamura.biz.80@gmail.com>
Co-authored-by: Sylvain Pichon <service@spichon.fr>
Co-authored-by: 秉虎 <s96016641@gmail.com>
 2025-11-05 11:36:41 +01:00
Alexander Schwartz
3ef8c565f3
Avoid touching the database layer if no changes are necessary for a user 
Closes #43682

Signed-off-by: Alexander Schwartz <alexander.schwartz@ibm.com>
 2025-11-05 06:44:48 -03:00
Steven Hawkins
a04d5d7b5e
task: clarifying home dir unset logic (#43904) 
closes: #43903

Signed-off-by: Steve Hawkins <shawkins@redhat.com>
 2025-11-05 08:45:06 +01:00
fengyuchuanshen
e321f5ab23
chore: remove repetitive words in comments (#43944) 
Signed-off-by: fengyuchuanshen <fengyuchuanshen@outlook.com>
 2025-11-04 17:55:22 +00:00
Martin Kanis
8e71657576 Add rate limiter for sending verification emails in context of update email 
Closes #43076

Signed-off-by: Martin Kanis <mkanis@redhat.com>
 2025-11-04 12:16:12 -03:00
rmartinc
b5be43ad07 Delete the user in test "creates a user with a password credential" 
Closes #43523

Signed-off-by: rmartinc <rmartinc@redhat.com>
 2025-11-04 10:50:21 -03:00
rmartinc
245dc950d9 Hide the attribute for allowed IdPs when JWT auth capability is not enabled 
Closes #43925

Signed-off-by: rmartinc <rmartinc@redhat.com>
 2025-11-04 14:47:43 +01:00
Giuseppe Graziano
4b443f04ee
JWT Authorization grant idp config (#43841) 
Closes #43568

Signed-off-by: Giuseppe Graziano <g.graziano94@gmail.com>
 2025-11-04 14:46:14 +01:00
Martin Bartoš
d5763b9c0b
Migrate the OTelProvider test to the new framework 
Closes #43858

Signed-off-by: Martin Bartoš <mabartos@redhat.com>
 2025-11-04 12:53:47 +01:00
Thomas Diesler
131e2357a9 Cannot issue vc of type oid4vc_natural_person 
Signed-off-by: Thomas Diesler <tdiesler@ibm.com>
 2025-11-04 10:46:44 +01:00
KONSTANTINOS GEORGILAKIS
1c0d4616a5
hide scopes from scopes_supported in discovery endpoint 
Closes #10388

Signed-off-by: cgeorgilakis-grnet <cgeorgilakis@admin.grnet.gr>
Signed-off-by: Alexander Schwartz <alexander.schwartz@ibm.com>
Co-authored-by: Alexander Schwartz <alexander.schwartz@ibm.com>
 2025-11-03 16:26:12 +00:00
Pedro Igor
2216ada20b Allow GET and PUT methods using application/yaml media type 
Closes #42687

Signed-off-by: Pedro Igor <pigor.craveiro@gmail.com>
 2025-11-03 13:09:17 -03:00
vramik
4d912a9c21 Support for YAML payloads for Admin client for creation of workflows 
Closes #43666

Signed-off-by: vramik <vramik@redhat.com>
 2025-11-03 13:09:17 -03:00
sander boer
d805a28ea4
Adds group description during import 
Adds the group description during group import from a
representation. This ensures that the description is properly
populated when groups are created from external sources.

Closes #42851

Signed-off-by: Sander <mail@sanderboer.nl>
 2025-11-03 16:08:49 +00:00
Lukas Hanusovsky
5aa05d08eb
Test Framework - new Forms test suite. (#43894) 
Signed-off-by: Lukas Hanusovsky <lhanusov@redhat.com>
 2025-11-03 15:15:10 +00:00
Lukas Hanusovsky
0dbcfeb9d0
Test Framework - new Login V1 test suite. (#43895) 
Signed-off-by: Lukas Hanusovsky <lhanusov@redhat.com>
 2025-11-03 15:08:12 +00:00
Robin Meese
27a47b2537
Add Czech translators (#43910) 
Closes: #43909

Signed-off-by: Robin Meese <39960884+robson90@users.noreply.github.com>
 2025-11-03 15:52:59 +01:00
Martin Bartoš
75fcf11a1b
Separate HOW_TO_RUN.md file for the new testsuite (#43860) 
Signed-off-by: Martin Bartoš <mabartos@redhat.com>
 2025-11-03 15:41:01 +01:00
Lukas Hanusovsky
2ddde05afb
Moving UserFederationLdapConnectionTest to federation/ldap package (#43852) 
Signed-off-by: Lukas Hanusovsky <lhanusov@redhat.com>
 2025-11-03 15:39:40 +01:00
Bernat Moix
733dfdbc1c fix: use providerId instead of alias for social provider icons 
Identity provider icons were only displayed when the alias exactly
matched predefined values. This fixes the issue by checking the
providerId (provider type) instead of the alias, allowing custom
aliases while maintaining correct icon display.

Closes #43515

Signed-off-by: Bernat Moix <bmoix@bmoix.io>
 2025-11-03 15:28:05 +01:00
Václav Muzikář
9c86eae7ed
Initial Client API v2 impl (#43395) 
Closes #43224

Signed-off-by: Václav Muzikář <vmuzikar@redhat.com>
Co-authored-by: Martin Bartoš <mabartos@redhat.com>
Co-authored-by: Peter Zaoral <pzaoral@redhat.com>
Co-authored-by: Steven Hawkins <shawkins@redhat.com>
Co-authored-by: Robin Meese <39960884+robson90@users.noreply.github.com>
 2025-11-03 14:31:54 +01:00
Steven Hawkins
f7735b573c
fix: removing the fast start optimization (#43686) 
* fix: removing the fast start optimization

closes: #38790 #42960

Signed-off-by: Steve Hawkins <shawkins@redhat.com>

* updating the docs based upon a review comment

Signed-off-by: Steve Hawkins <shawkins@redhat.com>

---------

Signed-off-by: Steve Hawkins <shawkins@redhat.com>
 2025-11-03 12:37:13 +01:00
vramik
ece96e397e Make set creadential label use reset-password scope 
Closes #43460

Signed-off-by: vramik <vramik@redhat.com>
 2025-11-03 07:57:58 -03:00
Thomas Diesler
fead1b1ab6
Git ignore local keycloak state dir 
Closes #43816

Signed-off-by: Thomas Diesler <tdiesler@ibm.com>
 2025-11-03 09:09:22 +00:00
Stian Thorgersen
d0a7225b3d
Allow CORS Access-Control-Allow-Headers customization (#43767) 
Closes #12682

Signed-off-by: stianst <stianst@gmail.com>
 2025-11-03 06:39:44 +00:00
Alexander Schwartz
52ba359cc3
Make client and IDP required when using federated client authentication (#43890) 
Closes #43889

Signed-off-by: Alexander Schwartz <alexander.schwartz@gmx.net>
 2025-11-03 07:21:55 +01:00
蔡秀吉
e84a1d6363
Fix typos and formatting in OIDC auth flows documentation 
Closes #43818

Signed-off-by: thc1006 <84045975+thc1006@users.noreply.github.com>
 2025-11-01 19:14:41 +00:00
Tobi
479859a7a3
Add new indices on offline_client_session 
Closes #43566

Signed-off-by: twobiers <22715034+twobiers@users.noreply.github.com>
Signed-off-by: Alexander Schwartz <alexander.schwartz@ibm.com>
Co-authored-by: Alexander Schwartz <alexander.schwartz@ibm.com>
 2025-10-31 17:49:47 +01:00
AvivGuiser
41d5aae6f6
add labels to realm import jobs (#42967) 
Signed-off-by: AvivGuiser <avivguiser@gmail.com>
 2025-10-31 17:20:22 +01:00
Martin Bartoš
8502cc3ae1
Including OTLP headers for tracing (#43122) 
* Including OTLP headers for tracing

Closes #41007

Signed-off-by: Martin Bartoš <mabartos@redhat.com>

* Polishing, add test for the util class, address review

Signed-off-by: Martin Bartoš <mabartos@redhat.com>

* Remove the WildcardOptionsUtil#isKcWildcardOption

Signed-off-by: Martin Bartoš <mabartos@redhat.com>

---------

Signed-off-by: Martin Bartoš <mabartos@redhat.com>
 2025-10-31 15:46:05 +01:00
Stian Thorgersen
a34b14796f
Run unit tests with JDK matrix (#43240) 
Closes #16039

Signed-off-by: stianst <stianst@gmail.com>
 2025-10-31 13:21:44 +01:00
Stian Thorgersen
1048c8d9c9
Filter out non-user authentication IdPs from account and login (#43798) 
Closes #43553

Signed-off-by: stianst <stianst@gmail.com>
 2025-10-31 12:40:04 +01:00
rmartinc
f92adda310 Improve JWT Assertion Validation using client validators 
Closes #43642

Signed-off-by: rmartinc <rmartinc@redhat.com>
 2025-10-31 11:58:08 +01:00
forkimenjeckayang
f27982aeb7
[OID4VCI] Ensure authorization_details from PAR requests are properly returned in token responses (#43215) 
Closes #43214


Signed-off-by: forkimenjeckayang <forkimenjeckayang@gmail.com>
Signed-off-by: Awambeng Rodrick <awambengrodrick@gmail.com>
Co-authored-by: Awambeng Rodrick <awambengrodrick@gmail.com>
 2025-10-31 11:39:38 +01:00
Ingrid Kamga
ea06651da5
[OID4VCI] Ensure openid_credential is one of authorization_details_types_supported on the Authorization Server metadata (#43599) 
Closes #43398

Signed-off-by: Ingrid Kamga <Ingrid.Kamga@adorsys.com>
 2025-10-31 11:32:24 +01:00
Melek KNANI
8374be674e fix(admin-ui): correct default value for backchannel logout session required 
Signed-off-by: Melek KNANI <melek.knani@etu.ec-lyon.fr>
 2025-10-31 11:00:50 +01:00
rmartinc
3b3adcf1e4 Ensure the logout endpoint removes the authentication session 
Closes #43853

Signed-off-by: rmartinc <rmartinc@redhat.com>
 2025-10-31 10:59:25 +01:00
Martin Bartoš
12d9ec048b
[quarkus-next] Removed exception escaped OTel attribute (#43848) 
Closes #43845

Signed-off-by: Martin Bartoš <mabartos@redhat.com>
 2025-10-31 08:52:07 +01:00
Stian Thorgersen
71160384ca
Add ppc64le to Operator CSV metadata (#43831) 
Closes #43830

Signed-off-by: stianst <stianst@gmail.com>
 2025-10-31 06:30:14 +01:00
Pedro Ruivo
24f67d0c04
Always validate cookie signature 
Closes #43851

Signed-off-by: Pedro Ruivo <1492066+pruivo@users.noreply.github.com>
Co-authored-by: Pedro Ruivo <1492066+pruivo@users.noreply.github.com>
 2025-10-30 22:18:13 +00:00
Pedro Ruivo
e40c5de050
Session cache affinity 
Closes #42776

Signed-off-by: Pedro Ruivo <1492066+pruivo@users.noreply.github.com>
Signed-off-by: Alexander Schwartz <alexander.schwartz@gmx.net>
Signed-off-by: Alexander Schwartz <alexander.schwartz@ibm.com>
Co-authored-by: Pedro Ruivo <1492066+pruivo@users.noreply.github.com>
Co-authored-by: Alexander Schwartz <alexander.schwartz@gmx.net>
Co-authored-by: Steven Hawkins <shawkins@redhat.com>
Co-authored-by: Alexander Schwartz <alexander.schwartz@ibm.com>
 2025-10-30 21:01:09 +00:00
Andreas Blättlinger
bd2a1c7c00
Use password visibility icon from theme.properties 
Closes #43843

Signed-off-by: Andreas Blaettlinger <bln1imb@bosch.com>
 2025-10-30 21:18:51 +01:00
Ricardo Martin
475d2c0f02
Remove the trailing slash for base url in the account and admin tests 
Closes #43863

Signed-off-by: rmartinc <rmartinc@redhat.com>
 2025-10-30 20:48:01 +01:00
Steven Hawkins
74e5da49c7
fix: moving h2 logic out of Database so that it can be resolved (#43750) 
closes: #43687

Signed-off-by: Steve Hawkins <shawkins@redhat.com>
 2025-10-30 11:08:10 -04:00
Steven Hawkins
9e98f2bf96
fix: simplify debug handling and remove the 0.0.0.0 default (#43574) 
* fix: simplify debug handling and remove the 0.0.0.0 default

closes: #43160

Signed-off-by: Steve Hawkins <shawkins@redhat.com>

* Update quarkus/dist/src/main/content/bin/kc.sh

Co-authored-by: Václav Muzikář <vaclav@muzikari.cz>
Signed-off-by: Steven Hawkins <shawkins@redhat.com>

* removing the ability to specify just the ip

Signed-off-by: Steve Hawkins <shawkins@redhat.com>

* Apply suggestions from code review

Co-authored-by: Peter Zaoral <pepo48@gmail.com>
Signed-off-by: Steven Hawkins <shawkins@redhat.com>

---------

Signed-off-by: Steve Hawkins <shawkins@redhat.com>
Signed-off-by: Steven Hawkins <shawkins@redhat.com>
Co-authored-by: Václav Muzikář <vaclav@muzikari.cz>
Co-authored-by: Peter Zaoral <pepo48@gmail.com>
 2025-10-30 15:57:37 +01:00
Alexander Schwartz
0f01444543
Allow only normalized paths in requests (#43765) 
Closes #43763

Signed-off-by: Martin Bartoš <mabartos@redhat.com>
Signed-off-by: Alexander Schwartz <alexander.schwartz@ibm.com>
Co-authored-by: Martin Bartoš <mabartos@redhat.com>
 2025-10-30 14:37:50 +01:00
Pedro Ruivo
6317c02a27
Refactor AuthenticationSessionManager 
Closes #43825

Signed-off-by: Pedro Ruivo <1492066+pruivo@users.noreply.github.com>
Signed-off-by: Alexander Schwartz <alexander.schwartz@ibm.com>
Co-authored-by: Pedro Ruivo <1492066+pruivo@users.noreply.github.com>
Co-authored-by: Alexander Schwartz <alexander.schwartz@ibm.com>
 2025-10-30 12:26:07 +01:00
Stian Thorgersen
be6a3814fb
Add CORS support to OIDC dynamic client registration endpoints (#43625) 
Closes #8863

Signed-off-by: stianst <stianst@gmail.com>
 2025-10-30 12:12:08 +01:00
Patrick Weiner
b4e5c01929
Set autofocus on WebAuthn authenticate button in keycloak.v2 login theme. (#43803) 
Closes #43802

Signed-off-by: Patrick Weiner <patrick.weiner@prime-sign.com>
 2025-10-30 11:02:00 +01:00
Tomáš Kyjovský
4c64b7189c
Deprecate org.keycloak.common.util.Base64 
Closes #43370

Signed-off-by: Alexander Schwartz <alexander.schwartz@ibm.com>
Signed-off-by: 1867605+tkyjovsk@users.noreply.github.com
Co-authored-by: Pedro Ruivo <1492066+pruivo@users.noreply.github.com>
Co-authored-by: Alexander Schwartz <alexander.schwartz@ibm.com>
 2025-10-30 09:12:14 +01:00
Peter Zaoral
f65adbf628
win-fix: correct hostname normalization condition for loopback addresses (#43634) 
Closes: #42794

Signed-off-by: Peter Zaoral <pzaoral@redhat.com>
Co-authored-by: Steven Hawkins <shawkins@redhat.com>
 2025-10-30 08:49:45 +01:00
Weblate (bot)
8525792d92
Translations update from Hosted Weblate (#43739) 
* Updated translation for Turkish

Language: tr

Update translation files

Updated by "Cleanup translation files" hook in Weblate.

Updated translation for Turkish

Language: tr

Updated translation for Turkish

Language: tr

Updated translation for Turkish

Language: tr

Co-authored-by: Alpertunga <a_ertin@msn.com>
Co-authored-by: Arif EROL <arif.erol16@gmail.com>
Co-authored-by: Hosted Weblate <hosted@weblate.org>
Signed-off-by: Alpertunga <a_ertin@msn.com>
Signed-off-by: Arif EROL <arif.erol16@gmail.com>
Signed-off-by: Hosted Weblate <hosted@weblate.org>

* Update translation files

Updated by "Cleanup translation files" hook in Weblate.

Co-authored-by: Hosted Weblate <hosted@weblate.org>
Signed-off-by: Hosted Weblate <hosted@weblate.org>

* Update translation files

Updated by "Cleanup translation files" hook in Weblate.

Updated translation for German

Language: de

Co-authored-by: Hosted Weblate <hosted@weblate.org>
Co-authored-by: Robin <39960884+robson90@users.noreply.github.com>
Signed-off-by: Hosted Weblate <hosted@weblate.org>
Signed-off-by: Robin <39960884+robson90@users.noreply.github.com>

* Update translation files

Updated by "Cleanup translation files" hook in Weblate.

Updated translation for Russian

Language: ru

Co-authored-by: Anton Petrov <petrov9810@gmail.com>
Co-authored-by: Hosted Weblate <hosted@weblate.org>
Signed-off-by: Anton Petrov <petrov9810@gmail.com>
Signed-off-by: Hosted Weblate <hosted@weblate.org>

* Update translation files

Updated by "Cleanup translation files" hook in Weblate.

Co-authored-by: Hosted Weblate <hosted@weblate.org>
Signed-off-by: Hosted Weblate <hosted@weblate.org>

* Update translation files

Updated by "Cleanup translation files" hook in Weblate.

Co-authored-by: Hosted Weblate <hosted@weblate.org>
Signed-off-by: Hosted Weblate <hosted@weblate.org>

* Updated translation for French

Language: fr

Updated translation for French

Language: fr

Update translation files

Updated by "Cleanup translation files" hook in Weblate.

Updated translation for French

Language: fr

Translated using Weblate (French)

Translation: Keycloak/Theme base/admin
Translate-URL: https://hosted.weblate.org/projects/keycloak/theme-baseadmin/fr/

Updated translation for French

Language: fr

Updated translation for French

Language: fr

Updated translation for French

Language: fr

Updated translation for French

Language: fr

Co-authored-by: Alexander Schwartz <alexander.schwartz@gmx.net>
Co-authored-by: Dodouce <marin.pau22@gmail.com>
Co-authored-by: Hosted Weblate <hosted@weblate.org>
Co-authored-by: Sylvain Pichon <service@spichon.fr>
Signed-off-by: Alexander Schwartz <alexander.schwartz@gmx.net>
Signed-off-by: Dodouce <marin.pau22@gmail.com>
Signed-off-by: Hosted Weblate <hosted@weblate.org>
Signed-off-by: Sylvain Pichon <service@spichon.fr>

* Update translation files

Updated by "Cleanup translation files" hook in Weblate.

Co-authored-by: Hosted Weblate <hosted@weblate.org>
Signed-off-by: Hosted Weblate <hosted@weblate.org>

* Update translation files

Updated by "Cleanup translation files" hook in Weblate.

Co-authored-by: Hosted Weblate <hosted@weblate.org>
Signed-off-by: Hosted Weblate <hosted@weblate.org>

---------

Signed-off-by: Alpertunga <a_ertin@msn.com>
Signed-off-by: Arif EROL <arif.erol16@gmail.com>
Signed-off-by: Hosted Weblate <hosted@weblate.org>
Signed-off-by: Robin <39960884+robson90@users.noreply.github.com>
Signed-off-by: Anton Petrov <petrov9810@gmail.com>
Signed-off-by: Alexander Schwartz <alexander.schwartz@gmx.net>
Signed-off-by: Dodouce <marin.pau22@gmail.com>
Signed-off-by: Sylvain Pichon <service@spichon.fr>
Co-authored-by: Alpertunga <a_ertin@msn.com>
Co-authored-by: Arif EROL <arif.erol16@gmail.com>
Co-authored-by: Robin <39960884+robson90@users.noreply.github.com>
Co-authored-by: Anton Petrov <petrov9810@gmail.com>
Co-authored-by: Alexander Schwartz <alexander.schwartz@gmx.net>
Co-authored-by: Dodouce <marin.pau22@gmail.com>
Co-authored-by: Sylvain Pichon <service@spichon.fr>
 2025-10-29 19:51:04 +01:00
Steven Hawkins
ccc7568879
fix: updating build docs (#43607) 
* fix: updating build docs

closes: #43606

Signed-off-by: Steve Hawkins <shawkins@redhat.com>

* Update docs/building.md

Co-authored-by: Martin Bartoš <mabartos@redhat.com>
Signed-off-by: Steven Hawkins <shawkins@redhat.com>

---------

Signed-off-by: Steve Hawkins <shawkins@redhat.com>
Signed-off-by: Steven Hawkins <shawkins@redhat.com>
Co-authored-by: Martin Bartoš <mabartos@redhat.com>
 2025-10-29 12:05:49 -04:00
Marek Posolda
2fc5419676
Avoid using UserCredentialManager from user storage extensions (#43695) 
closes #43694

Signed-off-by: mposolda <mposolda@gmail.com>
 2025-10-29 16:26:59 +01:00
Stan Silvert
322cbcdd84 Only check required field when i18n dialog is open. 
Fixes #41271
Fixes #41270

Signed-off-by: Stan Silvert <ssilvert@redhat.com>
 2025-10-29 11:16:45 -03:00
Bruno Oliveira da Silva
6bce46c842
Reduce Dependabot PR noise by grouping them and switching to weekly batch updates (#43704) 
This PR uses dependabot.yml groups key to controls version updates. It
tells Dependabot to bundle regular package upgrades (e.g., npm or
github-actions) into a single pull request based on your rules.

Additional step:

Enable in the repository settings grouped updates: This setting controls
security updates. Enabling this tells Dependabot to bundle all available
security patches (i.e., updates that fix vulnerabilities) into a single
pull request, separate from our version updates.

See:
https://github.blog/changelog/2024-03-28-dependabot-grouped-security-updates-generally-available/

Signed-off-by: Bruno Oliveira da Silva <bruno@abstractj.com>
 2025-10-29 13:30:24 +01:00
Pedro Igor
ce5dd51921 Migration step to add the reset-password scope to user resource type resources 
Closes #43736

Signed-off-by: Pedro Igor <pigor.craveiro@gmail.com>
 2025-10-29 08:49:51 -03:00
Ryan Emerson
3ba8a68f2c
Document debug log settings required to show applied Infinispan configuration 
Closes #43655

Signed-off-by: Ryan Emerson <remerson@ibm.com>
 2025-10-29 12:36:53 +01:00
Alexander Schwartz
4f10c10ffd
Don't keep an old session to avoid a stable objects and a memory leak 
Closes #43761

Signed-off-by: Alexander Schwartz <alexander.schwartz@ibm.com>
 2025-10-29 08:01:55 -03:00
Marek Posolda
5693899246
Picture of the token-exchange flow in the documentation 
closes #39881

Signed-off-by: mposolda <mposolda@gmail.com>
Signed-off-by: Alexander Schwartz <alexander.schwartz@ibm.com>
Co-authored-by: Alexander Schwartz <alexander.schwartz@ibm.com>
 2025-10-29 10:38:37 +00:00
Alexander Schwartz
3cf0989498
Resolve session leak in DeclarativeUserProfileProvider 
Closes #43785

Signed-off-by: Alexander Schwartz <alexander.schwartz@ibm.com>
 2025-10-29 07:31:18 -03:00
Giuseppe Graziano
759e062131
JWT Authorization grant client configuration (#43685) 
closes #43567

Signed-off-by: Giuseppe Graziano <g.graziano94@gmail.com>
 2025-10-29 08:45:51 +01:00
Alexander Schwartz
47288a9643
Role mapper should check if an update is needed for the role 
Closes #43698

Signed-off-by: Alexander Schwartz <alexander.schwartz@ibm.com>
 2025-10-28 14:52:51 -03:00
Steven Hawkins
3cb9e0bcd8
task: testing servicemonitor patching 
closes: #43778

Signed-off-by: Steve Hawkins <shawkins@redhat.com>
 2025-10-28 17:06:06 +00:00
Steven Hawkins
d9e3f55b69
fix: forcing the namespace for the servicemonitor check 
closes: #43774

Signed-off-by: Steve Hawkins <shawkins@redhat.com>
 2025-10-28 17:25:53 +01:00
Alexander Schwartz
2b51d6f4ac
Avoid holding on to the realm in cached configurations 
Closes #43744

Signed-off-by: Alexander Schwartz <alexander.schwartz@ibm.com>
 2025-10-28 13:10:24 -03:00
Ricardo Martin
e0c1f2ee0f
Check offline scope is still assigned when performing a refresh 
Closes #43734

Signed-off-by: rmartinc <rmartinc@redhat.com>
 2025-10-28 16:42:34 +01:00
Pedro Igor
42edee22d9
Email should be set when email as username is enabled and email is read-only 
Closes #43718

Signed-off-by: Pedro Igor <pigor.craveiro@gmail.com>
 2025-10-28 14:44:57 +01:00
Alexander Schwartz
ba0fe9bd70
Cleaning up threadlocals to prevent (small) memory leak 
Closes #43759

Signed-off-by: Alexander Schwartz <alexander.schwartz@ibm.com>
 2025-10-28 10:36:27 -03:00
Alexander Schwartz
b537fc954a
Cleaning no-longer used message keys (#43719) 
Closes #43717

Signed-off-by: Alexander Schwartz <alexander.schwartz@ibm.com>
 2025-10-28 09:25:03 -04:00
rmartinc
1bd9a3f473 Only add the none verifier when attestation conveyance preference is none 
Closes #43723

Signed-off-by: rmartinc <rmartinc@redhat.com>
 2025-10-28 05:30:24 -03:00
Marco N.
8136b03c67
Add authorization checks for workflows 
Require the "manage-realm" role to perform any operation on a workflow

Closes #43509

Signed-off-by: Marco Neuhaus <m.neuhaus@smf.de>
 2025-10-27 17:45:48 +01:00
Pedro Igor
53142d8f92
Fixing flaky test KcOidcBrokerTest#testPostBrokerLoginFlowWithOTP 
Closes #42601

Signed-off-by: Pedro Igor <pigor.craveiro@gmail.com>
 2025-10-27 17:28:28 +01:00
Stan Silvert
defd03c747 Manage workflowJSON state in the form. 
Closes #43041
Closes #43450

Signed-off-by: Stan Silvert <ssilvert@redhat.com>
 2025-10-27 10:10:11 -03:00
Stan Silvert
398cf1afed Change workflow view function to update. Also handle authorization. 
Implements #43041
Implements #43450

Signed-off-by: Stan Silvert <ssilvert@redhat.com>
 2025-10-27 10:10:11 -03:00
Stan Silvert
b287543f6c Clean up based on review. 
Closes #43041

Signed-off-by: Stan Silvert <ssilvert@redhat.com>
 2025-10-27 10:10:11 -03:00
Stan Silvert
23f21c8232 Implement workflow view/copy/enable/disable. 
Closes #43041

Signed-off-by: Stan Silvert <ssilvert@redhat.com>
 2025-10-27 10:10:11 -03:00
Alexander Schwartz
aadffb94fb Fix typo in LDAP edit mode in the docs 
Closes #43720

Signed-off-by: Alexander Schwartz <alexander.schwartz@ibm.com>
 2025-10-27 08:42:44 -03:00
Stefan Guilhen
3751bc050d Workflows enhancements 
- Allow specifying a parameter in events to better tie workflows to more specific events (e.g. user-role-added(name-of-role))
 - Make workflows 'if' and 'on' fields use expressions by default
 - Fix condition evaluation inconsistencies by having a single param for each condition
 - Remove need to use double quotes for condition parameters
 - Reference groups by path instead of id in conditions

Closes #43137
Closes #43536
Closes #43537
Closes #43661
Closes #43715

Signed-off-by: Stefan Guilhen <sguilhen@redhat.com>
 2025-10-27 07:20:59 -03:00
Weblate (bot)
3b20ca2496
Translations update from Hosted Weblate (#43598) 
* Updated translation for Turkish

Language: tr

Updated translation for Turkish

Language: tr

Updated translation for Turkish

Language: tr

Updated translation for Turkish

Language: tr

Updated translation for Turkish

Language: tr

Updated translation for Turkish

Language: tr

Updated translation for Turkish

Language: tr

Updated translation for Turkish

Language: tr

Update translation files

Updated by "Cleanup translation files" hook in Weblate.

Co-authored-by: Alexander Schwartz <alexander.schwartz@gmx.net>
Co-authored-by: Arif EROL <arif.erol16@gmail.com>
Co-authored-by: Hosted Weblate <hosted@weblate.org>
Signed-off-by: Alexander Schwartz <alexander.schwartz@gmx.net>
Signed-off-by: Arif EROL <arif.erol16@gmail.com>
Signed-off-by: Hosted Weblate <hosted@weblate.org>

* Updated translation for Portuguese (Brazil)

Language: pt_BR

Co-authored-by: Felipe Zorzo <felipe.b.zorzo@gmail.com>
Co-authored-by: Hosted Weblate <hosted@weblate.org>
Signed-off-by: Felipe Zorzo <felipe.b.zorzo@gmail.com>
Signed-off-by: Hosted Weblate <hosted@weblate.org>

* Updated translation for German

Language: de

Updated translation for German

Language: de

Co-authored-by: Alexander Schwartz <alexander.schwartz@gmx.net>
Co-authored-by: Hosted Weblate <hosted@weblate.org>
Co-authored-by: Robin <39960884+robson90@users.noreply.github.com>
Signed-off-by: Alexander Schwartz <alexander.schwartz@gmx.net>
Signed-off-by: Hosted Weblate <hosted@weblate.org>
Signed-off-by: Robin <39960884+robson90@users.noreply.github.com>

* Updated translation for Greek

Language: el

Co-authored-by: Hosted Weblate <hosted@weblate.org>
Co-authored-by: infl00pLabs <infl00p@gmail.com>
Signed-off-by: Hosted Weblate <hosted@weblate.org>
Signed-off-by: infl00pLabs <infl00p@gmail.com>

* Update translation files

Updated by "Cleanup translation files" hook in Weblate.

Co-authored-by: Hosted Weblate <hosted@weblate.org>
Signed-off-by: Hosted Weblate <hosted@weblate.org>

* Updated translation for Catalan

Language: ca

Updated translation for Catalan

Language: ca

Co-authored-by: Alexander Schwartz <alexander.schwartz@gmx.net>
Co-authored-by: Ecron <ecron_89@hotmail.com>
Co-authored-by: Hosted Weblate <hosted@weblate.org>
Signed-off-by: Alexander Schwartz <alexander.schwartz@gmx.net>
Signed-off-by: Ecron <ecron_89@hotmail.com>
Signed-off-by: Hosted Weblate <hosted@weblate.org>

* Updated translation for French

Language: fr

Updated translation for French

Language: fr

Updated translation for French

Language: fr

Translated using Weblate (French)

Translation: Keycloak/Theme base/admin
Translate-URL: https://hosted.weblate.org/projects/keycloak/theme-baseadmin/fr/

Updated translation for French

Language: fr

Updated translation for French

Language: fr

Updated translation for French

Language: fr

Updated translation for French

Language: fr

Translated using Weblate (French)

Translation: Keycloak/Theme base/admin
Translate-URL: https://hosted.weblate.org/projects/keycloak/theme-baseadmin/fr/

Updated translation for French

Language: fr

Updated translation for French

Language: fr

Updated translation for French

Language: fr

Updated translation for French

Language: fr

Updated translation for French

Language: fr

Updated translation for French

Language: fr

Updated translation for French

Language: fr

Updated translation for French

Language: fr

Updated translation for French

Language: fr

Update translation files

Updated by "Cleanup translation files" hook in Weblate.

Co-authored-by: Alexander Schwartz <alexander.schwartz@gmx.net>
Co-authored-by: Hosted Weblate <hosted@weblate.org>
Co-authored-by: Sylvain Pichon <service@spichon.fr>
Signed-off-by: Alexander Schwartz <alexander.schwartz@gmx.net>
Signed-off-by: Hosted Weblate <hosted@weblate.org>
Signed-off-by: Sylvain Pichon <service@spichon.fr>

* Updated translation for Chinese (Traditional Han script)

Language: zh_Hant

Updated translation for Chinese (Traditional Han script)

Language: zh_Hant

Updated translation for Chinese (Traditional Han script)

Language: zh_Hant

Updated translation for Chinese (Traditional Han script)

Language: zh_Hant

Update translation files

Updated by "Cleanup translation files" hook in Weblate.

Co-authored-by: Hosted Weblate <hosted@weblate.org>
Co-authored-by: 秉虎 <s96016641@gmail.com>
Signed-off-by: Hosted Weblate <hosted@weblate.org>
Signed-off-by: 秉虎 <s96016641@gmail.com>

---------

Signed-off-by: Alexander Schwartz <alexander.schwartz@gmx.net>
Signed-off-by: Arif EROL <arif.erol16@gmail.com>
Signed-off-by: Hosted Weblate <hosted@weblate.org>
Signed-off-by: Felipe Zorzo <felipe.b.zorzo@gmail.com>
Signed-off-by: Robin <39960884+robson90@users.noreply.github.com>
Signed-off-by: infl00pLabs <infl00p@gmail.com>
Signed-off-by: Ecron <ecron_89@hotmail.com>
Signed-off-by: Sylvain Pichon <service@spichon.fr>
Signed-off-by: 秉虎 <s96016641@gmail.com>
Co-authored-by: Alexander Schwartz <alexander.schwartz@gmx.net>
Co-authored-by: Arif EROL <arif.erol16@gmail.com>
Co-authored-by: Felipe Zorzo <felipe.b.zorzo@gmail.com>
Co-authored-by: Robin <39960884+robson90@users.noreply.github.com>
Co-authored-by: infl00pLabs <infl00p@gmail.com>
Co-authored-by: Ecron <ecron_89@hotmail.com>
Co-authored-by: Sylvain Pichon <service@spichon.fr>
Co-authored-by: 秉虎 <s96016641@gmail.com>
 2025-10-26 19:30:06 +01:00
Jon Koops
ee29c72ed6
Parallelize client scope tests for the admin console (#43675) 
Closes #43379

Signed-off-by: Jon Koops <jonkoops@gmail.com>
 2025-10-24 16:08:33 -04:00
rmartinc
84a3c29f2b Manage the error when the admin console reads the certificate info 
Closes #43547

Signed-off-by: rmartinc <rmartinc@redhat.com>
 2025-10-24 11:58:47 +02:00
Tamas Adam
2d2f0dafca
Added backchannelLogoutUserSessionFromClient and changed backchannelLogoutUserFromClient (#42557) 
Closes #42482

Signed-off-by: Tamas Adam <tom@lambdac.no>
Co-authored-by: Tom Adam <tom.adam@valg.no>
 2025-10-23 14:47:59 +00:00
Steven Hawkins
422eadecf4
fix: adding type validation and lazily adding cli options (#43467) 
* fix: adding type validation and lazily adding cli options

closes: #43466

Signed-off-by: Steve Hawkins <shawkins@redhat.com>

* consolidating empty value checking

Signed-off-by: Steve Hawkins <shawkins@redhat.com>

* stripping the smallrye code if possible

Signed-off-by: Steve Hawkins <shawkins@redhat.com>

---------

Signed-off-by: Steve Hawkins <shawkins@redhat.com>
 2025-10-23 13:46:35 +00:00
vramik
b5ed45f2a0 Ability to define workflows with YAML 
Closes #42687

Signed-off-by: vramik <vramik@redhat.com>
Co-authored-by: Pedro Igor <pigor.craveiro@gmail.com>
 2025-10-23 09:33:50 -03:00
vramik
b1c0c15ad5 Add validation for Workflwow, Condition and Steps fields 
Closes #43559

Signed-off-by: vramik <vramik@redhat.com>
 2025-10-23 09:33:35 -03:00
dependabot[bot]
c88e56707b Bump @types/node from 24.6.2 to 24.8.0 in /js 
Bumps [@types/node](https://github.com/DefinitelyTyped/DefinitelyTyped/tree/HEAD/types/node) from 24.6.2 to 24.8.0.
- [Release notes](https://github.com/DefinitelyTyped/DefinitelyTyped/releases)
- [Commits](https://github.com/DefinitelyTyped/DefinitelyTyped/commits/HEAD/types/node)

---
updated-dependencies:
- dependency-name: "@types/node"
  dependency-version: 24.8.0
  dependency-type: direct:development
  update-type: version-update:semver-minor
...

Signed-off-by: dependabot[bot] <support@github.com>
 2025-10-23 09:32:20 -03:00
Pedro Igor
e4d4570404
Prevent the username field from being rendered when running the identity-first login flow 
Closes #43091

Signed-off-by: Pedro Igor <pigor.craveiro@gmail.com>
 2025-10-23 13:02:57 +02:00
Pedro Igor
6527b139dc
Do not lower-case username and email if users are not imported from LDAP 
Closes #43621

Signed-off-by: Pedro Igor <pigor.craveiro@gmail.com>
 2025-10-23 13:02:33 +02:00
Pedro Igor
2b785425fa Allow managing realm admin roles if the the realm-admin role is granted 
Closes #43579
Closes #43578

Signed-off-by: Pedro Igor <pigor.craveiro@gmail.com>
Co-authored-by: Vlasta Ramik <vramik@users.noreply.github.com>
 2025-10-23 08:02:05 -03:00
dependabot[bot]
2d526eaf16 Bump eslint from 9.36.0 to 9.37.0 in /js 
Bumps [eslint](https://github.com/eslint/eslint) from 9.36.0 to 9.37.0.
- [Release notes](https://github.com/eslint/eslint/releases)
- [Commits](https://github.com/eslint/eslint/compare/v9.36.0...v9.37.0)

---
updated-dependencies:
- dependency-name: eslint
  dependency-version: 9.37.0
  dependency-type: direct:development
  update-type: version-update:semver-minor
...

Signed-off-by: dependabot[bot] <support@github.com>
 2025-10-22 19:27:33 -03:00
dependabot[bot]
1d2afb63f5 Bump lightningcss from 1.30.1 to 1.30.2 in /js 
Bumps [lightningcss](https://github.com/parcel-bundler/lightningcss) from 1.30.1 to 1.30.2.
- [Release notes](https://github.com/parcel-bundler/lightningcss/releases)
- [Commits](https://github.com/parcel-bundler/lightningcss/compare/v1.30.1...v1.30.2)

---
updated-dependencies:
- dependency-name: lightningcss
  dependency-version: 1.30.2
  dependency-type: direct:development
  update-type: version-update:semver-patch
...

Signed-off-by: dependabot[bot] <support@github.com>
 2025-10-22 18:22:40 -03:00
dependabot[bot]
a89d575091 Bump typescript from 5.9.2 to 5.9.3 in /js 
Bumps [typescript](https://github.com/microsoft/TypeScript) from 5.9.2 to 5.9.3.
- [Release notes](https://github.com/microsoft/TypeScript/releases)
- [Changelog](https://github.com/microsoft/TypeScript/blob/main/azure-pipelines.release-publish.yml)
- [Commits](https://github.com/microsoft/TypeScript/compare/v5.9.2...v5.9.3)

---
updated-dependencies:
- dependency-name: typescript
  dependency-version: 5.9.3
  dependency-type: direct:development
  update-type: version-update:semver-patch
...

Signed-off-by: dependabot[bot] <support@github.com>
 2025-10-22 16:31:16 -03:00
dependabot[bot]
88659cd465 Bump rollup from 4.52.2 to 4.52.4 in /js 
Bumps [rollup](https://github.com/rollup/rollup) from 4.52.2 to 4.52.4.
- [Release notes](https://github.com/rollup/rollup/releases)
- [Changelog](https://github.com/rollup/rollup/blob/master/CHANGELOG.md)
- [Commits](https://github.com/rollup/rollup/compare/v4.52.2...v4.52.4)

---
updated-dependencies:
- dependency-name: rollup
  dependency-version: 4.52.4
  dependency-type: direct:development
  update-type: version-update:semver-patch
...

Signed-off-by: dependabot[bot] <support@github.com>
 2025-10-22 15:17:29 -03:00
rmartinc
62f68b2f19 DPoP replay check should take clockSkew into account 
Closes #43505

Signed-off-by: rmartinc <rmartinc@redhat.com>
 2025-10-22 15:35:13 +02:00
Giuseppe Graziano
a25a0268de
Experimental feature for JWT Authorization Grant (#43624) 
Closes #43444

Signed-off-by: Giuseppe Graziano <g.graziano94@gmail.com>
 2025-10-22 15:34:33 +02:00
Stian Thorgersen
f6ac64907d
SPIFFE should support OIDC JWK endpoint (#43651) 
Closes #43650

Signed-off-by: stianst <stianst@gmail.com>
 2025-10-22 15:19:56 +02:00
dependabot[bot]
ab7b835e51 Bump @rollup/plugin-commonjs from 28.0.6 to 28.0.8 in /js 
Bumps [@rollup/plugin-commonjs](https://github.com/rollup/plugins/tree/HEAD/packages/commonjs) from 28.0.6 to 28.0.8.
- [Changelog](https://github.com/rollup/plugins/blob/master/packages/commonjs/CHANGELOG.md)
- [Commits](https://github.com/rollup/plugins/commits/commonjs-v28.0.8/packages/commonjs)

---
updated-dependencies:
- dependency-name: "@rollup/plugin-commonjs"
  dependency-version: 28.0.8
  dependency-type: direct:development
  update-type: version-update:semver-patch
...

Signed-off-by: dependabot[bot] <support@github.com>
 2025-10-21 17:18:04 -03:00
dependabot[bot]
0c2c8c4830 Bump react-i18next from 16.0.0 to 16.0.1 in /js 
Bumps [react-i18next](https://github.com/i18next/react-i18next) from 16.0.0 to 16.0.1.
- [Changelog](https://github.com/i18next/react-i18next/blob/master/CHANGELOG.md)
- [Commits](https://github.com/i18next/react-i18next/compare/v16.0.0...v16.0.1)

---
updated-dependencies:
- dependency-name: react-i18next
  dependency-version: 16.0.1
  dependency-type: direct:production
  update-type: version-update:semver-patch
...

Signed-off-by: dependabot[bot] <support@github.com>
 2025-10-21 17:17:30 -03:00
dependabot[bot]
2e7977cfa2 Bump vite from 7.1.7 to 7.1.10 in /js 
Bumps [vite](https://github.com/vitejs/vite/tree/HEAD/packages/vite) from 7.1.7 to 7.1.10.
- [Release notes](https://github.com/vitejs/vite/releases)
- [Changelog](https://github.com/vitejs/vite/blob/main/packages/vite/CHANGELOG.md)
- [Commits](https://github.com/vitejs/vite/commits/v7.1.10/packages/vite)

---
updated-dependencies:
- dependency-name: vite
  dependency-version: 7.1.10
  dependency-type: direct:development
  update-type: version-update:semver-patch
...

Signed-off-by: dependabot[bot] <support@github.com>
 2025-10-21 17:17:10 -03:00
dependabot[bot]
8f7559329d Bump github/codeql-action from 3.30.6 to 4.30.8 
Bumps [github/codeql-action](https://github.com/github/codeql-action) from 3.30.6 to 4.30.8.
- [Release notes](https://github.com/github/codeql-action/releases)
- [Changelog](https://github.com/github/codeql-action/blob/main/CHANGELOG.md)
- [Commits](64d10c1313...f443b600d9)

---
updated-dependencies:
- dependency-name: github/codeql-action
  dependency-version: 4.30.8
  dependency-type: direct:production
  update-type: version-update:semver-major
...

Signed-off-by: dependabot[bot] <support@github.com>
 2025-10-21 17:16:30 -03:00
dependabot[bot]
9726e0f940 Bump snyk/actions from 0.5.0 to 1.0.0 
Bumps [snyk/actions](https://github.com/snyk/actions) from 0.5.0 to 1.0.0.
- [Release notes](https://github.com/snyk/actions/releases)
- [Commits](de2dda699b...9adf32b112)

---
updated-dependencies:
- dependency-name: snyk/actions
  dependency-version: 1.0.0
  dependency-type: direct:production
  update-type: version-update:semver-major
...

Signed-off-by: dependabot[bot] <support@github.com>
 2025-10-21 17:07:46 -03:00
Stian Thorgersen
84a161d4dd
Extract related methods from IdentityProvider to UserIdentityProvider (#43535) 
Closes #43534

Signed-off-by: stianst <stianst@gmail.com>
 2025-10-21 14:27:07 +00:00
Alexander Schwartz
6080f21c64
Adding this as a breaking change plus deprecation 
Closes #43022

Signed-off-by: Alexander Schwartz <alexander.schwartz@ibm.com>
 2025-10-21 09:58:33 -03:00
Steven Hawkins
4443834d06
fix: refines how defaults are shown 
closes: #43421

Signed-off-by: Steve Hawkins <shawkins@redhat.com>
 2025-10-21 14:35:55 +02:00
Martin Bartoš
419afce847
Fix anchors in the documentation 
Closes #43084

Signed-off-by: Martin Bartoš <mabartos@redhat.com>
Signed-off-by: Alexander Schwartz <alexander.schwartz@ibm.com>
Co-authored-by: Václav Muzikář <vaclav@muzikari.cz>
Co-authored-by: Alexander Schwartz <alexander.schwartz@ibm.com>
 2025-10-21 12:33:32 +00:00
Pedro Igor
c5b560e2d8
Update user profile to allow returning a brief user representation 
Closes #42225

Signed-off-by: Pedro Igor <pigor.craveiro@gmail.com>
 2025-10-21 12:52:31 +02:00
Steven Hawkins
49305d1567
fix: generalizing the misconfiguration detection. (#43500) 
closes: #43166

Signed-off-by: Steve Hawkins <shawkins@redhat.com>
 2025-10-21 11:44:00 +02:00
Tamas Adam
eed9d70ec0
Minor technical cleanup (#42811) 
Also added @Deprecated to expireUserSessionCookie version with unused parameters.

Closes #43510

Signed-off-by: Tamas Adam <tom@lambdac.no>
 2025-10-21 08:00:36 +00:00
Ronaldo Paulino Jiconda
987ce19b45
Fix OIDC IDP broker basic auth encoding 
Ensures that the client_id and client_secret are URL-encoded before being Base64-encoded for the Basic Auth header, following RFC 6749. This fixes authentication failures when the client_id contains special characters.

Closes #26374
Closes #43022

Signed-off-by: rpjicond <ronaldopaulino32@hotmail.com>
Signed-off-by: Alexander Schwartz <alexander.schwartz@ibm.com>
Co-authored-by: rpjicond <ronaldopaulino32@hotmail.com>
Co-authored-by: Alexander Schwartz <alexander.schwartz@ibm.com>
Co-authored-by: cgeorgilakis-grnet <cgeorgilakis@admin.grnet.gr>
 2025-10-20 23:48:24 +02:00
Alexander Schwartz
37c4588c7d
Add session information to the current context on creation and session validation 
Closes #43360

Signed-off-by: Alexander Schwartz <alexander.schwartz@ibm.com>
 2025-10-20 17:59:52 -03:00
Steven Hawkins
3b7f364b4f
fix: allow for --optimized to receive signals (#43580) 
* fix: allowing --optimized to terminate gracefully

closes: #43561

Signed-off-by: Steve Hawkins <shawkins@redhat.com>

* Update quarkus/dist/src/main/content/bin/kc.sh

Co-authored-by: Martin Bartoš <mabartos@redhat.com>
Signed-off-by: Steven Hawkins <shawkins@redhat.com>

---------

Signed-off-by: Steve Hawkins <shawkins@redhat.com>
Signed-off-by: Steven Hawkins <shawkins@redhat.com>
Co-authored-by: Martin Bartoš <mabartos@redhat.com>
 2025-10-20 17:52:27 +02:00
Stefan Guilhen
657105bb41 Improve WorkflowRepresentation.Builder, changing concurrency(true) to concurrency().cancelIfRunning() for better clarity 
Signed-off-by: Stefan Guilhen <sguilhen@redhat.com>
 2025-10-20 10:54:53 -03:00
Pedro Igor
c4edb97e68 Reviewing the email verification field and reset action 
Signed-off-by: Pedro Igor <pigor.craveiro@gmail.com>
 2025-10-20 09:06:01 -03:00
Martin Kanis
986fdd7341 Make pending email verification attribute removable by admin 
Closes #43351

Signed-off-by: Martin Kanis <mkanis@redhat.com>
 2025-10-20 09:06:01 -03:00
Weblate (bot)
b858e696bc
Translations update from Hosted Weblate (#43562) 
* Updated translation for Turkish

Language: tr

Co-authored-by: Arif EROL <arif.erol16@gmail.com>
Co-authored-by: Hosted Weblate <hosted@weblate.org>
Signed-off-by: Arif EROL <arif.erol16@gmail.com>
Signed-off-by: Hosted Weblate <hosted@weblate.org>

* Updated translation for German

Language: de

Updated translation for German

Language: de

Translated using Weblate (German)

Translation: Keycloak/Theme base/admin
Translate-URL: https://hosted.weblate.org/projects/keycloak/theme-baseadmin/de/

Updated translation for German

Language: de

Co-authored-by: Hosted Weblate <hosted@weblate.org>
Co-authored-by: Robin <39960884+robson90@users.noreply.github.com>
Signed-off-by: Hosted Weblate <hosted@weblate.org>
Signed-off-by: Robin <39960884+robson90@users.noreply.github.com>

* Updated translation for French

Language: fr

Updated translation for French

Language: fr

Updated translation for French

Language: fr

Updated translation for French

Language: fr

Translated using Weblate (French)

Translation: Keycloak/Theme base/admin
Translate-URL: https://hosted.weblate.org/projects/keycloak/theme-baseadmin/fr/

Updated translation for French

Language: fr

Updated translation for French

Language: fr

Updated translation for French

Language: fr

Updated translation for French

Language: fr

Updated translation for French

Language: fr

Updated translation for French

Language: fr

Co-authored-by: Alexander Schwartz <alexander.schwartz@gmx.net>
Co-authored-by: Dodouce <marin.pau22@gmail.com>
Co-authored-by: Hosted Weblate <hosted@weblate.org>
Co-authored-by: Sylvain Pichon <service@spichon.fr>
Signed-off-by: Alexander Schwartz <alexander.schwartz@gmx.net>
Signed-off-by: Dodouce <marin.pau22@gmail.com>
Signed-off-by: Hosted Weblate <hosted@weblate.org>
Signed-off-by: Sylvain Pichon <service@spichon.fr>

* Updated translation for Chinese (Traditional Han script)

Language: zh_Hant

Updated translation for Chinese (Traditional Han script)

Language: zh_Hant

Co-authored-by: Hosted Weblate <hosted@weblate.org>
Co-authored-by: 秉虎 <s96016641@gmail.com>
Signed-off-by: Hosted Weblate <hosted@weblate.org>
Signed-off-by: 秉虎 <s96016641@gmail.com>

---------

Signed-off-by: Arif EROL <arif.erol16@gmail.com>
Signed-off-by: Hosted Weblate <hosted@weblate.org>
Signed-off-by: Robin <39960884+robson90@users.noreply.github.com>
Signed-off-by: Alexander Schwartz <alexander.schwartz@gmx.net>
Signed-off-by: Dodouce <marin.pau22@gmail.com>
Signed-off-by: Sylvain Pichon <service@spichon.fr>
Signed-off-by: 秉虎 <s96016641@gmail.com>
Co-authored-by: Arif EROL <arif.erol16@gmail.com>
Co-authored-by: Robin <39960884+robson90@users.noreply.github.com>
Co-authored-by: Alexander Schwartz <alexander.schwartz@gmx.net>
Co-authored-by: Dodouce <marin.pau22@gmail.com>
Co-authored-by: Sylvain Pichon <service@spichon.fr>
Co-authored-by: 秉虎 <s96016641@gmail.com>
 2025-10-20 13:21:19 +02:00
Martin Bartoš
37bea126c7
[PERF] Jackson reflection-free serialization/deserialization (#42946) 
* [PERF] Jackson reflection-free serialization/deserialization

Closes #42945

Signed-off-by: Martin Bartoš <mabartos@redhat.com>

* Update docs/guides/server/configuration-production.adoc

Co-authored-by: Alexander Schwartz <alexander.schwartz@gmx.net>
Signed-off-by: Martin Bartoš <mabartos@redhat.com>

* Docs improvements

Signed-off-by: Martin Bartoš <mabartos@redhat.com>

* Update docs/guides/server/configuration-production.adoc

Co-authored-by: Václav Muzikář <vaclav@muzikari.cz>
Signed-off-by: Martin Bartoš <mabartos@redhat.com>

* Polish the features template macros

Signed-off-by: Martin Bartoš <mabartos@redhat.com>

---------

Signed-off-by: Martin Bartoš <mabartos@redhat.com>
Co-authored-by: Alexander Schwartz <alexander.schwartz@gmx.net>
Co-authored-by: Václav Muzikář <vaclav@muzikari.cz>
 2025-10-17 20:24:47 +02:00
Martin Bartoš
b807a45091
Divide logging guide to sub-guides for every log handler (#43132) 
* Divide logging guide to sub-guides for every log handler

Closes #43125

Signed-off-by: Martin Bartoš <mabartos@redhat.com>

* Ability to set level offset to guides, remove emojis

Signed-off-by: Martin Bartoš <mabartos@redhat.com>

* Add all relevant options to the logging guide

Signed-off-by: Martin Bartoš <mabartos@redhat.com>

* Update docs/guides/server/logging/file.adoc

Co-authored-by: andymunro <48995441+andymunro@users.noreply.github.com>
Signed-off-by: Martin Bartoš <mabartos@redhat.com>

* Update docs/guides/server/logging/syslog.adoc

Co-authored-by: andymunro <48995441+andymunro@users.noreply.github.com>
Signed-off-by: Martin Bartoš <mabartos@redhat.com>

* Update docs/guides/server/logging/syslog.adoc

Co-authored-by: andymunro <48995441+andymunro@users.noreply.github.com>
Signed-off-by: Martin Bartoš <mabartos@redhat.com>

* Update docs/guides/server/logging/syslog.adoc

Co-authored-by: andymunro <48995441+andymunro@users.noreply.github.com>
Signed-off-by: Martin Bartoš <mabartos@redhat.com>

* Update docs/guides/server/logging/syslog.adoc

Co-authored-by: andymunro <48995441+andymunro@users.noreply.github.com>
Signed-off-by: Martin Bartoš <mabartos@redhat.com>

* Update docs/guides/server/logging/console.adoc

Co-authored-by: andymunro <48995441+andymunro@users.noreply.github.com>
Signed-off-by: Martin Bartoš <mabartos@redhat.com>

* Update docs/guides/server/logging/console.adoc

Co-authored-by: andymunro <48995441+andymunro@users.noreply.github.com>
Signed-off-by: Martin Bartoš <mabartos@redhat.com>

* Improve link to other section

Signed-off-by: Martin Bartoš <mabartos@redhat.com>

---------

Signed-off-by: Martin Bartoš <mabartos@redhat.com>
Co-authored-by: andymunro <48995441+andymunro@users.noreply.github.com>
 2025-10-17 16:37:48 +02:00
Peter Zaoral
2300b3fc78
Handle canonical hostname checks for localhost on Windows (#42799) 
Closes: #42794

Signed-off-by: Peter Zaoral <pepo48@gmail.com>
 2025-10-17 13:40:08 +00:00
vramik
4dc398354a Restart workflow basen on concurrency/cancel-if-running option rather than reset-on option 
Closes #42911

Signed-off-by: vramik <vramik@redhat.com>
 2025-10-17 10:06:43 -03:00
Steven Hawkins
736d4920d7
fix: noting db support level changes (#43549) 
closes: #43191

Signed-off-by: Steve Hawkins <shawkins@redhat.com>
 2025-10-17 14:01:10 +02:00
Alexander Schwartz
7b8626ead5
Make intra-document links work in downstream 
Closes #43544

Signed-off-by: Alexander Schwartz <alexander.schwartz@ibm.com>
 2025-10-17 10:52:58 +02:00
Alexander Schwartz
0261b40de2
Also push changes in Weblate to the PR 
This should avoid conflicts later

Close #43527

Signed-off-by: Alexander Schwartz <alexander.schwartz@ibm.com>
 2025-10-17 10:52:26 +02:00
Weblate (bot)
7950e3e75a
Translations update from Hosted Weblate (#43518) 
* Updated translation for Turkish

Language: tr

Co-authored-by: Arif EROL <arif.erol16@gmail.com>
Co-authored-by: Hosted Weblate <hosted@weblate.org>
Signed-off-by: Arif EROL <arif.erol16@gmail.com>
Signed-off-by: Hosted Weblate <hosted@weblate.org>

* Updated translation for Portuguese (Brazil)

Language: pt_BR

Updated translation for Portuguese (Brazil)

Language: pt_BR

Co-authored-by: Felipe Zorzo <felipe.b.zorzo@gmail.com>
Co-authored-by: Hosted Weblate <hosted@weblate.org>
Co-authored-by: Rafael Cunha <rafael.danicunha@gmail.com>
Signed-off-by: Felipe Zorzo <felipe.b.zorzo@gmail.com>
Signed-off-by: Hosted Weblate <hosted@weblate.org>
Signed-off-by: Rafael Cunha <rafael.danicunha@gmail.com>

* Updated translation for German

Language: de

Updated translation for German

Language: de

Co-authored-by: Alexander Schwartz <alexander.schwartz@gmx.net>
Co-authored-by: Falk Neumann <pfralf@googlemail.com>
Co-authored-by: Hosted Weblate <hosted@weblate.org>
Signed-off-by: Alexander Schwartz <alexander.schwartz@gmx.net>
Signed-off-by: Falk Neumann <pfralf@googlemail.com>
Signed-off-by: Hosted Weblate <hosted@weblate.org>

* Updated translation for French

Language: fr

Updated translation for French

Language: fr

Co-authored-by: Hosted Weblate <hosted@weblate.org>
Co-authored-by: Sylvain Pichon <service@spichon.fr>
Signed-off-by: Hosted Weblate <hosted@weblate.org>
Signed-off-by: Sylvain Pichon <service@spichon.fr>

---------

Signed-off-by: Arif EROL <arif.erol16@gmail.com>
Signed-off-by: Hosted Weblate <hosted@weblate.org>
Signed-off-by: Felipe Zorzo <felipe.b.zorzo@gmail.com>
Signed-off-by: Rafael Cunha <rafael.danicunha@gmail.com>
Signed-off-by: Alexander Schwartz <alexander.schwartz@gmx.net>
Signed-off-by: Falk Neumann <pfralf@googlemail.com>
Signed-off-by: Sylvain Pichon <service@spichon.fr>
Co-authored-by: Arif EROL <arif.erol16@gmail.com>
Co-authored-by: Felipe Zorzo <felipe.b.zorzo@gmail.com>
Co-authored-by: Rafael Cunha <rafael.danicunha@gmail.com>
Co-authored-by: Alexander Schwartz <alexander.schwartz@gmx.net>
Co-authored-by: Falk Neumann <pfralf@googlemail.com>
Co-authored-by: Sylvain Pichon <service@spichon.fr>
 2025-10-17 10:21:47 +02:00
Peter Zaoral
a2ca406567
Stabilize ResourceLoaderTest on Windows (#42798) 
* use distinct filenames to properly test path traversal on Windows
* skip relative path test on certain environments, when temp and current directories are on different drives

Closes: #42795

Signed-off-by: Peter Zaoral <pzaoral@redhat.com>
 2025-10-17 08:45:08 +02:00
dependabot[bot]
2567b572d1
Bump @faker-js/faker from 10.0.0 to 10.1.0 in /js (#43475) 
Bumps [@faker-js/faker](https://github.com/faker-js/faker) from 10.0.0 to 10.1.0.
- [Release notes](https://github.com/faker-js/faker/releases)
- [Changelog](https://github.com/faker-js/faker/blob/next/CHANGELOG.md)
- [Commits](https://github.com/faker-js/faker/compare/v10.0.0...v10.1.0)

---
updated-dependencies:
- dependency-name: "@faker-js/faker"
  dependency-version: 10.1.0
  dependency-type: direct:development
  update-type: version-update:semver-minor
...

Signed-off-by: dependabot[bot] <support@github.com>
Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com>
 2025-10-16 14:18:10 -04:00
dependabot[bot]
81c4e0f6fb
Bump @rollup/plugin-node-resolve from 16.0.1 to 16.0.3 in /js (#43427) 
Bumps [@rollup/plugin-node-resolve](https://github.com/rollup/plugins/tree/HEAD/packages/node-resolve) from 16.0.1 to 16.0.3.
- [Changelog](https://github.com/rollup/plugins/blob/master/packages/node-resolve/CHANGELOG.md)
- [Commits](https://github.com/rollup/plugins/commits/node-resolve-v16.0.3/packages/node-resolve)

---
updated-dependencies:
- dependency-name: "@rollup/plugin-node-resolve"
  dependency-version: 16.0.3
  dependency-type: direct:development
  update-type: version-update:semver-patch
...

Signed-off-by: dependabot[bot] <support@github.com>
Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com>
 2025-10-16 14:17:14 -04:00
dependabot[bot]
437bd7d88c
Bump lint-staged from 16.2.3 to 16.2.4 in /js (#43387) 
Bumps [lint-staged](https://github.com/lint-staged/lint-staged) from 16.2.3 to 16.2.4.
- [Release notes](https://github.com/lint-staged/lint-staged/releases)
- [Changelog](https://github.com/lint-staged/lint-staged/blob/main/CHANGELOG.md)
- [Commits](https://github.com/lint-staged/lint-staged/compare/v16.2.3...v16.2.4)

---
updated-dependencies:
- dependency-name: lint-staged
  dependency-version: 16.2.4
  dependency-type: direct:development
  update-type: version-update:semver-patch
...

Signed-off-by: dependabot[bot] <support@github.com>
Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com>
 2025-10-16 14:15:01 -04:00
dependabot[bot]
71f2725c6b
Bump i18next from 25.5.3 to 25.6.0 in /js (#43385) 
Bumps [i18next](https://github.com/i18next/i18next) from 25.5.3 to 25.6.0.
- [Release notes](https://github.com/i18next/i18next/releases)
- [Changelog](https://github.com/i18next/i18next/blob/master/CHANGELOG.md)
- [Commits](https://github.com/i18next/i18next/compare/v25.5.3...v25.6.0)

---
updated-dependencies:
- dependency-name: i18next
  dependency-version: 25.6.0
  dependency-type: direct:production
  update-type: version-update:semver-minor
...

Signed-off-by: dependabot[bot] <support@github.com>
Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com>
 2025-10-16 14:13:49 -04:00
dependabot[bot]
de72860273
Bump @playwright/test from 1.55.1 to 1.56.0 in /js (#43227) 
Bumps [@playwright/test](https://github.com/microsoft/playwright) from 1.55.1 to 1.56.0.
- [Release notes](https://github.com/microsoft/playwright/releases)
- [Commits](https://github.com/microsoft/playwright/compare/v1.55.1...v1.56.0)

---
updated-dependencies:
- dependency-name: "@playwright/test"
  dependency-version: 1.56.0
  dependency-type: direct:development
  update-type: version-update:semver-minor
...

Signed-off-by: dependabot[bot] <support@github.com>
Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com>
 2025-10-16 14:12:15 -04:00
dependabot[bot]
9c7167848e
Bump @eslint/js from 9.36.0 to 9.37.0 in /js (#43205) 
Bumps [@eslint/js](https://github.com/eslint/eslint/tree/HEAD/packages/js) from 9.36.0 to 9.37.0.
- [Release notes](https://github.com/eslint/eslint/releases)
- [Commits](https://github.com/eslint/eslint/commits/v9.37.0/packages/js)

---
updated-dependencies:
- dependency-name: "@eslint/js"
  dependency-version: 9.37.0
  dependency-type: direct:development
  update-type: version-update:semver-minor
...

Signed-off-by: dependabot[bot] <support@github.com>
Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com>
 2025-10-16 14:11:00 -04:00
dependabot[bot]
b119d61492 Bump vite-plugin-checker from 0.10.3 to 0.11.0 in /js 
Bumps [vite-plugin-checker](https://github.com/fi3ework/vite-plugin-checker) from 0.10.3 to 0.11.0.
- [Release notes](https://github.com/fi3ework/vite-plugin-checker/releases)
- [Commits](https://github.com/fi3ework/vite-plugin-checker/compare/vite-plugin-checker@0.10.3...vite-plugin-checker@0.11.0)

---
updated-dependencies:
- dependency-name: vite-plugin-checker
  dependency-version: 0.11.0
  dependency-type: direct:development
  update-type: version-update:semver-minor
...

Signed-off-by: dependabot[bot] <support@github.com>
 2025-10-16 13:09:20 -05:00
dependabot[bot]
acd6dd9a85
Bump chai from 6.0.1 to 6.2.0 in /js (#43012) 
Bumps [chai](https://github.com/chaijs/chai) from 6.0.1 to 6.2.0.
- [Release notes](https://github.com/chaijs/chai/releases)
- [Changelog](https://github.com/chaijs/chai/blob/main/History.md)
- [Commits](https://github.com/chaijs/chai/compare/v6.0.1...v6.2.0)

---
updated-dependencies:
- dependency-name: chai
  dependency-version: 6.2.0
  dependency-type: direct:development
  update-type: version-update:semver-minor
...

Signed-off-by: dependabot[bot] <support@github.com>
Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com>
 2025-10-16 14:08:52 -04:00
Steven Hawkins
6d93df8cad
fix: using RFC6749 for kcadm / kcreg 
closes: #43532

Signed-off-by: Steve Hawkins <shawkins@redhat.com>
 2025-10-16 16:52:51 +00:00
joeknowsdev
1f0ae82029
Export routes array from Account Console and Admin Console UI libraries 
Additionally exports the Organizations page component from the Account Console UI

Closes #43512

Signed-off-by: Joe Stanley <joe@joeknows.dev>
Co-authored-by: Joe Stanley <joe@joeknows.dev>
 2025-10-16 18:20:26 +02:00
forkimenjeckayang
354e04583a
[OID4VCI] Extend the ClientScope UI (#42858) 
Closes #43298


Signed-off-by: Jon Koops <jonkoops@gmail.com>
Signed-off-by: forkimenjeckayang <forkimenjeckayang@gmail.com>
Co-authored-by: Jon Koops <jonkoops@gmail.com>
 2025-10-16 17:43:02 +02:00
Stefan Guilhen
4985fa25c6 Add restart step provider, replacing the recurring config option 
Closes #42910

Signed-off-by: Stefan Guilhen <sguilhen@redhat.com>
 2025-10-16 11:49:14 -03:00
Martin Kanis
3f70da04f6 Final review and update for UPDATE_EMAIL documentation 
Closes #42991

Signed-off-by: Martin Kanis <mkanis@redhat.com>
 2025-10-16 09:57:23 -03:00
mposolda
a2cc51aed7 Possible overflow in brute force computation 
closes #30939

Signed-off-by: mposolda <mposolda@gmail.com>
 2025-10-16 12:36:14 +02:00
Stan Silvert
afd4d04dcf Handle options component with no value set. 
Fixes #43244

Signed-off-by: Stan Silvert <ssilvert@redhat.com>
 2025-10-15 15:17:34 -03:00
vramik
4c4a333365 Disable GroupTest#createMultiDeleteMultiReadMulti for MSSQL 
Closes #42166

Signed-off-by: vramik <vramik@redhat.com>
 2025-10-15 14:34:05 -03:00
Mikail
0f573d19bf
fix: add missing NPM metadata (#42553) 
This adds the missing `license` metadata, as well as other fields that were
only present in [js/libs/keycloak-admin-client/package.json] (author and URLs).

This is problematic for license scanners as the projects were flagged as not
having a license (e.g., https://www.npmjs.com/package/@keycloak/keycloak-ui-shared/v/26.3.3,
we can see 'License' field having the value 'none' on the page).

Other fields were also added (author and URLs) for consistency with
https://www.npmjs.com/package/@keycloak/keycloak-admin-client, however they
aren't critical.

Packages that are private (`js/themes-vendor/package.json`, `js/package.json`
and `js/apps/keycloak-server/package.json`) were also updated for consistency.

[js/libs/keycloak-admin-client/package.json]: d98c474cdc/js/libs/keycloak-admin-client/package.json (L57-L67)

Closes: #42552

Signed-off-by: Mikail Kocak <mikail.kocak@saleor.io>
 2025-10-15 08:41:59 -04:00
Steven Hawkins
43ee41e8a8
fix: refining activation condition error handling (#43197) 
closes: #43096

Signed-off-by: Steve Hawkins <shawkins@redhat.com>
 2025-10-15 11:44:39 +00:00
Alexander Schwartz
02dfb4bd8a
Remove extra flush events to increase performance 
Closes #43362

Signed-off-by: Alexander Schwartz <alexander.schwartz@ibm.com>
 2025-10-15 12:39:49 +02:00
Stian Thorgersen
4c570d925b
Update enhancement issue template (#43485) 
Signed-off-by: stianst <stianst@gmail.com>
 2025-10-15 12:16:14 +02:00
D36CHOI
94881d5dec
Chore(i18n): Add missing Korean translations (#42962) 
Adds missing properties to the messages_ko.properties file to ensure
full localization for Korean-speaking users.

Signed-off-by: d36choi <yuio1126@gmail.com>
 2025-10-15 09:57:21 +02:00
Alexander Schwartz
a3171d95b3
Importing changes in Weblate after rebase conflict 
Closes #43468

Signed-off-by: Alexander Schwartz <alexander.schwartz@gmx.net>
 2025-10-15 06:46:31 +02:00
Jon Koops
55c53d3f9f
Run account console resource tests in parralel (#43316) 
Closes #43315

Signed-off-by: Jon Koops <jonkoops@gmail.com>
 2025-10-14 13:56:34 -04:00
Jon Koops
d1fcb2ee2c
Parallelize authentication tests for the admin console (#43376) 
Closes #43375

Signed-off-by: Jon Koops <jonkoops@gmail.com>
 2025-10-14 13:54:18 -04:00
Weblate (bot)
610f7b2ffb
Translations update from Hosted Weblate (#43346) 
* Translated using Weblate (Turkish)

Translation: Keycloak/Theme base/admin
Translate-URL: https://hosted.weblate.org/projects/keycloak/theme-baseadmin/tr/

Translated using Weblate (Turkish)

Translation: Keycloak/Theme base/admin
Translate-URL: https://hosted.weblate.org/projects/keycloak/theme-baseadmin/tr/

Updated translation for Turkish

Language: tr

Updated translation for Turkish

Language: tr

Updated translation for Turkish

Language: tr

Updated translation for Turkish

Language: tr

Updated translation for Turkish

Language: tr

Updated translation for Turkish

Language: tr

Updated translation for Turkish

Language: tr

Updated translation for Turkish

Language: tr

Updated translation for Turkish

Language: tr

Added translation for Turkish

Language: tr

Added translation for Turkish

Language: tr

Co-authored-by: Alexander Schwartz <alexander.schwartz@gmx.net>
Co-authored-by: Arif EROL <arif.erol16@gmail.com>
Co-authored-by: Hosted Weblate <hosted@weblate.org>
Signed-off-by: Alexander Schwartz <alexander.schwartz@gmx.net>
Signed-off-by: Arif EROL <arif.erol16@gmail.com>
Signed-off-by: Hosted Weblate <hosted@weblate.org>

* Updated translation for French

Language: fr

Updated translation for French

Language: fr

Updated translation for French

Language: fr

Updated translation for French

Language: fr

Co-authored-by: Alexander Schwartz <alexander.schwartz@gmx.net>
Co-authored-by: Hosted Weblate <hosted@weblate.org>
Co-authored-by: Sylvain Pichon <service@spichon.fr>
Signed-off-by: Alexander Schwartz <alexander.schwartz@gmx.net>
Signed-off-by: Hosted Weblate <hosted@weblate.org>
Signed-off-by: Sylvain Pichon <service@spichon.fr>

* Updated translation for Georgian

Language: ka

Updated translation for Georgian

Language: ka

Updated translation for Georgian

Language: ka

Co-authored-by: Hosted Weblate <hosted@weblate.org>
Co-authored-by: Temuri Doghonadze <temuri.doghonadze@gmail.com>
Signed-off-by: Hosted Weblate <hosted@weblate.org>
Signed-off-by: Temuri Doghonadze <temuri.doghonadze@gmail.com>

* Updated translation for Chinese (Traditional Han script)

Language: zh_Hant

Updated translation for Chinese (Traditional Han script)

Language: zh_Hant

Co-authored-by: Alexander Schwartz <alexander.schwartz@gmx.net>
Co-authored-by: Hosted Weblate <hosted@weblate.org>
Co-authored-by: 翁震軒 <benwater12@gmail.com>
Signed-off-by: Alexander Schwartz <alexander.schwartz@gmx.net>
Signed-off-by: Hosted Weblate <hosted@weblate.org>
Signed-off-by: 翁震軒 <benwater12@gmail.com>

---------

Signed-off-by: Alexander Schwartz <alexander.schwartz@gmx.net>
Signed-off-by: Arif EROL <arif.erol16@gmail.com>
Signed-off-by: Hosted Weblate <hosted@weblate.org>
Signed-off-by: Sylvain Pichon <service@spichon.fr>
Signed-off-by: Temuri Doghonadze <temuri.doghonadze@gmail.com>
Signed-off-by: 翁震軒 <benwater12@gmail.com>
Co-authored-by: Alexander Schwartz <alexander.schwartz@gmx.net>
Co-authored-by: Arif EROL <arif.erol16@gmail.com>
Co-authored-by: Sylvain Pichon <service@spichon.fr>
Co-authored-by: Temuri Doghonadze <temuri.doghonadze@gmail.com>
Co-authored-by: 翁震軒 <benwater12@gmail.com>
 2025-10-14 19:49:54 +02:00
Alexander Schwartz
3b8bcd3f8a
Use quoted values for boolean and number values in Operator examples 
Closes #43459

Signed-off-by: Alexander Schwartz <alexander.schwartz@ibm.com>
 2025-10-14 18:53:00 +02:00
Steven Hawkins
f28e34ee79
fix: fully sanitizing mappers and changing duplicated log to trace (#42959) 
closes: #38438

Signed-off-by: Steve Hawkins <shawkins@redhat.com>
 2025-10-14 12:28:29 -04:00
Steven Hawkins
aa04ff8781
fix: adding checks around the hostname path (#43193) 
closes: #43166

Signed-off-by: Steve Hawkins <shawkins@redhat.com>
 2025-10-14 17:41:25 +02:00
Giuseppe Graziano
bda0e2a67c
Invalidate sessions created with remember me when remember me is disabled for realm 
Closes #43328

Signed-off-by: Giuseppe Graziano <g.graziano94@gmail.com>
 2025-10-14 15:00:41 +00:00
Martin Bartoš
38909da47d
[quarkus-next] DatasourcesConfigurationTest fails (#43448) 
Closes #43447

Signed-off-by: Martin Bartoš <mabartos@redhat.com>
 2025-10-14 14:50:33 +00:00
Stian Thorgersen
567a8ab93f
Cleanup changes made to JWTClientValidator after refactoring 
Closes #43429

Signed-off-by: stianst <stianst@gmail.com>
 2025-10-14 16:12:40 +02:00
Steven Hawkins
700b86fad8
fix: refining https-protocols documentation (#43420) 
closes: #43164

Signed-off-by: Steve Hawkins <shawkins@redhat.com>
 2025-10-14 08:01:08 -04:00
Stian Thorgersen
5c5905fed3
Fix SPIFFE client authentication when iss claim is included (#43428) 
Closes #43394

Signed-off-by: stianst <stianst@gmail.com>
 2025-10-14 13:20:51 +02:00
Pedro Ruivo
468c063e27
Client session may be lost during session restart 
Fixes #43349

Signed-off-by: Pedro Ruivo <1492066+pruivo@users.noreply.github.com>
Signed-off-by: Alexander Schwartz <alexander.schwartz@ibm.com>
Co-authored-by: Pedro Ruivo <1492066+pruivo@users.noreply.github.com>
Co-authored-by: Alexander Schwartz <alexander.schwartz@ibm.com>
 2025-10-14 11:01:16 +00:00
Steven Hawkins
f66359ce19
fix: updating service account docs 
closes: #17268

Signed-off-by: Steve Hawkins <shawkins@redhat.com>
Signed-off-by: Steven Hawkins <shawkins@redhat.com>
Co-authored-by: Alexander Schwartz <alexander.schwartz@gmx.net>
 2025-10-14 11:02:20 +02:00
Stian Thorgersen
33987e54ff
Fix schedule-nightly workflow (#43413) 
Signed-off-by: Stian Thorgersen <stianst@gmail.com>
Signed-off-by: Stian Thorgersen <stian@redhat.com>
 2025-10-14 10:32:25 +02:00
Václav Muzikář
28749042c7
Fix Spotless checks (#43418) 
Closes #43417

Signed-off-by: Václav Muzikář <vmuzikar@redhat.com>
 2025-10-13 20:16:27 +02:00
Peter Zaoral
f87b90339d
Stabilize PlainTextVaultProviderTest by enhancing validation logging (#42014) 
Closes: #39660

Signed-off-by: Peter Zaoral <pzaoral@redhat.com>
 2025-10-13 17:03:50 +00:00
rmartinc
248d6d1feb Upgrade xmlsec to 3.0.4 and remove KeycloakFipsSecurityProvider workaround 
Closes #43263

Signed-off-by: rmartinc <rmartinc@redhat.com>
 2025-10-13 15:38:58 +02:00
mposolda
a77c4a6ad2 Minor UI fixes on 'Keys' tab of SAML client 
closes #43304

Signed-off-by: mposolda <mposolda@gmail.com>
 2025-10-13 15:28:06 +02:00
Pedro Igor
fa581c8148 Allow passing a context to steps 
Signed-off-by: Pedro Igor <pigor.craveiro@gmail.com>
 2025-10-13 09:53:30 -03:00
Pedro Igor
5b5a83b800 Moving WorkflowsManager and WorkflowStateSpi to server-spi-private module 
Signed-off-by: Pedro Igor <pigor.craveiro@gmail.com>
 2025-10-13 09:53:30 -03:00
Stefan Guilhen
652270302d Workflows code cleanup 
Signed-off-by: Stefan Guilhen <sguilhen@redhat.com>
 2025-10-13 09:53:30 -03:00
stianst
aedd7fe5db Remove unused imports as part of #43233 
Signed-off-by: stianst <stianst@gmail.com>
 2025-10-13 13:32:01 +02:00
stianst
963682a07c Add Spotless plugin with removeUnusedImports check enabled 
Closes #43233

Signed-off-by: stianst <stianst@gmail.com>
 2025-10-13 13:32:01 +02:00
Robin Meese
ca368706cc
Update translation.md docs (#43402) 
Signed-off-by: Robin Meese <39960884+robson90@users.noreply.github.com>
 2025-10-13 13:26:23 +02:00
Alexander Schwartz
10f06e9eb7
JDBC_PING publishes its physical address on startup 
Closes #43357

Signed-off-by: Alexander Schwartz <alexander.schwartz@ibm.com>
 2025-10-13 09:53:30 +01:00
Alexander Schwartz
66b9e801c1
Mark the reading of admin and user events read-only 
This should decrease the memory usage and improve response times

Closes #43365

Signed-off-by: Alexander Schwartz <alexander.schwartz@ibm.com>
 2025-10-13 09:46:38 +02:00
Peter Zaoral
f67dd98dd4
Fix sdjwt tests: make all string-byte conversions explicit (UTF-8) (#43288) 
* this unifies behaviour prior to JDK18 on Windows platform

Closes #43264

Signed-off-by: Peter Zaoral <pepo48@gmail.com>
 2025-10-13 08:37:52 +02:00
burnedoutman
5c132b34da
The fix will separate the option description from the link in the Referrer Policy settings 
Closes #43061

Signed-off-by: burnedoutman <97279475+burnedoutman@users.noreply.github.com>
Signed-off-by: Alexander Schwartz <alexander.schwartz@ibm.com>
Co-authored-by: Alexander Schwartz <alexander.schwartz@ibm.com>
 2025-10-10 15:45:50 -04:00
vramik
815d2d14d4 Check FGAP enabled before proceeding with evaluation 
Closes #43331

Signed-off-by: vramik <vramik@redhat.com>
 2025-10-10 15:44:01 -03:00
Jon Koops
5cbba8f984
Automatically dispose of realms created by createTestBed() (#43299) 
Closes #43298

Signed-off-by: Jon Koops <jonkoops@gmail.com>
 2025-10-10 10:22:21 -04:00
Alexander Schwartz
934ac48a54
Rework formatting for release notes 
Closes #43320

Signed-off-by: Alexander Schwartz <alexander.schwartz@ibm.com>
 2025-10-10 07:42:53 -03:00
mposolda
c2e49c8c59 'Service accounts roles' should be 'Service account roles' 
closes #43087

Signed-off-by: mposolda <mposolda@gmail.com>
 2025-10-10 11:25:37 +02:00
rmartinc
a19f4d00fc Throw and catch UnsupportedOperationException to fix XPathAttributeMapperTest 
Closes #43262

Signed-off-by: rmartinc <rmartinc@redhat.com>
 2025-10-10 09:39:47 +02:00
Giuseppe Graziano
0bfb9079f2 Reject search for not allowed client attributes 
Closes #42541

Signed-off-by: Giuseppe Graziano <g.graziano94@gmail.com>
 2025-10-10 09:37:40 +02:00
Weblate (bot)
00f372fa32
Translations update from Hosted Weblate (#43150) 
* Updated translation for Portuguese (Brazil)

Language: pt_BR

Updated translation for Portuguese (Brazil)

Language: pt_BR

Updated translation for Portuguese (Brazil)

Language: pt_BR

Updated translation for Portuguese (Brazil)

Language: pt_BR

Co-authored-by: Hosted Weblate <hosted@weblate.org>
Co-authored-by: Rafael Cunha <rafael.danicunha@gmail.com>
Signed-off-by: Hosted Weblate <hosted@weblate.org>
Signed-off-by: Rafael Cunha <rafael.danicunha@gmail.com>

* Updated translation for Russian

Language: ru

Updated translation for Russian

Language: ru

Updated translation for Russian

Language: ru

Updated translation for Russian

Language: ru

Updated translation for Russian

Language: ru

Updated translation for Russian

Language: ru

Translated using Weblate (Russian)

Translation: Keycloak/Theme base/admin
Translate-URL: https://hosted.weblate.org/projects/keycloak/theme-baseadmin/ru/

Updated translation for Russian

Language: ru

Updated translation for Russian

Language: ru

Co-authored-by: Anton Petrov <petrov9810@gmail.com>
Co-authored-by: Hosted Weblate <hosted@weblate.org>
Signed-off-by: Anton Petrov <petrov9810@gmail.com>
Signed-off-by: Hosted Weblate <hosted@weblate.org>

* Updated translation for French

Language: fr

Co-authored-by: Hosted Weblate <hosted@weblate.org>
Co-authored-by: Sylvain Pichon <service@spichon.fr>
Signed-off-by: Hosted Weblate <hosted@weblate.org>
Signed-off-by: Sylvain Pichon <service@spichon.fr>

* Updated translation for Chinese (Traditional Han script)

Language: zh_Hant

Updated translation for Chinese (Traditional Han script)

Language: zh_Hant

Updated translation for Chinese (Traditional Han script)

Language: zh_Hant

Co-authored-by: Hosted Weblate <hosted@weblate.org>
Co-authored-by: 秉虎 <s96016641@gmail.com>
Co-authored-by: 翁震軒 <benwater12@gmail.com>
Signed-off-by: Hosted Weblate <hosted@weblate.org>
Signed-off-by: 秉虎 <s96016641@gmail.com>
Signed-off-by: 翁震軒 <benwater12@gmail.com>

---------

Signed-off-by: Hosted Weblate <hosted@weblate.org>
Signed-off-by: Rafael Cunha <rafael.danicunha@gmail.com>
Signed-off-by: Anton Petrov <petrov9810@gmail.com>
Signed-off-by: Sylvain Pichon <service@spichon.fr>
Signed-off-by: 秉虎 <s96016641@gmail.com>
Signed-off-by: 翁震軒 <benwater12@gmail.com>
Co-authored-by: Rafael Cunha <rafael.danicunha@gmail.com>
Co-authored-by: Anton Petrov <petrov9810@gmail.com>
Co-authored-by: Sylvain Pichon <service@spichon.fr>
Co-authored-by: 秉虎 <s96016641@gmail.com>
Co-authored-by: 翁震軒 <benwater12@gmail.com>
 2025-10-10 09:32:22 +02:00
mposolda
76d271bf00 openid-connect flow is missing response type on language change 
closes #41292

Signed-off-by: mposolda <mposolda@gmail.com>
 2025-10-10 08:38:32 +02:00
Alexander Schwartz
17fb20c58d
Prevent using JTA transaction when initializing JDBC_PING 
Closes #43335

Signed-off-by: Alexander Schwartz <alexander.schwartz@ibm.com>
 2025-10-09 23:09:36 +02:00
Pedro Ruivo
48f1978531
Update docs to include PostgreSQL SSL certificate 
Closes #43311

Signed-off-by: Pedro Ruivo <1492066+pruivo@users.noreply.github.com>
Co-authored-by: Pedro Ruivo <1492066+pruivo@users.noreply.github.com>
 2025-10-09 15:02:53 +02:00
mposolda
0100ac6d6e Security Defenses realm settings lost when switching between Headers and Brute Force Detection tabs 
closes #42676

Signed-off-by: mposolda <mposolda@gmail.com>
 2025-10-09 13:31:27 +02:00
Pedro Igor
faa0ccbb7d Automatically redirect based on login hint 
Closes #42715

Signed-off-by: Pedro Igor <pigor.craveiro@gmail.com>
 2025-10-08 14:43:32 -03:00
Alexander Schwartz
94d428d450
Adding attributes for section links so they work in upstream and downstream 
Closes #43286

Signed-off-by: Alexander Schwartz <alexander.schwartz@ibm.com>
 2025-10-08 11:37:13 -03:00
Steve Hawkins
6f36a02ffe fix: retaining user creation timestamp when importing 
closes: #43195

Signed-off-by: Steve Hawkins <shawkins@redhat.com>
 2025-10-08 11:36:29 -03:00
vramik
e4dc88de13 [FGAP] Make additional rest endpoints respect permissions 
Closes #40058

Signed-off-by: vramik <vramik@redhat.com>
 2025-10-08 08:47:22 -03:00
Thomas Darimont
85afd62452
Use correct error response for missing assertions in Signed JWT Validation 
* Ensure conformance for Signed JWT Validation (#43269)

This re-adds the explicit client assertion parameter validation to produce the correct error responses required by RFC7523.
See: https://www.rfc-editor.org/rfc/rfc7523.html#section-3.2

The refactoring for the support for Federated JWT Client authentication broke the OIDF conformance tests for https://www.rfc-editor.org/rfc/rfc7523.html.

Fixes #43269
Fixes #43270

Signed-off-by: Thomas Darimont <thomas.darimont@googlemail.com>

* Ensure conformance for Signed JWT Validation (#43269)

Add additional tests for ClientAuthSignedJWTTest.

Fixes #43269

Signed-off-by: Thomas Darimont <thomas.darimont@googlemail.com>

---------

Signed-off-by: Thomas Darimont <thomas.darimont@googlemail.com>
 2025-10-08 11:01:13 +02:00
Ryan Emerson
12ae8b7cc9
CI pipeline breaks when there are no tags for a release branch yet 
Closes #43057

Signed-off-by: Ryan Emerson <remerson@ibm.com>
 2025-10-08 09:26:58 +02:00
Steven Hawkins
817c78f0d9
fix: adds error handling for common redirect codes (#43276) 
closes: #31401

Signed-off-by: Steve Hawkins <shawkins@redhat.com>
 2025-10-08 08:55:07 +02:00
Steven Hawkins
a74c178195
fix: making picocli ansi handling match quarkus (#43268) 
closes: #42446

Signed-off-by: Steve Hawkins <shawkins@redhat.com>
 2025-10-08 08:51:09 +02:00
rmartinc
5732946388 Add ECDSA as a valid key type that should return EC public key 
Closes #42588

Signed-off-by: rmartinc <rmartinc@redhat.com>
 2025-10-07 19:41:27 +02:00
rmartinc
9f9f5ae97a Ensure events are fully filled before success is called 
Closes #42914

Signed-off-by: rmartinc <rmartinc@redhat.com>
 2025-10-07 17:06:26 +02:00
Alexander Schwartz
8d79bb082c Show if integer is required 
Closes #43202

Signed-off-by: Alexander Schwartz <alexander.schwartz@ibm.com>
 2025-10-07 12:01:17 -03:00
rmartinc
94a4e062f7 Add a debug statement when the KeycloakFipsSecurityProvider is created 
Closes #43015

Signed-off-by: rmartinc <rmartinc@redhat.com>
 2025-10-07 16:59:22 +02:00
rmartinc
4476b44482 Use UserSessionUtil.findValidSessionForAccessToken in revocation endpoint 
Closes #43218

Signed-off-by: rmartinc <rmartinc@redhat.com>
 2025-10-07 16:49:08 +02:00
Pedro Igor
54289f0130
Lowercase username and email when fetching values from LDAP object 
Closes #43254

Signed-off-by: Pedro Igor <pigor.craveiro@gmail.com>
 2025-10-07 14:14:50 +00:00
Stian Thorgersen
ab7939f33a
Add support for spiffe_refresh_hint to Spiffe Identity Provider (#43242) 
Closes #42806

Signed-off-by: stianst <stianst@gmail.com>
 2025-10-07 14:00:46 +02:00
rmartinc
9546fca45e Convert the wizard to create client in progressive to validate every step 
Closes #42971

Signed-off-by: rmartinc <rmartinc@redhat.com>

lala
 2025-10-07 13:01:00 +02:00
Martin Kanis
a493213ad4
Hide read-only email attribute in update profile context with update … …email enabled (#43024) 
* Hide read-only email attribute in update profile context with update email enabled

Closes #42990

Signed-off-by: Martin Kanis <mkanis@redhat.com>

* Simplifying conditions when checking read/write on email attribute and more tests

Signed-off-by: Pedro Igor <pigor.craveiro@gmail.com>

---------

Signed-off-by: Martin Kanis <mkanis@redhat.com>
Signed-off-by: Pedro Igor <pigor.craveiro@gmail.com>
Co-authored-by: Pedro Igor <pigor.craveiro@gmail.com>
 2025-10-07 12:52:55 +02:00
sashyo
8dd7437e90
feat(timer-provider): expose scheduled tasks and start time (#43107) 
update to return task name and taskcontext and using keycloak time over instant



fix naming

Signed-off-by: Sasha Le <iamsasha.le@gmail.com>
 2025-10-07 07:56:38 +00:00
Steven Hawkins
7bfc33fd5f
fix: auto-defaulting log console color (#42669) 
closes: #42445

Signed-off-by: Steve Hawkins <shawkins@redhat.com>
Co-authored-by: Martin Bartoš <mabartos@redhat.com>
 2025-10-06 17:14:30 +00:00
Lukas Hanusovsky
abcc5d418f
Move ConcurrentLoginTest.java to the new testsuite (#43090) 
Part of: #34494

Signed-off-by: Lukas Hanusovsky <lhanusov@redhat.com>
 2025-10-06 15:00:19 +00:00
Šimon Vacek
ae7c2d29e8
[Test Framework] Ability to run Keycloak test server with HTTPS (#42616) 
* Ability to run Keycloak test server with HTTPS

Closes: #34486

Signed-off-by: Simon Vacek <simonvacky@email.cz>

# Conflicts:
#	test-framework/core/src/main/java/org/keycloak/testframework/CoreTestFrameworkExtension.java
#	test-framework/core/src/main/java/org/keycloak/testframework/server/KeycloakServerConfigBuilder.java

# Conflicts:
#	test-framework/core/src/main/java/org/keycloak/testframework/CoreTestFrameworkExtension.java

* PR review fixes

Signed-off-by: Simon Vacek <simonvacky@email.cz>

* Split keystore into truststore and keystore

Signed-off-by: Simon Vacek <simonvacky@email.cz>

---------

Signed-off-by: Simon Vacek <simonvacky@email.cz>
 2025-10-06 12:56:51 +02:00
dependabot[bot]
54e8c87860 Bump snyk/actions 
Bumps [snyk/actions](https://github.com/snyk/actions) from e2221410bff24446ba09102212d8bc75a567237d to de2dda699bf7276d103ed6a72a5bc5a1871ad658.
- [Release notes](https://github.com/snyk/actions/releases)
- [Commits](e2221410bf...de2dda699b)

---
updated-dependencies:
- dependency-name: snyk/actions
  dependency-version: de2dda699bf7276d103ed6a72a5bc5a1871ad658
  dependency-type: direct:production
...

Signed-off-by: dependabot[bot] <support@github.com>
 2025-10-03 17:45:58 -03:00
dependabot[bot]
a37887e557 Bump @types/node from 24.6.1 to 24.6.2 in /js 
Bumps [@types/node](https://github.com/DefinitelyTyped/DefinitelyTyped/tree/HEAD/types/node) from 24.6.1 to 24.6.2.
- [Release notes](https://github.com/DefinitelyTyped/DefinitelyTyped/releases)
- [Commits](https://github.com/DefinitelyTyped/DefinitelyTyped/commits/HEAD/types/node)

---
updated-dependencies:
- dependency-name: "@types/node"
  dependency-version: 24.6.2
  dependency-type: direct:development
  update-type: version-update:semver-patch
...

Signed-off-by: dependabot[bot] <support@github.com>
 2025-10-03 17:45:20 -03:00
dependabot[bot]
0698a4f20b Bump github/codeql-action from 3.30.5 to 3.30.6 
Bumps [github/codeql-action](https://github.com/github/codeql-action) from 3.30.5 to 3.30.6.
- [Release notes](https://github.com/github/codeql-action/releases)
- [Changelog](https://github.com/github/codeql-action/blob/main/CHANGELOG.md)
- [Commits](3599b3baa1...64d10c1313)

---
updated-dependencies:
- dependency-name: github/codeql-action
  dependency-version: 3.30.6
  dependency-type: direct:production
  update-type: version-update:semver-patch
...

Signed-off-by: dependabot[bot] <support@github.com>
 2025-10-03 17:23:39 -03:00
Pedro Igor
4f55b9b6bd
Filter invalid resources and scopes when processing entries from the cache 
Closes #42907

Signed-off-by: Pedro Igor <pigor.craveiro@gmail.com>
 2025-10-03 19:25:57 +02:00
Lukas Hanusovsky
64ffb3a83f
[Test Migration] New testsuites: Clusterless, Multisite, VolatileSessions, migrated test: SessionTest 
Closes #35391
Closes #35393
Closes #42619

Signed-off-by: Lukas Hanusovsky <lhanusov@redhat.com>
 2025-10-03 19:23:15 +02:00
Stian Thorgersen
3de1613251
Remove sync labels workflow as the bot is now doing this (#43178) 
Signed-off-by: stianst <stianst@gmail.com>
 2025-10-03 07:34:03 +02:00
Ryan Emerson
5cb0562fd2
Prevent users configuring max-count=-1 for caches with a default upper-bound 
Closes #33146

Signed-off-by: Ryan Emerson <remerson@ibm.com>
 2025-10-02 19:58:28 +00:00
Pedro Ruivo
4f24f93b85
Restarting an user session broken for persistent sessions 
Fixes #43161

Signed-off-by: Pedro Ruivo <1492066+pruivo@users.noreply.github.com>
Co-authored-by: Pedro Ruivo <1492066+pruivo@users.noreply.github.com>
 2025-10-02 21:29:04 +02:00
Václav Muzikář
f7803ae041
Update minikube (#43069) 
Closes #43075

Signed-off-by: Václav Muzikář <vmuzikar@redhat.com>
 2025-10-02 14:46:34 -03:00
dependabot[bot]
908f9d8ffb Bump vite from 7.1.6 to 7.1.7 in /js 
Bumps [vite](https://github.com/vitejs/vite/tree/HEAD/packages/vite) from 7.1.6 to 7.1.7.
- [Release notes](https://github.com/vitejs/vite/releases)
- [Changelog](https://github.com/vitejs/vite/blob/main/packages/vite/CHANGELOG.md)
- [Commits](https://github.com/vitejs/vite/commits/v7.1.7/packages/vite)

---
updated-dependencies:
- dependency-name: vite
  dependency-version: 7.1.7
  dependency-type: direct:development
  update-type: version-update:semver-patch
...

Signed-off-by: dependabot[bot] <support@github.com>
 2025-10-02 10:28:52 -03:00
dependabot[bot]
3c03ef3735 Bump @eslint/js from 9.35.0 to 9.36.0 in /js 
Bumps [@eslint/js](https://github.com/eslint/eslint/tree/HEAD/packages/js) from 9.35.0 to 9.36.0.
- [Release notes](https://github.com/eslint/eslint/releases)
- [Changelog](https://github.com/eslint/eslint/blob/main/CHANGELOG.md)
- [Commits](https://github.com/eslint/eslint/commits/v9.36.0/packages/js)

---
updated-dependencies:
- dependency-name: "@eslint/js"
  dependency-version: 9.36.0
  dependency-type: direct:development
  update-type: version-update:semver-minor
...

Signed-off-by: dependabot[bot] <support@github.com>
 2025-10-02 10:27:28 -03:00
dependabot[bot]
e1bd894787 Bump eslint-plugin-react-hooks from 5.2.0 to 6.1.0 in /js 
Bumps [eslint-plugin-react-hooks](https://github.com/facebook/react/tree/HEAD/packages/eslint-plugin-react-hooks) from 5.2.0 to 6.1.0.
- [Release notes](https://github.com/facebook/react/releases)
- [Changelog](https://github.com/facebook/react/blob/main/packages/eslint-plugin-react-hooks/CHANGELOG.md)
- [Commits](https://github.com/facebook/react/commits/HEAD/packages/eslint-plugin-react-hooks)

---
updated-dependencies:
- dependency-name: eslint-plugin-react-hooks
  dependency-version: 6.1.0
  dependency-type: direct:development
  update-type: version-update:semver-major
...

Signed-off-by: dependabot[bot] <support@github.com>
 2025-10-02 10:25:48 -03:00
Pedro Igor
37577cde14 Make sure the component state is updated when invoking sync on user storage providers 
Make sure periodic tasks are cancelled if the provider is disabled or import users is disabled

Closes #42470

Signed-off-by: Pedro Igor <pigor.craveiro@gmail.com>
 2025-10-02 10:22:50 -03:00
dependabot[bot]
ea6eb43023 Bump docker/login-action from 3.5.0 to 3.6.0 
Bumps [docker/login-action](https://github.com/docker/login-action) from 3.5.0 to 3.6.0.
- [Release notes](https://github.com/docker/login-action/releases)
- [Commits](184bdaa072...5e57cd1181)

---
updated-dependencies:
- dependency-name: docker/login-action
  dependency-version: 3.6.0
  dependency-type: direct:production
  update-type: version-update:semver-minor
...

Signed-off-by: dependabot[bot] <support@github.com>
 2025-10-02 07:06:03 -03:00
Pedro Ruivo
c1f108297e
Update Grafana dashboard version 
Closes #43148

Signed-off-by: Pedro Ruivo <1492066+pruivo@users.noreply.github.com>
Co-authored-by: Pedro Ruivo <1492066+pruivo@users.noreply.github.com>
 2025-10-02 10:18:35 +02:00
Martin Bartoš
70a9a600de
ExternalLinksTest is broken due to missing path parameters 
Closes #43082

Signed-off-by: Martin Bartoš <mabartos@redhat.com>
Signed-off-by: Alexander Schwartz <alexander.schwartz@ibm.com>
Co-authored-by: Alexander Schwartz <alexander.schwartz@ibm.com>
 2025-10-02 10:15:58 +02:00
dependabot[bot]
c8f037385a
Bump @testing-library/jest-dom from 6.9.0 to 6.9.1 in /js (#43140) 
Bumps [@testing-library/jest-dom](https://github.com/testing-library/jest-dom) from 6.9.0 to 6.9.1.
- [Release notes](https://github.com/testing-library/jest-dom/releases)
- [Changelog](https://github.com/testing-library/jest-dom/blob/main/CHANGELOG.md)
- [Commits](https://github.com/testing-library/jest-dom/compare/v6.9.0...v6.9.1)

---
updated-dependencies:
- dependency-name: "@testing-library/jest-dom"
  dependency-version: 6.9.1
  dependency-type: direct:development
  update-type: version-update:semver-patch
...

Signed-off-by: dependabot[bot] <support@github.com>
Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com>
 2025-10-02 08:20:05 +02:00
dependabot[bot]
f4fa37e1a5
Bump mocha from 11.7.3 to 11.7.4 in /js (#43141) 
Bumps [mocha](https://github.com/mochajs/mocha) from 11.7.3 to 11.7.4.
- [Release notes](https://github.com/mochajs/mocha/releases)
- [Changelog](https://github.com/mochajs/mocha/blob/main/CHANGELOG.md)
- [Commits](https://github.com/mochajs/mocha/compare/v11.7.3...v11.7.4)

---
updated-dependencies:
- dependency-name: mocha
  dependency-version: 11.7.4
  dependency-type: direct:development
  update-type: version-update:semver-patch
...

Signed-off-by: dependabot[bot] <support@github.com>
Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com>
 2025-10-02 08:19:56 +02:00
dependabot[bot]
0bf34d3d65
Bump i18next from 25.5.2 to 25.5.3 in /js (#43142) 
Bumps [i18next](https://github.com/i18next/i18next) from 25.5.2 to 25.5.3.
- [Release notes](https://github.com/i18next/i18next/releases)
- [Changelog](https://github.com/i18next/i18next/blob/master/CHANGELOG.md)
- [Commits](https://github.com/i18next/i18next/compare/v25.5.2...v25.5.3)

---
updated-dependencies:
- dependency-name: i18next
  dependency-version: 25.5.3
  dependency-type: direct:production
  update-type: version-update:semver-patch
...

Signed-off-by: dependabot[bot] <support@github.com>
Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com>
 2025-10-02 08:18:51 +02:00
dependabot[bot]
45ffef5c96 Bump github/codeql-action from 3.30.3 to 3.30.5 
Bumps [github/codeql-action](https://github.com/github/codeql-action) from 3.30.3 to 3.30.5.
- [Release notes](https://github.com/github/codeql-action/releases)
- [Changelog](https://github.com/github/codeql-action/blob/main/CHANGELOG.md)
- [Commits](192325c861...3599b3baa1)

---
updated-dependencies:
- dependency-name: github/codeql-action
  dependency-version: 3.30.5
  dependency-type: direct:production
  update-type: version-update:semver-patch
...

Signed-off-by: dependabot[bot] <support@github.com>
 2025-10-01 16:11:00 -03:00
dependabot[bot]
f951cf7798 Bump lint-staged from 16.2.0 to 16.2.3 in /js 
Bumps [lint-staged](https://github.com/lint-staged/lint-staged) from 16.2.0 to 16.2.3.
- [Release notes](https://github.com/lint-staged/lint-staged/releases)
- [Changelog](https://github.com/lint-staged/lint-staged/blob/main/CHANGELOG.md)
- [Commits](https://github.com/lint-staged/lint-staged/compare/v16.2.0...v16.2.3)

---
updated-dependencies:
- dependency-name: lint-staged
  dependency-version: 16.2.3
  dependency-type: direct:development
  update-type: version-update:semver-patch
...

Signed-off-by: dependabot[bot] <support@github.com>
 2025-10-01 16:10:36 -03:00
dependabot[bot]
a9556f0325 Bump react-i18next from 15.7.3 to 16.0.0 in /js 
Bumps [react-i18next](https://github.com/i18next/react-i18next) from 15.7.3 to 16.0.0.
- [Changelog](https://github.com/i18next/react-i18next/blob/master/CHANGELOG.md)
- [Commits](https://github.com/i18next/react-i18next/compare/v15.7.3...v16.0.0)

---
updated-dependencies:
- dependency-name: react-i18next
  dependency-version: 16.0.0
  dependency-type: direct:production
  update-type: version-update:semver-major
...

Signed-off-by: dependabot[bot] <support@github.com>
 2025-10-01 16:10:09 -03:00
dependabot[bot]
43e97ac4c9 Bump cross-env from 10.0.0 to 10.1.0 in /js 
Bumps [cross-env](https://github.com/kentcdodds/cross-env) from 10.0.0 to 10.1.0.
- [Release notes](https://github.com/kentcdodds/cross-env/releases)
- [Changelog](https://github.com/kentcdodds/cross-env/blob/main/CHANGELOG.md)
- [Commits](https://github.com/kentcdodds/cross-env/compare/v10.0.0...v10.1.0)

---
updated-dependencies:
- dependency-name: cross-env
  dependency-version: 10.1.0
  dependency-type: direct:development
  update-type: version-update:semver-minor
...

Signed-off-by: dependabot[bot] <support@github.com>
 2025-10-01 16:09:16 -03:00
dependabot[bot]
055477a076 Bump @testing-library/jest-dom from 6.8.0 to 6.9.0 in /js 
Bumps [@testing-library/jest-dom](https://github.com/testing-library/jest-dom) from 6.8.0 to 6.9.0.
- [Release notes](https://github.com/testing-library/jest-dom/releases)
- [Changelog](https://github.com/testing-library/jest-dom/blob/main/CHANGELOG.md)
- [Commits](https://github.com/testing-library/jest-dom/compare/v6.8.0...v6.9.0)

---
updated-dependencies:
- dependency-name: "@testing-library/jest-dom"
  dependency-version: 6.9.0
  dependency-type: direct:development
  update-type: version-update:semver-minor
...

Signed-off-by: dependabot[bot] <support@github.com>
 2025-10-01 16:08:55 -03:00
dependabot[bot]
038c59d728 Bump mocha from 11.7.2 to 11.7.3 in /js 
Bumps [mocha](https://github.com/mochajs/mocha) from 11.7.2 to 11.7.3.
- [Release notes](https://github.com/mochajs/mocha/releases)
- [Changelog](https://github.com/mochajs/mocha/blob/main/CHANGELOG.md)
- [Commits](https://github.com/mochajs/mocha/compare/v11.7.2...v11.7.3)

---
updated-dependencies:
- dependency-name: mocha
  dependency-version: 11.7.3
  dependency-type: direct:development
  update-type: version-update:semver-patch
...

Signed-off-by: dependabot[bot] <support@github.com>
 2025-10-01 16:08:37 -03:00
dependabot[bot]
b4dfdc94c2 Bump @types/node from 24.5.2 to 24.6.1 in /js 
Bumps [@types/node](https://github.com/DefinitelyTyped/DefinitelyTyped/tree/HEAD/types/node) from 24.5.2 to 24.6.1.
- [Release notes](https://github.com/DefinitelyTyped/DefinitelyTyped/releases)
- [Commits](https://github.com/DefinitelyTyped/DefinitelyTyped/commits/HEAD/types/node)

---
updated-dependencies:
- dependency-name: "@types/node"
  dependency-version: 24.6.1
  dependency-type: direct:development
  update-type: version-update:semver-minor
...

Signed-off-by: dependabot[bot] <support@github.com>
 2025-10-01 16:08:13 -03:00
Weblate (bot)
95916e0a04
Translations update from Hosted Weblate (#43004) 
* Updated translation for German

Language: de

Updated translation for German

Language: de

Updated translation for German

Language: de

Co-authored-by: Alexander Schwartz <alexander.schwartz@gmx.net>
Co-authored-by: Gustav Reiz <gustav.reiz@elementlogic.se>
Co-authored-by: Hosted Weblate <hosted@weblate.org>
Signed-off-by: Alexander Schwartz <alexander.schwartz@gmx.net>
Signed-off-by: Gustav Reiz <gustav.reiz@elementlogic.se>
Signed-off-by: Hosted Weblate <hosted@weblate.org>

* Translated using Weblate (Romanian)

Translation: Keycloak/Theme base/admin
Translate-URL: https://hosted.weblate.org/projects/keycloak/theme-baseadmin/ro/

Updated translation for Romanian

Language: ro

Updated translation for Romanian

Language: ro

Updated translation for Romanian

Language: ro

Updated translation for Romanian

Language: ro

Translated using Weblate (Romanian)

Translation: Keycloak/Theme base/admin
Translate-URL: https://hosted.weblate.org/projects/keycloak/theme-baseadmin/ro/

Updated translation for Romanian

Language: ro

Updated translation for Romanian

Language: ro

Updated translation for Romanian

Language: ro

Updated translation for Romanian

Language: ro

Updated translation for Romanian

Language: ro

Updated translation for Romanian

Language: ro

Co-authored-by: Hosted Weblate <hosted@weblate.org>
Co-authored-by: Liviu Roman <contact@liviuroman.com>
Signed-off-by: Hosted Weblate <hosted@weblate.org>
Signed-off-by: Liviu Roman <contact@liviuroman.com>

* Updated translation for Catalan

Language: ca

Co-authored-by: Ecron <ecron_89@hotmail.com>
Co-authored-by: Hosted Weblate <hosted@weblate.org>
Signed-off-by: Ecron <ecron_89@hotmail.com>
Signed-off-by: Hosted Weblate <hosted@weblate.org>

* Updated translation for Dutch

Language: nl

Co-authored-by: Erik Jan de Wit <edewit@redhat.com>
Co-authored-by: Hosted Weblate <hosted@weblate.org>
Signed-off-by: Erik Jan de Wit <edewit@redhat.com>
Signed-off-by: Hosted Weblate <hosted@weblate.org>

* Updated translation for French

Language: fr

Updated translation for French

Language: fr

Updated translation for French

Language: fr

Updated translation for French

Language: fr

Co-authored-by: Hosted Weblate <hosted@weblate.org>
Co-authored-by: Sylvain Pichon <service@spichon.fr>
Signed-off-by: Hosted Weblate <hosted@weblate.org>
Signed-off-by: Sylvain Pichon <service@spichon.fr>

* Updated translation for Slovenian

Language: sl

Updated translation for Slovenian

Language: sl

Updated translation for Slovenian

Language: sl

Updated translation for Slovenian

Language: sl

Co-authored-by: David Karlaš <david.karlas@gmail.com>
Co-authored-by: Garvin <garment5620@users.noreply.hosted.weblate.org>
Co-authored-by: Hosted Weblate <hosted@weblate.org>
Signed-off-by: David Karlaš <david.karlas@gmail.com>
Signed-off-by: Garvin <garment5620@users.noreply.hosted.weblate.org>
Signed-off-by: Hosted Weblate <hosted@weblate.org>

* Updated translation for Chinese (Traditional Han script)

Language: zh_Hant

Updated translation for Chinese (Traditional Han script)

Language: zh_Hant

Updated translation for Chinese (Traditional Han script)

Language: zh_Hant

Updated translation for Chinese (Traditional Han script)

Language: zh_Hant

Co-authored-by: Hosted Weblate <hosted@weblate.org>
Co-authored-by: 秉虎 <s96016641@gmail.com>
Signed-off-by: Hosted Weblate <hosted@weblate.org>
Signed-off-by: 秉虎 <s96016641@gmail.com>

---------

Signed-off-by: Alexander Schwartz <alexander.schwartz@gmx.net>
Signed-off-by: Gustav Reiz <gustav.reiz@elementlogic.se>
Signed-off-by: Hosted Weblate <hosted@weblate.org>
Signed-off-by: Liviu Roman <contact@liviuroman.com>
Signed-off-by: Ecron <ecron_89@hotmail.com>
Signed-off-by: Erik Jan de Wit <edewit@redhat.com>
Signed-off-by: Sylvain Pichon <service@spichon.fr>
Signed-off-by: David Karlaš <david.karlas@gmail.com>
Signed-off-by: Garvin <garment5620@users.noreply.hosted.weblate.org>
Signed-off-by: 秉虎 <s96016641@gmail.com>
Co-authored-by: Alexander Schwartz <alexander.schwartz@gmx.net>
Co-authored-by: Gustav Reiz <gustav.reiz@elementlogic.se>
Co-authored-by: Liviu Roman <contact@liviuroman.com>
Co-authored-by: Ecron <ecron_89@hotmail.com>
Co-authored-by: Erik Jan de Wit <edewit@redhat.com>
Co-authored-by: Sylvain Pichon <service@spichon.fr>
Co-authored-by: David Karlaš <david.karlas@gmail.com>
Co-authored-by: Garvin <garment5620@users.noreply.hosted.weblate.org>
Co-authored-by: 秉虎 <s96016641@gmail.com>
 2025-10-01 16:49:38 +02:00
Erasure5959
3d9eb434b8
Disable Secure Client-Initiated Renegotiation by default 
The parameter  -Djdk.tls.rejectClientInitiatedRenegotiation=true disables Secure Client-Initiated Renegotiation in Keycloak to resolve a potential DoS vulnerability. Note this is applicable only to TLS 1.2.

Closes #43020

Signed-off-by: Erasure5959 <154384607+Erasure5959@users.noreply.github.com>
Signed-off-by: Alexander Schwartz <alexander.schwartz@ibm.com>
Co-authored-by: Alexander Schwartz <alexander.schwartz@ibm.com>
 2025-10-01 14:35:29 +00:00
Stian Thorgersen
1b789f1703
Sync kind/* labels from issue types automatically 
Closes #43111

Signed-off-by: stianst <stianst@gmail.com>
 2025-10-01 14:28:21 +02:00
Alexander Schwartz
f80c2b4db9
Make API endpoint linkable in REST documentation 
Closes #42835

Signed-off-by: Alexander Schwartz <alexander.schwartz@ibm.com>
 2025-10-01 10:37:27 +02:00
Alexander Schwartz
a81584fc63
Fix question marks when deleting groups (#43081) 
Closes #43080

Signed-off-by: Alexander Schwartz <alexander.schwartz@ibm.com>
 2025-10-01 10:07:53 +02:00
Alexander Schwartz
6b615650ec
Moving section to the correct place 
Closes #43104

Signed-off-by: Alexander Schwartz <alexander.schwartz@ibm.com>
 2025-10-01 09:53:04 +02:00
Stian Thorgersen
346b1821c3
Add type to issue templates (#43051) 
Signed-off-by: stianst <stianst@gmail.com>
 2025-10-01 07:11:14 +02:00
vramik
03052e79b9 Fix scope interference 
Closes #40965

Signed-off-by: vramik <vramik@redhat.com>
 2025-09-30 09:20:22 -03:00
Martin Kanis
6e89bd72a9 Update email page with pending verification email messages prefilled with old email 
Closes #43070

Signed-off-by: Martin Kanis <mkanis@redhat.com>
 2025-09-30 09:19:33 -03:00
Václav Muzikář
367fbdb78f
Remove a link to Docker web from the docs 
Closes #43072

Signed-off-by: Václav Muzikář <vmuzikar@redhat.com>
 2025-09-30 11:35:15 +00:00
rmartinc
e256513ceb Do not remove sid claim when the session is transient only for the client 
Closes #42565

Signed-off-by: rmartinc <rmartinc@redhat.com>
 2025-09-30 12:08:43 +02:00
Thomas Darimont
8780bc22b4
Fix NPE in FederatedJWTClientAuthenticator (#43042) (#43043) 
Add additional null guard before the check for supported assertation types.

Fixes #43042

Signed-off-by: Thomas Darimont <thomas.darimont@googlemail.com>
 2025-09-30 10:31:33 +02:00
Stian Thorgersen
9dd6876901
Fix javadocs missing antlr dependency (#43055) 
Signed-off-by: stianst <stianst@gmail.com>
 2025-09-30 09:29:49 +02:00
Alexander Schwartz
37c808bd11
Reorder the release notes (#43026) 
* Reorder the release notes

Closes #42994

Signed-off-by: Alexander Schwartz <alexander.schwartz@ibm.com>

* Update docs/documentation/release_notes/topics/26_4_0.adoc

Co-authored-by: Stian Thorgersen <stian@redhat.com>
Signed-off-by: Alexander Schwartz <alexander.schwartz@gmx.net>

* Update docs/documentation/release_notes/topics/26_4_0.adoc

Co-authored-by: Stian Thorgersen <stian@redhat.com>
Signed-off-by: Alexander Schwartz <alexander.schwartz@gmx.net>

* Review

Signed-off-by: Alexander Schwartz <alexander.schwartz@ibm.com>

* Review

Signed-off-by: Alexander Schwartz <alexander.schwartz@ibm.com>

* Review

Signed-off-by: Alexander Schwartz <alexander.schwartz@ibm.com>

* Review

Signed-off-by: Alexander Schwartz <alexander.schwartz@ibm.com>

* Review

Signed-off-by: Alexander Schwartz <alexander.schwartz@ibm.com>

* Review

Signed-off-by: Alexander Schwartz <alexander.schwartz@ibm.com>

---------

Signed-off-by: Alexander Schwartz <alexander.schwartz@ibm.com>
Signed-off-by: Alexander Schwartz <alexander.schwartz@gmx.net>
Co-authored-by: Stian Thorgersen <stian@redhat.com>
 2025-09-30 06:47:55 +00:00
Pedro Igor
a3db07a8f5
Re-adding max age setting to the update email action (#43036) 
Closes #43035

Signed-off-by: Pedro Igor <pigor.craveiro@gmail.com>
 2025-09-30 05:31:23 +02:00
Stefan Guilhen
7f29c9bb88 Improve workflow logging messages 
- every execution gets its own id that can be used to track all activities related to that particular workflow execution

Closes #42952

Signed-off-by: Stefan Guilhen <sguilhen@redhat.com>
 2025-09-29 23:10:21 -03:00
Alexander Schwartz
7bcf08fa31
Adding AWS reference to the documentation 
Closes #43032

Signed-off-by: Alexander Schwartz <alexander.schwartz@ibm.com>
 2025-09-29 22:28:53 +02:00
Vít Zikmund
896f147075
docs: Use BASH TCP redirect for HEALTHCHECK (#38131) 
* docs: Use BASH TCP redirect for HEALTHCHECK

Add a BASH script to perform an in-container healtcheck.

For the curious, here's how this works:

1. For the code within braces, a TCP connection is made to the keycloak's management port and a successful connection is redirected in the read-write fashion to the descriptor 0 (stdin).
   - When bash fails to connect (TCP RST), it ends up with an error right away.
   - When the connection is hanging (no reply till TCP retry timeout, usually about 1 minute), it just hangs, virtually being a subject to the HEALTHCHECK's timeout (which should be definitely smaller than the usual TCP retry timeout).
2. Then a simple hand-crafted HTTP HEAD request is sent to the socket using printf. This is supposed to always succeed, unless the send buffer of the socket is set ridiculously small on the target OS. In the other case it will just hang again, not being able to push all the bytes through, until that eventually happens or times out.
3. Next, the eventual response is being checked with grep to be the successful one. Only at this time it's return code (and the final) is 0.
   - When no response comes, it's hanging forever and is subject to timeout.
   - When a 503 response comes, grep doesn't match anything and returns 1.

Closes: #38126

Signed-off-by: Vit Zikmund <vit.zikmund@themama.ai>

* expanding bash healthcheck for scenarios that enable http health checks

Signed-off-by: Steve Hawkins <shawkins@redhat.com>

* Update docs/guides/observability/health.adoc

Co-authored-by: Alexander Schwartz <alexander.schwartz@gmx.net>
Signed-off-by: Steven Hawkins <shawkins@redhat.com>

* Update docs/guides/observability/health.adoc

Co-authored-by: Alexander Schwartz <alexander.schwartz@gmx.net>
Signed-off-by: Steven Hawkins <shawkins@redhat.com>

* Update docs/guides/observability/health.adoc

Signed-off-by: Steven Hawkins <shawkins@redhat.com>

---------

Signed-off-by: Vit Zikmund <vit.zikmund@themama.ai>
Signed-off-by: Steve Hawkins <shawkins@redhat.com>
Signed-off-by: Steven Hawkins <shawkins@redhat.com>
Co-authored-by: Steve Hawkins <shawkins@redhat.com>
Co-authored-by: Alexander Schwartz <alexander.schwartz@gmx.net>
 2025-09-29 18:04:02 +02:00
Pedro Igor
d6da849206 Introducing a EMAL_PENDING user attribute to set the email pending verification 
Signed-off-by: Pedro Igor <pigor.craveiro@gmail.com>
 2025-09-29 12:41:41 -03:00
Martin Kanis
88eea73cdc Introduce pending email verification message for UPDATE_EMAIL 
Closes #42770

Signed-off-by: Martin Kanis <mkanis@redhat.com>
 2025-09-29 12:41:41 -03:00
Pedro Ruivo
53007546ad
Deprecate AuthenticatedClientSessionModel timestamp 
Closes #42815

Signed-off-by: Pedro Ruivo <1492066+pruivo@users.noreply.github.com>
Signed-off-by: Alexander Schwartz <alexander.schwartz@ibm.com>
Co-authored-by: Pedro Ruivo <1492066+pruivo@users.noreply.github.com>
Co-authored-by: Alexander Schwartz <alexander.schwartz@ibm.com>
 2025-09-29 14:16:39 +00:00
Martin Kanis
0baeff171a
Username containing a '#' is truncated in Admin Console when hiding inherited roles (#42950) 
Closes #42949

Signed-off-by: Martin Kanis <mkanis@redhat.com>
 2025-09-29 07:51:36 -04:00
rmartinc
a44758d4ae Upgrade bc-fips testing and documentation to 2.1.2 
Closes #42958

Signed-off-by: rmartinc <rmartinc@redhat.com>
 2025-09-29 09:04:43 +02:00
Takashi Norimatsu
1649f8c847
Follow-up: FAPI 2.0 Message Signing final version support - updating the link to the final spec 
closes #42499

Signed-off-by: Takashi Norimatsu <takashi.norimatsu.ws@hitachi.com>
 2025-09-29 08:52:27 +02:00
Stian Thorgersen
dbd516f8e6
Refactor SimpleHttp to make it injectable and usable outside server (#42936) 
Closes #42902

Signed-off-by: stianst <stianst@gmail.com>
 2025-09-29 08:37:05 +02:00
Václav Muzikář
97ab82e483
Mark Azure SQL as supported (#42985) 
Closes #42743

Signed-off-by: Václav Muzikář <vmuzikar@redhat.com>
 2025-09-29 08:31:08 +02:00
Martin Bartoš
f53e5ebdac
[Docs] Additional datasources support (#42655) 
* [Docs] Additional datasources support

Closes #40388

Closes #42263

Co-authored-by: Václav Muzikář <vaclav@muzikari.cz>
Signed-off-by: Martin Bartoš <mabartos@redhat.com>

* Rename namedKey to wildcardKey in the code

Signed-off-by: Martin Bartoš <mabartos@redhat.com>

* Clarify the defaults for DB kind

Signed-off-by: Martin Bartoš <mabartos@redhat.com>

* Be more clear about the Named key reference in guide

Signed-off-by: Martin Bartoš <mabartos@redhat.com>

* Vasek's review

Signed-off-by: Martin Bartoš <mabartos@redhat.com>

---------

Signed-off-by: Martin Bartoš <mabartos@redhat.com>
Co-authored-by: Václav Muzikář <vaclav@muzikari.cz>
 2025-09-27 08:45:12 +00:00
Pedro Igor
6e851ce80e Only filter default organization related scopes based on dynamic scope format 
Closes #42877

Signed-off-by: Pedro Igor <pigor.craveiro@gmail.com>
 2025-09-26 16:28:12 -03:00
Stan Silvert
b68284f6c1 Fix deletion messages for workflows. 
Signed-off-by: Stan Silvert <ssilvert@redhat.com>
 2025-09-26 16:09:45 -03:00
Stan Silvert
f39735da06 Initial impl of workflows in admin UI 
Closes #42834

Signed-off-by: Stan Silvert <ssilvert@redhat.com>
 2025-09-26 14:55:46 -03:00
Stefan Guilhen
ab7daf7fac Add validation to workflow update so that only changes to the name and enabled flag are allowed for now 
Closes #42916

Signed-off-by: Stefan Guilhen <sguilhen@redhat.com>
 2025-09-26 14:51:05 -03:00
Václav Muzikář
b65a60e40d
Support for EDB 17 (#42341) 
Closes #42742
Closes #42293

Signed-off-by: Václav Muzikář <vmuzikar@redhat.com>
 2025-09-26 16:04:47 +02:00
Pedro Ruivo
746a8211ff
Update documentation to prefer CacheCR in multi-site 
Closes #42980

Signed-off-by: Pedro Ruivo <1492066+pruivo@users.noreply.github.com>
Signed-off-by: Alexander Schwartz <alexander.schwartz@ibm.com>
Co-authored-by: Pedro Ruivo <1492066+pruivo@users.noreply.github.com>
Co-authored-by: Alexander Schwartz <alexander.schwartz@ibm.com>
 2025-09-26 11:06:28 +00:00
Stefan Guilhen
7e28d13e76 Add workflow condition that uses boolean expressions to combine and negate conditions 
Closes #42583

Signed-off-by: Stefan Guilhen <sguilhen@redhat.com>
 2025-09-26 07:52:12 -03:00
Weblate (bot)
eca9246afc
Translations update from Hosted Weblate (#42773) 
* Updated translation for Portuguese (Brazil)

Language: pt_BR

Updated translation for Portuguese (Brazil)

Language: pt_BR

Updated translation for Portuguese (Brazil)

Language: pt_BR

Updated translation for Portuguese (Brazil)

Language: pt_BR

Co-authored-by: Felipe Zorzo <felipe.b.zorzo@gmail.com>
Co-authored-by: Hosted Weblate <hosted@weblate.org>
Signed-off-by: Felipe Zorzo <felipe.b.zorzo@gmail.com>
Signed-off-by: Hosted Weblate <hosted@weblate.org>

* Updated translation for German

Language: de

Co-authored-by: Alexander Schwartz <alexander.schwartz@gmx.net>
Co-authored-by: Hosted Weblate <hosted@weblate.org>
Signed-off-by: Alexander Schwartz <alexander.schwartz@gmx.net>
Signed-off-by: Hosted Weblate <hosted@weblate.org>

* Translated using Weblate (Romanian)

Translation: Keycloak/Theme base/admin
Translate-URL: https://hosted.weblate.org/projects/keycloak/theme-baseadmin/ro/

Updated translation for Romanian

Language: ro

Updated translation for Romanian

Language: ro

Updated translation for Romanian

Language: ro

Co-authored-by: Hosted Weblate <hosted@weblate.org>
Co-authored-by: Liviu Roman <contact@liviuroman.com>
Signed-off-by: Hosted Weblate <hosted@weblate.org>
Signed-off-by: Liviu Roman <contact@liviuroman.com>

* Updated translation for Catalan

Language: ca

Updated translation for Catalan

Language: ca

Updated translation for Catalan

Language: ca

Co-authored-by: Ecron <ecron_89@hotmail.com>
Co-authored-by: Hosted Weblate <hosted@weblate.org>
Co-authored-by: Jordi Mallach <jordi@mallach.net>
Signed-off-by: Ecron <ecron_89@hotmail.com>
Signed-off-by: Hosted Weblate <hosted@weblate.org>
Signed-off-by: Jordi Mallach <jordi@mallach.net>

* Translated using Weblate (Italian)

Translation: Keycloak/Theme base/admin
Translate-URL: https://hosted.weblate.org/projects/keycloak/theme-baseadmin/it/

Updated translation for Italian

Language: it

Updated translation for Italian

Language: it

Updated translation for Italian

Language: it

Updated translation for Italian

Language: it

Updated translation for Italian

Language: it

Translated using Weblate (Italian)

Translation: Keycloak/Theme base/admin
Translate-URL: https://hosted.weblate.org/projects/keycloak/theme-baseadmin/it/

Updated translation for Italian

Language: it

Updated translation for Italian

Language: it

Co-authored-by: Alexander Schwartz <alexander.schwartz@gmx.net>
Co-authored-by: EdoardoTona <tona.edoardo@gmail.com>
Co-authored-by: Hosted Weblate <hosted@weblate.org>
Signed-off-by: Alexander Schwartz <alexander.schwartz@gmx.net>
Signed-off-by: EdoardoTona <tona.edoardo@gmail.com>
Signed-off-by: Hosted Weblate <hosted@weblate.org>

* Updated translation for French

Language: fr

Updated translation for French

Language: fr

Updated translation for French

Language: fr

Updated translation for French

Language: fr

Updated translation for French

Language: fr

Updated translation for French

Language: fr

Updated translation for French

Language: fr

Updated translation for French

Language: fr

Updated translation for French

Language: fr

Co-authored-by: Alexander Schwartz <alexander.schwartz@gmx.net>
Co-authored-by: Hosted Weblate <hosted@weblate.org>
Co-authored-by: Sylvain Pichon <service@spichon.fr>
Signed-off-by: Alexander Schwartz <alexander.schwartz@gmx.net>
Signed-off-by: Hosted Weblate <hosted@weblate.org>
Signed-off-by: Sylvain Pichon <service@spichon.fr>

* Updated translation for Slovenian

Language: sl

Co-authored-by: Hosted Weblate <hosted@weblate.org>
Co-authored-by: Matej <mmulej@gmail.com>
Signed-off-by: Hosted Weblate <hosted@weblate.org>
Signed-off-by: Matej <mmulej@gmail.com>

* Updated translation for Chinese (Traditional Han script)

Language: zh_Hant

Updated translation for Chinese (Traditional Han script)

Language: zh_Hant

Updated translation for Chinese (Traditional Han script)

Language: zh_Hant

Updated translation for Chinese (Traditional Han script)

Language: zh_Hant

Update translation files

Updated by "Remove blank strings" hook in Weblate.

Updated translation for Chinese (Traditional Han script)

Language: zh_Hant

Updated translation for Chinese (Traditional Han script)

Language: zh_Hant

Updated translation for Chinese (Traditional Han script)

Language: zh_Hant

Updated translation for Chinese (Traditional Han script)

Language: zh_Hant

Updated translation for Chinese (Traditional Han script)

Language: zh_Hant

Updated translation for Chinese (Traditional Han script)

Language: zh_Hant

Updated translation for Chinese (Traditional Han script)

Language: zh_Hant

Updated translation for Chinese (Traditional Han script)

Language: zh_Hant

Updated translation for Chinese (Traditional Han script)

Language: zh_Hant

Updated translation for Chinese (Traditional Han script)

Language: zh_Hant

Updated translation for Chinese (Traditional Han script)

Language: zh_Hant

Updated translation for Chinese (Traditional Han script)

Language: zh_Hant

Updated translation for Chinese (Traditional Han script)

Language: zh_Hant

Updated translation for Chinese (Traditional Han script)

Language: zh_Hant

Updated translation for Chinese (Traditional Han script)

Language: zh_Hant

Updated translation for Chinese (Traditional Han script)

Language: zh_Hant

Co-authored-by: Hosted Weblate <hosted@weblate.org>
Co-authored-by: 秉虎 <s96016641@gmail.com>
Co-authored-by: 翁震軒 <benwater12@gmail.com>
Signed-off-by: Hosted Weblate <hosted@weblate.org>
Signed-off-by: 秉虎 <s96016641@gmail.com>
Signed-off-by: 翁震軒 <benwater12@gmail.com>

* Updated translation for Greek

Language: el

Updated translation for Greek

Language: el

Updated translation for Greek

Language: el

Updated translation for Greek

Language: el

Co-authored-by: Alexander Schwartz <alexander.schwartz@gmx.net>
Co-authored-by: Hosted Weblate <hosted@weblate.org>
Signed-off-by: Alexander Schwartz <alexander.schwartz@gmx.net>
Signed-off-by: Hosted Weblate <hosted@weblate.org>

---------

Signed-off-by: Felipe Zorzo <felipe.b.zorzo@gmail.com>
Signed-off-by: Hosted Weblate <hosted@weblate.org>
Signed-off-by: Alexander Schwartz <alexander.schwartz@gmx.net>
Signed-off-by: Liviu Roman <contact@liviuroman.com>
Signed-off-by: Ecron <ecron_89@hotmail.com>
Signed-off-by: Jordi Mallach <jordi@mallach.net>
Signed-off-by: EdoardoTona <tona.edoardo@gmail.com>
Signed-off-by: Sylvain Pichon <service@spichon.fr>
Signed-off-by: Matej <mmulej@gmail.com>
Signed-off-by: 秉虎 <s96016641@gmail.com>
Signed-off-by: 翁震軒 <benwater12@gmail.com>
Co-authored-by: Felipe Zorzo <felipe.b.zorzo@gmail.com>
Co-authored-by: Alexander Schwartz <alexander.schwartz@gmx.net>
Co-authored-by: Liviu Roman <contact@liviuroman.com>
Co-authored-by: Ecron <ecron_89@hotmail.com>
Co-authored-by: Jordi Mallach <jordi@mallach.net>
Co-authored-by: EdoardoTona <tona.edoardo@gmail.com>
Co-authored-by: Sylvain Pichon <service@spichon.fr>
Co-authored-by: Matej <mmulej@gmail.com>
Co-authored-by: 秉虎 <s96016641@gmail.com>
Co-authored-by: 翁震軒 <benwater12@gmail.com>
 2025-09-26 10:34:19 +02:00
dependabot[bot]
d96e01abf8 Bump @types/node from 24.3.1 to 24.5.2 in /js 
Bumps [@types/node](https://github.com/DefinitelyTyped/DefinitelyTyped/tree/HEAD/types/node) from 24.3.1 to 24.5.2.
- [Release notes](https://github.com/DefinitelyTyped/DefinitelyTyped/releases)
- [Commits](https://github.com/DefinitelyTyped/DefinitelyTyped/commits/HEAD/types/node)

---
updated-dependencies:
- dependency-name: "@types/node"
  dependency-version: 24.5.2
  dependency-type: direct:development
  update-type: version-update:semver-minor
...

Signed-off-by: dependabot[bot] <support@github.com>
 2025-09-25 14:37:42 -03:00
vramik
80453bdbfb Allow defining steps in a workflow that can run immediate or scheduled 
Closes #42888

Signed-off-by: vramik <vramik@redhat.com>
 2025-09-25 14:37:22 -03:00
dependabot[bot]
27796c5dce Bump @eslint/compat from 1.3.2 to 1.4.0 in /js 
Bumps [@eslint/compat](https://github.com/eslint/rewrite/tree/HEAD/packages/compat) from 1.3.2 to 1.4.0.
- [Release notes](https://github.com/eslint/rewrite/releases)
- [Changelog](https://github.com/eslint/rewrite/blob/main/packages/compat/CHANGELOG.md)
- [Commits](https://github.com/eslint/rewrite/commits/compat-v1.4.0/packages/compat)

---
updated-dependencies:
- dependency-name: "@eslint/compat"
  dependency-version: 1.4.0
  dependency-type: direct:development
  update-type: version-update:semver-minor
...

Signed-off-by: dependabot[bot] <support@github.com>
 2025-09-25 14:37:13 -03:00
dependabot[bot]
2ae84362ab Bump actions/cache from 4.2.4 to 4.3.0 
Bumps [actions/cache](https://github.com/actions/cache) from 4.2.4 to 4.3.0.
- [Release notes](https://github.com/actions/cache/releases)
- [Changelog](https://github.com/actions/cache/blob/main/RELEASES.md)
- [Commits](0400d5f644...0057852bfa)

---
updated-dependencies:
- dependency-name: actions/cache
  dependency-version: 4.3.0
  dependency-type: direct:production
  update-type: version-update:semver-minor
...

Signed-off-by: dependabot[bot] <support@github.com>
 2025-09-25 13:54:50 -03:00
dependabot[bot]
e0e5afc8be Bump @playwright/test from 1.55.0 to 1.55.1 in /js 
Bumps [@playwright/test](https://github.com/microsoft/playwright) from 1.55.0 to 1.55.1.
- [Release notes](https://github.com/microsoft/playwright/releases)
- [Commits](https://github.com/microsoft/playwright/compare/v1.55.0...v1.55.1)

---
updated-dependencies:
- dependency-name: "@playwright/test"
  dependency-version: 1.55.1
  dependency-type: direct:development
  update-type: version-update:semver-patch
...

Signed-off-by: dependabot[bot] <support@github.com>
 2025-09-25 13:54:30 -03:00
dependabot[bot]
56728a6979 Bump react-hook-form from 7.62.0 to 7.63.0 in /js 
Bumps [react-hook-form](https://github.com/react-hook-form/react-hook-form) from 7.62.0 to 7.63.0.
- [Release notes](https://github.com/react-hook-form/react-hook-form/releases)
- [Changelog](https://github.com/react-hook-form/react-hook-form/blob/master/CHANGELOG.md)
- [Commits](https://github.com/react-hook-form/react-hook-form/compare/v7.62.0...v7.63.0)

---
updated-dependencies:
- dependency-name: react-hook-form
  dependency-version: 7.63.0
  dependency-type: direct:production
  update-type: version-update:semver-minor
...

Signed-off-by: dependabot[bot] <support@github.com>
 2025-09-25 13:51:47 -03:00
dependabot[bot]
4566a8252d Bump lint-staged from 16.1.6 to 16.2.0 in /js 
Bumps [lint-staged](https://github.com/lint-staged/lint-staged) from 16.1.6 to 16.2.0.
- [Release notes](https://github.com/lint-staged/lint-staged/releases)
- [Changelog](https://github.com/lint-staged/lint-staged/blob/main/CHANGELOG.md)
- [Commits](https://github.com/lint-staged/lint-staged/compare/v16.1.6...v16.2.0)

---
updated-dependencies:
- dependency-name: lint-staged
  dependency-version: 16.2.0
  dependency-type: direct:development
  update-type: version-update:semver-minor
...

Signed-off-by: dependabot[bot] <support@github.com>
 2025-09-25 13:03:34 -03:00
dependabot[bot]
0d9004f1b9 Bump @noble/hashes from 2.0.0 to 2.0.1 in /js 
Bumps [@noble/hashes](https://github.com/paulmillr/noble-hashes) from 2.0.0 to 2.0.1.
- [Release notes](https://github.com/paulmillr/noble-hashes/releases)
- [Commits](https://github.com/paulmillr/noble-hashes/compare/2.0.0...2.0.1)

---
updated-dependencies:
- dependency-name: "@noble/hashes"
  dependency-version: 2.0.1
  dependency-type: direct:production
  update-type: version-update:semver-patch
...

Signed-off-by: dependabot[bot] <support@github.com>
 2025-09-25 13:03:14 -03:00
dependabot[bot]
7dca8f8946 Bump rollup from 4.50.2 to 4.52.2 in /js 
Bumps [rollup](https://github.com/rollup/rollup) from 4.50.2 to 4.52.2.
- [Release notes](https://github.com/rollup/rollup/releases)
- [Changelog](https://github.com/rollup/rollup/blob/master/CHANGELOG.md)
- [Commits](https://github.com/rollup/rollup/compare/v4.50.2...v4.52.2)

---
updated-dependencies:
- dependency-name: rollup
  dependency-version: 4.52.2
  dependency-type: direct:development
  update-type: version-update:semver-minor
...

Signed-off-by: dependabot[bot] <support@github.com>
 2025-09-25 13:02:13 -03:00
dependabot[bot]
936c602362 Bump eslint from 9.35.0 to 9.36.0 in /js 
Bumps [eslint](https://github.com/eslint/eslint) from 9.35.0 to 9.36.0.
- [Release notes](https://github.com/eslint/eslint/releases)
- [Changelog](https://github.com/eslint/eslint/blob/main/CHANGELOG.md)
- [Commits](https://github.com/eslint/eslint/compare/v9.35.0...v9.36.0)

---
updated-dependencies:
- dependency-name: eslint
  dependency-version: 9.36.0
  dependency-type: direct:development
  update-type: version-update:semver-minor
...

Signed-off-by: dependabot[bot] <support@github.com>
 2025-09-25 12:55:48 -03:00
Martin Bartoš
e511e6c538
Use JDK 25 Temurin in GHA CI (#42857) 
Closes #42955

Signed-off-by: Martin Bartoš <mabartos@redhat.com>
 2025-09-25 17:49:29 +02:00
Martin Bartoš
1e240c110a
Upgrade to Quarkus 3.27 LTS (#42954) 
Closes #42203

Signed-off-by: Martin Bartoš <mabartos@redhat.com>
 2025-09-25 17:42:12 +02:00
forkimenjeckayang
29bee21683
[OID4VCI] Fix authorization_details generation and credential identifier mapping for conformance tests (#42819) 
Closes: #42818

Signed-off-by: forkimenjeckayang <forkimenjeckayang@gmail.com>
 2025-09-25 13:56:30 +02:00
Pedro Ruivo
56c1823082
Document Caffeine cache metrics 
Closes #42705

Signed-off-by: Pedro Ruivo <1492066+pruivo@users.noreply.github.com>
Co-authored-by: Pedro Ruivo <1492066+pruivo@users.noreply.github.com>
 2025-09-25 12:55:31 +02:00
Sebastian Łaskawiec
a1c66829db
Kubernetes Signed JWT Authenticator UI (#42853) 
* Kubernetes Signed JWT Authenticator UI

Signed-off-by: Sebastian Łaskawiec <sebastian.laskawiec@defenseunicorns.com>

* Test and lint fix

Signed-off-by: Sebastian Łaskawiec <sebastian.laskawiec@defenseunicorns.com>

* Optimized imports

Signed-off-by: Sebastian Łaskawiec <sebastian.laskawiec@defenseunicorns.com>

---------

Signed-off-by: Sebastian Łaskawiec <sebastian.laskawiec@defenseunicorns.com>
 2025-09-25 12:15:00 +02:00
rmartinc
83994c4a5c Enable validate signature for SAML IdP to true when there are signing keys in the IdP metadata 
Closes #42213

Signed-off-by: rmartinc <rmartinc@redhat.com>
 2025-09-25 10:17:13 +02:00
Vinod Anandan
f001b9dde1 Trigger Build. 
Signed-off-by: Vinod Anandan <vinod@owasp.org>
 2025-09-25 10:14:15 +02:00
Pedro Igor
05a8dc006b
Do not skip dedicated client mapper when validating dynamic scopes in authorization or token requests 
Closes #42142
Closes #42208

Signed-off-by: Pedro Igor <pigor.craveiro@gmail.com>
 2025-09-25 08:43:56 +02:00
Alexander Schwartz
a84d243d47
Avoid invalidating the realm when managing client initial access 
Closes #42922

Signed-off-by: Alexander Schwartz <alexander.schwartz@gmx.net>
 2025-09-24 21:31:32 +02:00
mposolda
bb34b80174 Update javadoc of java admin-client for Keycloak 26.4 
closes #42468

Signed-off-by: mposolda <mposolda@gmail.com>
 2025-09-24 20:49:23 +02:00
mposolda
389314a65e Typo in the latest documentation 
closes #42918

Signed-off-by: mposolda <mposolda@gmail.com>
 2025-09-24 17:23:52 +02:00
rmartinc
1d28c0cd35 Expose system-info information in the serverinfo endpoint only for users in the admin realm 
Closes #42828

Signed-off-by: rmartinc <rmartinc@redhat.com>
 2025-09-24 17:21:57 +02:00
vramik
cfec364b17 Add validation of workflow steps also when adding single step to workflow 
Closes #42833

Signed-off-by: vramik <vramik@redhat.com>
 2025-09-24 12:03:05 -03:00
Ruslan Sheremet
5cefc497fd
User session in LOGIN event (#42866) 
closes #42867 

Signed-off-by: Ruslan Sheremet <toor.ua@gmail.com>
 2025-09-24 16:30:51 +02:00
Martin Bartoš
5acec7d5fc
[PERF] InitClusterStartupTime debug messages (#42908) 
Closes #42880

Signed-off-by: Martin Bartoš <mabartos@redhat.com>
 2025-09-24 16:04:03 +02:00
Steven Hawkins
87a6a3d445
perf: using resourceAsStream rather than zip (#42884) 
closes: #42882

Signed-off-by: Steve Hawkins <shawkins@redhat.com>
 2025-09-24 09:22:37 -04:00
Pedro Igor
73ee2cb3e2 Update upgrade guide about changes in how the parameter is propagated to OPs 
Closes #42139

Signed-off-by: Pedro Igor <pigor.craveiro@gmail.com>
 2025-09-24 09:03:04 -03:00
Stian Thorgersen
9655cecf8e
Add tests to check if SPIFFE is available on login and account (#42895) 
Closes #42894

Signed-off-by: stianst <stianst@gmail.com>
 2025-09-24 11:22:15 +02:00
Alexander Schwartz
4389bc2990
Fix duplicate label when using password history 
Closes #42736

Signed-off-by: Alexander Schwartz <alexander.schwartz@gmx.net>
 2025-09-24 11:21:59 +02:00
Alexander Schwartz
b95cb0c276
Adding explicit anchor for downstream docs 
Closes #42868

Signed-off-by: Alexander Schwartz <alexander.schwartz@ibm.com>
 2025-09-24 11:21:08 +02:00
Robin Meese
e0d35e7589
Add Greek translators and admin-ui properties file 
Closes: #42862

Signed-off-by: Robin Meese <39960884+robson90@users.noreply.github.com>
 2025-09-24 10:26:02 +02:00
Sunckist
5634a17cfd
Add missing Swedish translations for login theme 
Resolves #42756

Signed-off-by: Magnus Lejonlid <magnus.lejonlid@visionite.se>
Co-authored-by: Magnus Lejonlid <magnus.lejonlid@visionite.se>
 2025-09-24 10:03:26 +02:00
Marek Posolda
e09ce9e18d
Documentation update for DPoP (#42865) 
closes #42728


Signed-off-by: mposolda <mposolda@gmail.com>
Signed-off-by: Marek Posolda <mposolda@gmail.com>
Co-authored-by: andymunro <48995441+andymunro@users.noreply.github.com>
 2025-09-24 10:00:23 +02:00
Lukas Hanusovsky
33c6e07c08 Move ClientScopeEvaluateTest.java to the new testsuite 
Part of: #34494

Signed-off-by: Lukas Hanusovsky <lhanusov@redhat.com>
 2025-09-24 09:48:06 +02:00
Lukas Hanusovsky
1088731e4f Moving files to the new test suite 
Signed-off-by: Lukas Hanusovsky <lhanusov@redhat.com>
 2025-09-24 09:48:06 +02:00
Pedro Igor
1948e5baf3 Prevent empty usernames and allow restarting the login 
Closes #42837
Closes #42409

Signed-off-by: Pedro Igor <pigor.craveiro@gmail.com>
 2025-09-24 04:07:03 -03:00
Pedro Igor
41b64c91aa Do not update email if there is no email from the IdP 
Closes #42390

Signed-off-by: Pedro Igor <pigor.craveiro@gmail.com>
 2025-09-24 04:05:05 -03:00
Pedro Igor
fe8fce859d Improve the Workflow JSON schema 
Closes #42697

Signed-off-by: Pedro Igor <pigor.craveiro@gmail.com>
 2025-09-24 04:04:44 -03:00
Pedro Igor
54d2451b35 Make user read-only and a proper error message when the user federation provider is not available 
Signed-off-by: Pedro Igor <pigor.craveiro@gmail.com>
 2025-09-24 04:03:13 -03:00
Pedro Igor
d65c17ebc7 Do not fail when querying user federation providers and log messages to indicate the problem 
Closes #42276

Signed-off-by: Pedro Igor <pigor.craveiro@gmail.com>
 2025-09-24 04:03:13 -03:00
Giuseppe Graziano
e4114e6c74 Promote DPoP feature to supported by default 
Closes #42032

Signed-off-by: Giuseppe Graziano <g.graziano94@gmail.com>
 2025-09-24 08:26:09 +02:00
Peter Skopek
14e4e1aed2
Enable branding without code changes (#34246) 
closes #34244

Signed-off-by: Peter Skopek <pskopek@redhat.com>
 2025-09-24 07:25:40 +02:00
rmartinc
c05b84a0d2 Ignore external links to https://www.npmjs.com/package 
Closes #42856

Signed-off-by: rmartinc <rmartinc@redhat.com>
 2025-09-23 12:36:46 +02:00
Alexander Schwartz
5c7482c541
Fixed WebAuthn spelling in message resources 
Closes #42786

Signed-off-by: Alexander Schwartz <alexander.schwartz@gmx.net>
 2025-09-23 07:33:29 -03:00
Alexander Schwartz
a9ed355bfc
Adding missing time column to index 
Closes #42792

Signed-off-by: Alexander Schwartz <aschwart@redhat.com>
 2025-09-23 07:33:08 -03:00
vramik
23043b40b4 Fix reset-password scope documentation and upgrading guide 
Closes #42790

Signed-off-by: vramik <vramik@redhat.com>
 2025-09-23 07:31:35 -03:00
Ryan Emerson
93ede306f5
Refine high-availability guide wording 
Closes #42869

Signed-off-by: Ryan Emerson <remerson@ibm.com>
Signed-off-by: Alexander Schwartz <alexander.schwartz@ibm.com>
Co-authored-by: Alexander Schwartz <alexander.schwartz@ibm.com>
 2025-09-23 10:14:49 +00:00
Lukas Hanusovsky
d478162401
Old Testsuite - admin package cleanup, abstract classes refactor. (#42656) 
Signed-off-by: Lukas Hanusovsky <lhanusov@redhat.com>
 2025-09-23 11:45:50 +02:00
Jon Koops
0610c5bce8
Fail Rollup build on unresolved imports 
Closes #42850

Signed-off-by: Jon Koops <jonkoops@gmail.com>
 2025-09-23 07:52:38 +00:00
Stefan Wiedemann
83cfd4a3e2
[OID4VCI] filter for asymmetric keys (#42758) 
Closes #42755

Signed-off-by: Stefan Wiedemann <wistefan@googlemail.com>
 2025-09-23 09:37:25 +02:00
Stian Thorgersen
d301ace334
Update teams.yml (#42854) 
Signed-off-by: Stian Thorgersen <stianst@gmail.com>
 2025-09-23 09:23:52 +02:00
Alexander Schwartz
35fc28882f
Renaming new package name for SHA256 
Closes #42765

Signed-off-by: Alexander Schwartz <alexander.schwartz@ibm.com>
 2025-09-23 08:40:18 +02:00
Giuseppe Graziano
bb9c9ac1e3 Dpop binding only for refresh token 
Closes #26277

Signed-off-by: Giuseppe Graziano <g.graziano94@gmail.com>
 2025-09-23 08:10:29 +02:00
Martin Kanis
a718c988af The new email is mandatory error for update profile action with enabled update email 
Closes #42737

Signed-off-by: Martin Kanis <mkanis@redhat.com>
 2025-09-22 22:18:28 -03:00
Stian Thorgersen
f72482bfd2
Experimental Kube service accounts identity provider 
Closes #37600

Signed-off-by: stianst <stianst@gmail.com>
Signed-off-by: Ryan Emerson <remerson@ibm.com>
Co-authored-by: Ryan Emerson <remerson@ibm.com>
 2025-09-23 00:11:24 +02:00
Steven Hawkins
e789e3213f
fix: limiting what fields are hashed to identify compatible update jobs (#42623) 
closes: #41014

Signed-off-by: Steve Hawkins <shawkins@redhat.com>
 2025-09-22 19:03:06 +02:00
rmartinc
2015e08e38 Move DPoP option to the capability section in the admin UI 
Closes #42746

Signed-off-by: rmartinc <rmartinc@redhat.com>
 2025-09-22 17:27:48 +02:00
rmartinc
f560ea8f29 Allow EdDSA keys in JWTClientCredentialsProvider 
Closes #42751

Signed-off-by: rmartinc <rmartinc@redhat.com>
 2025-09-22 13:53:19 +02:00
Šimon Vacek
d57be09f1d
Fix problem with CredentialRequest#setFormat() (#42820) 
* fix main branch

fixes: #42622

Signed-off-by: Simon Vacek <simonvacky@email.cz>

* remove CredentialRequest#setFormat() from tests

Signed-off-by: Simon Vacek <simonvacky@email.cz>

---------

Signed-off-by: Simon Vacek <simonvacky@email.cz>
 2025-09-22 13:23:56 +02:00
forkimenjeckayang
8ad6427123
[OID4VC]: Update authorization_details for OID4VCI draft-16 compliance (#42622) 
Closes #41586

Signed-off-by: forkimenjeckayang <forkimenjeckayang@gmail.com>
 2025-09-22 10:19:24 +02:00
Awambeng Rodrick
f6627f99b2 chore(oid4vc): Remove format parameter from CredentialRequest 
Closes #42677

Signed-off-by: Awambeng Rodrick <awambengrodrick@gmail.com>
 2025-09-22 10:14:56 +02:00
mposolda
201ea6d19c Missing switch 'ID Token as detached signature' in the admin console client settings 
closes #42769

Signed-off-by: mposolda <mposolda@gmail.com>
 2025-09-22 09:42:26 +02:00
rmartinc
6ae2c4ae30 Place EdECUtilsImpl.java in the normal source folder 
Closes #42716

Signed-off-by: rmartinc <rmartinc@redhat.com>
 2025-09-22 08:08:19 +02:00
mposolda
45fa5edbbb Possibility to enforce authorization code binding to DPoP 
closes #42740

Signed-off-by: mposolda <mposolda@gmail.com>
 2025-09-20 10:22:32 +02:00
Pedro Ruivo
47f85631f3
Automatically create external caches for MULTI_SITE deployments 
Closes #32129

Signed-off-by: Pedro Ruivo <1492066+pruivo@users.noreply.github.com>
Co-authored-by: Pedro Ruivo <1492066+pruivo@users.noreply.github.com>
 2025-09-19 18:56:38 +02:00
dependabot[bot]
b859c2a6f0 Bump vite from 7.1.5 to 7.1.6 in /js 
Bumps [vite](https://github.com/vitejs/vite/tree/HEAD/packages/vite) from 7.1.5 to 7.1.6.
- [Release notes](https://github.com/vitejs/vite/releases)
- [Changelog](https://github.com/vitejs/vite/blob/main/packages/vite/CHANGELOG.md)
- [Commits](https://github.com/vitejs/vite/commits/v7.1.6/packages/vite)

---
updated-dependencies:
- dependency-name: vite
  dependency-version: 7.1.6
  dependency-type: direct:development
  update-type: version-update:semver-patch
...

Signed-off-by: dependabot[bot] <support@github.com>
 2025-09-19 12:37:17 -03:00
Ryan Emerson
bda79de605
Update docs to reflect that Operator ClusterRoleBinding contains hardcoded namespace 
- Added missing labels to Operator roles

Closes #42678

Signed-off-by: Ryan Emerson <remerson@ibm.com>
 2025-09-19 17:27:26 +02:00
Pedro Ruivo
f9ec39bc5f
Update tested load numbers 
Closes #42757

Signed-off-by: Pedro Ruivo <1492066+pruivo@users.noreply.github.com>
Signed-off-by: Pedro Ruivo <pruivo@users.noreply.github.com>
Signed-off-by: Alexander Schwartz <aschwart@redhat.com>
Co-authored-by: Pedro Ruivo <1492066+pruivo@users.noreply.github.com>
Co-authored-by: Alexander Schwartz <alexander.schwartz@gmx.net>
Co-authored-by: Alexander Schwartz <aschwart@redhat.com>
 2025-09-19 15:42:17 +02:00
dependabot[bot]
2789d62e3a Bump github/codeql-action from 3.30.0 to 3.30.3 
Bumps [github/codeql-action](https://github.com/github/codeql-action) from 3.30.0 to 3.30.3.
- [Release notes](https://github.com/github/codeql-action/releases)
- [Changelog](https://github.com/github/codeql-action/blob/main/CHANGELOG.md)
- [Commits](https://github.com/github/codeql-action/compare/v3.30.0...192325c86100d080feab897ff886c34abd4c83a3)

---
updated-dependencies:
- dependency-name: github/codeql-action
  dependency-version: 3.30.3
  dependency-type: direct:production
  update-type: version-update:semver-patch
...

Signed-off-by: dependabot[bot] <support@github.com>
 2025-09-19 08:32:32 -03:00
stianst
fb83a8ba09 Documentation for federated client authentication 
Closes #42721

Signed-off-by: stianst <stianst@gmail.com>
 2025-09-19 11:54:03 +01:00
Pedro Ruivo
4ccf7407ed
Lazy load client sessions 
Closes #42628

Signed-off-by: Pedro Ruivo <1492066+pruivo@users.noreply.github.com>
Co-authored-by: Pedro Ruivo <1492066+pruivo@users.noreply.github.com>
 2025-09-19 10:45:11 +00:00
Ayke Halder
0635bb68eb
Allow target attribute for anchor tags in html-sanitizer 
* Allow target attribute for anchor tags in html-sanitizer

Signed-off-by: Ayke Halder <rr-it@users.noreply.github.com>
Signed-off-by: Alexander Schwartz <aschwart@redhat.com>
Co-authored-by: Alexander Schwartz <aschwart@redhat.com>
 2025-09-19 09:53:11 +00:00
Stian Thorgersen
3841fea16d
Promote CLIENT_AUTH_FEDERATED and SPIFFE features to preview (#42753) 
Closes #42722

Signed-off-by: stianst <stianst@gmail.com>
Co-authored-by: Ryan Emerson <remerson@ibm.com>
 2025-09-19 09:46:37 +00:00
Alexander Schwartz
ff04897d06
Fixing the build 
Closes #42752

Signed-off-by: Alexander Schwartz <aschwart@redhat.com>
 2025-09-19 08:22:11 +00:00
forkimenjeckayang
f3bd3dcd2e
[OID4VCI] Extend realm UI configuration by OID4VCI attributes (#41757) 
* Extend realm UI configuration by OID4VCI attributes

Closes #39533

Signed-off-by: forkimenjeckayang <forkimenjeckayang@gmail.com>

* update: adjust tests in oid4vci-attributes.spec.ts based on feature availability

Signed-off-by: forkimenjeckayang <forkimenjeckayang@gmail.com>

* update: directly check OID4VCI feature from server info in tests before running

Signed-off-by: forkimenjeckayang <forkimenjeckayang@gmail.com>

* update: address comment(s) by @IngridPuppet

Signed-off-by: forkimenjeckayang <forkimenjeckayang@gmail.com>

* update: skip tests when oid4vci feature is not enabled

Signed-off-by: forkimenjeckayang <forkimenjeckayang@gmail.com>

* update: move oid4vc realm attributes setting to token tab

Signed-off-by: forkimenjeckayang <forkimenjeckayang@gmail.com>

* update: refactor tokens tab and restructure oid4vci attributes tests

Signed-off-by: forkimenjeckayang <forkimenjeckayang@gmail.com>

* update: apply review comments by @jonkoops

Signed-off-by: forkimenjeckayang <forkimenjeckayang@gmail.com>

* update: refactored tests to use createTestBed()

Signed-off-by: forkimenjeckayang <forkimenjeckayang@gmail.com>

* update: apply changes by @jonkoops

Signed-off-by: forkimenjeckayang <forkimenjeckayang@gmail.com>

* update: address review comments

Signed-off-by: forkimenjeckayang <forkimenjeckayang@gmail.com>

* update: change test format

Signed-off-by: forkimenjeckayang <forkimenjeckayang@gmail.com>

* update: enable oid4vc feature in worfklows

Signed-off-by: forkimenjeckayang <forkimenjeckayang@gmail.com>

* Update .github/workflows/stability-js-ci.yml

Co-authored-by: Jon Koops <jonkoops@gmail.com>
Signed-off-by: forkimenjeckayang <104195313+forkimenjeckayang@users.noreply.github.com>

* fix: included required fields in tokens.ts as fix for CI tests

Signed-off-by: forkimenjeckayang <forkimenjeckayang@gmail.com>

* update: address more review comments

Signed-off-by: forkimenjeckayang <forkimenjeckayang@gmail.com>

---------

Signed-off-by: forkimenjeckayang <forkimenjeckayang@gmail.com>
Signed-off-by: forkimenjeckayang <104195313+forkimenjeckayang@users.noreply.github.com>
Co-authored-by: Jon Koops <jonkoops@gmail.com>
 2025-09-18 13:30:34 -04:00
dependabot[bot]
1abddbf64c
Bump @vitejs/plugin-react-swc from 4.0.1 to 4.1.0 in /js (#42713) 
Bumps [@vitejs/plugin-react-swc](https://github.com/vitejs/vite-plugin-react/tree/HEAD/packages/plugin-react-swc) from 4.0.1 to 4.1.0.
- [Release notes](https://github.com/vitejs/vite-plugin-react/releases)
- [Changelog](https://github.com/vitejs/vite-plugin-react/blob/main/packages/plugin-react-swc/CHANGELOG.md)
- [Commits](https://github.com/vitejs/vite-plugin-react/commits/v4.1.0/packages/plugin-react-swc)

---
updated-dependencies:
- dependency-name: "@vitejs/plugin-react-swc"
  dependency-version: 4.1.0
  dependency-type: direct:development
  update-type: version-update:semver-minor
...

Signed-off-by: dependabot[bot] <support@github.com>
Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com>
 2025-09-18 13:20:02 -04:00
Steven Hawkins
327e9a9207
fix: adding supported database versions (#42562) 
closes: #42294

Signed-off-by: Steve Hawkins <shawkins@redhat.com>
 2025-09-18 17:34:20 +02:00
Martin Kanis
7ae9ebb467 [RLM] Allow adding and removing actions to existing policies 
Closes #42384

Signed-off-by: Martin Kanis <mkanis@redhat.com>
 2025-09-18 12:13:13 -03:00
Vlasta Ramik
44b4235b50
Validation for immediate workflows 
Closes #42382

Signed-off-by: vramik <vramik@redhat.com>
 2025-09-18 14:51:04 +02:00
Pedro Igor
c1fdbb0be4
Better names for workflow events 
Closes #42389

Signed-off-by: Pedro Igor <pigor.craveiro@gmail.com>
 2025-09-18 14:50:45 +02:00
Alexander Schwartz
15223f298f
Exclude invalid JavaScript files from CodeQL 
Closes #42664

Signed-off-by: Alexander Schwartz <alexander.schwartz@gmx.net>
 2025-09-18 09:18:06 -03:00
Martin Bartoš
1b7709bfa2
Test JDK 25 in CI (#42447) 
Closes #42733

Signed-off-by: Martin Bartoš <mabartos@redhat.com>
 2025-09-18 12:13:45 +00:00
mposolda
f5c71e3e55 Incorrect scheme in the WWW-Authenticate when Authorization: DPoP used 
closes #42706

Signed-off-by: mposolda <mposolda@gmail.com>
 2025-09-18 12:22:00 +02:00
Stian Thorgersen
37a99154a5
Refactor and improve tests for federated client authentication (#42720) 
Closes #42718

Signed-off-by: stianst <stianst@gmail.com>
 2025-09-18 09:30:01 +00:00
Guido Grazioli
2d34ebe33e
federation-sssd-setup add ifp section 
Closes #42726

Signed-off-by: Guido Grazioli <ggraziol@redhat.com>
 2025-09-18 09:09:52 +00:00
Stan Silvert
f99c91291c
Remove duplicated themes documentation. (#42571) 
* Remove duplicated themes documentation.

Signed-off-by: Stan Silvert <ssilvert@redhat.com>

* Move Theme SPI documentation to Themes Guide

Signed-off-by: Stan Silvert <ssilvert@redhat.com>

* Fix link so test will pass.

Fixes #42396

Signed-off-by: Stan Silvert <ssilvert@redhat.com>

* Fix broken links.

Closes #42396

Signed-off-by: Stan Silvert <ssilvert@redhat.com>

* Fix broken link.

Closes #42396

Signed-off-by: Stan Silvert <ssilvert@redhat.com>

---------

Signed-off-by: Stan Silvert <ssilvert@redhat.com>
 2025-09-18 10:31:52 +02:00
dependabot[bot]
716aed8b00 Bump tar-fs from 3.1.0 to 3.1.1 in /js 
Bumps [tar-fs](https://github.com/mafintosh/tar-fs) from 3.1.0 to 3.1.1.
- [Commits](https://github.com/mafintosh/tar-fs/compare/v3.1.0...v3.1.1)

---
updated-dependencies:
- dependency-name: tar-fs
  dependency-version: 3.1.1
  dependency-type: direct:production
  update-type: version-update:semver-patch
...

Signed-off-by: dependabot[bot] <support@github.com>
 2025-09-17 17:30:10 -03:00
dependabot[bot]
e0e5bd9af2 Bump p-debounce from 4.0.0 to 5.0.0 in /js 
Bumps [p-debounce](https://github.com/sindresorhus/p-debounce) from 4.0.0 to 5.0.0.
- [Release notes](https://github.com/sindresorhus/p-debounce/releases)
- [Commits](https://github.com/sindresorhus/p-debounce/compare/v4.0.0...v5.0.0)

---
updated-dependencies:
- dependency-name: p-debounce
  dependency-version: 5.0.0
  dependency-type: direct:production
  update-type: version-update:semver-major
...

Signed-off-by: dependabot[bot] <support@github.com>
 2025-09-17 17:29:34 -03:00
dependabot[bot]
52c0fefbd1 Bump jsdom from 26.1.0 to 27.0.0 in /js 
Bumps [jsdom](https://github.com/jsdom/jsdom) from 26.1.0 to 27.0.0.
- [Release notes](https://github.com/jsdom/jsdom/releases)
- [Changelog](https://github.com/jsdom/jsdom/blob/main/Changelog.md)
- [Commits](https://github.com/jsdom/jsdom/compare/26.1.0...27.0.0)

---
updated-dependencies:
- dependency-name: jsdom
  dependency-version: 27.0.0
  dependency-type: direct:development
  update-type: version-update:semver-major
...

Signed-off-by: dependabot[bot] <support@github.com>
 2025-09-17 17:29:14 -03:00
dependabot[bot]
50e641b1ca Bump fs-extra from 11.3.1 to 11.3.2 in /js 
Bumps [fs-extra](https://github.com/jprichardson/node-fs-extra) from 11.3.1 to 11.3.2.
- [Changelog](https://github.com/jprichardson/node-fs-extra/blob/master/CHANGELOG.md)
- [Commits](https://github.com/jprichardson/node-fs-extra/compare/11.3.1...11.3.2)

---
updated-dependencies:
- dependency-name: fs-extra
  dependency-version: 11.3.2
  dependency-type: direct:production
  update-type: version-update:semver-patch
...

Signed-off-by: dependabot[bot] <support@github.com>
 2025-09-17 17:28:55 -03:00
dependabot[bot]
0e2c6ff545 Bump rollup from 4.50.1 to 4.50.2 in /js 
Bumps [rollup](https://github.com/rollup/rollup) from 4.50.1 to 4.50.2.
- [Release notes](https://github.com/rollup/rollup/releases)
- [Changelog](https://github.com/rollup/rollup/blob/master/CHANGELOG.md)
- [Commits](https://github.com/rollup/rollup/compare/v4.50.1...v4.50.2)

---
updated-dependencies:
- dependency-name: rollup
  dependency-version: 4.50.2
  dependency-type: direct:development
  update-type: version-update:semver-patch
...

Signed-off-by: dependabot[bot] <support@github.com>
 2025-09-17 17:28:27 -03:00
Stian Thorgersen
3a33a2ecbf
Add metrics to alternative lookup cache (#42689) 
Closes #42688

Signed-off-by: stianst <stianst@gmail.com>
 2025-09-17 17:52:38 +00:00
Steven Hawkins
373257a5d0
fix: improving the local apiserver test cleanup (#42701) 
closes: #42693

Signed-off-by: Steve Hawkins <shawkins@redhat.com>
 2025-09-17 19:01:13 +02:00
Ryan Emerson
aa8321b837
Update 26.4 release notes to refer to old multi-site architecture 
Closes #42702

Signed-off-by: Ryan Emerson <remerson@ibm.com>
 2025-09-17 17:56:24 +02:00
dependabot[bot]
fec4d0463d Bump commander from 14.0.0 to 14.0.1 in /js 
Bumps [commander](https://github.com/tj/commander.js) from 14.0.0 to 14.0.1.
- [Release notes](https://github.com/tj/commander.js/releases)
- [Changelog](https://github.com/tj/commander.js/blob/master/CHANGELOG.md)
- [Commits](https://github.com/tj/commander.js/compare/v14.0.0...v14.0.1)

---
updated-dependencies:
- dependency-name: commander
  dependency-version: 14.0.1
  dependency-type: direct:production
  update-type: version-update:semver-patch
...

Signed-off-by: dependabot[bot] <support@github.com>
 2025-09-17 11:40:41 -03:00
Weblate (bot)
221850a4a5
Translations update from Hosted Weblate (#42539) 
* Updated translation for German

Language: de

Co-authored-by: Alexander Schwartz <alexander.schwartz@gmx.net>
Co-authored-by: Hosted Weblate <hosted@weblate.org>
Signed-off-by: Alexander Schwartz <alexander.schwartz@gmx.net>
Signed-off-by: Hosted Weblate <hosted@weblate.org>

* Updated translation for Catalan

Language: ca

Co-authored-by: Ecron <ecron_89@hotmail.com>
Signed-off-by: Ecron <ecron_89@hotmail.com>
Signed-off-by: Hosted Weblate <hosted@weblate.org>

* Updated translation for Dutch

Language: nl

Co-authored-by: Erik Jan de Wit <edewit@redhat.com>
Co-authored-by: Hosted Weblate <hosted@weblate.org>
Signed-off-by: Erik Jan de Wit <edewit@redhat.com>
Signed-off-by: Hosted Weblate <hosted@weblate.org>

* Updated translation for French

Language: fr

Updated translation for French

Language: fr

Updated translation for French

Language: fr

Updated translation for French

Language: fr

Updated translation for French

Language: fr

Co-authored-by: Hosted Weblate <hosted@weblate.org>
Co-authored-by: Sylvain Pichon <service@spichon.fr>
Signed-off-by: Hosted Weblate <hosted@weblate.org>
Signed-off-by: Sylvain Pichon <service@spichon.fr>

* Updated translation for Chinese (Traditional Han script)

Language: zh_Hant

Updated translation for Chinese (Traditional Han script)

Language: zh_Hant

Updated translation for Chinese (Traditional Han script)

Language: zh_Hant

Updated translation for Chinese (Traditional Han script)

Language: zh_Hant

Updated translation for Chinese (Traditional Han script)

Language: zh_Hant

Updated translation for Chinese (Traditional Han script)

Language: zh_Hant

Updated translation for Chinese (Traditional Han script)

Language: zh_Hant

Updated translation for Chinese (Traditional Han script)

Language: zh_Hant

Updated translation for Chinese (Traditional Han script)

Language: zh_Hant

Updated translation for Chinese (Traditional Han script)

Language: zh_Hant

Updated translation for Chinese (Traditional Han script)

Language: zh_Hant

Updated translation for Chinese (Traditional Han script)

Language: zh_Hant

Updated translation for Chinese (Traditional Han script)

Language: zh_Hant

Updated translation for Chinese (Traditional Han script)

Language: zh_Hant

Updated translation for Chinese (Traditional Han script)

Language: zh_Hant

Updated translation for Chinese (Traditional Han script)

Language: zh_Hant

Updated translation for Chinese (Traditional Han script)

Language: zh_Hant

Updated translation for Chinese (Traditional Han script)

Language: zh_Hant

Updated translation for Chinese (Traditional Han script)

Language: zh_Hant

Updated translation for Chinese (Traditional Han script)

Language: zh_Hant

Updated translation for Chinese (Traditional Han script)

Language: zh_Hant

Translated using Weblate (Chinese (Traditional Han script))

Translation: Keycloak/Theme base/admin
Translate-URL: https://hosted.weblate.org/projects/keycloak/theme-baseadmin/zh_Hant/

Updated translation for Chinese (Traditional Han script)

Language: zh_Hant

Updated translation for Chinese (Traditional Han script)

Language: zh_Hant

Updated translation for Chinese (Traditional Han script)

Language: zh_Hant

Co-authored-by: Hosted Weblate <hosted@weblate.org>
Co-authored-by: 秉虎 <s96016641@gmail.com>
Signed-off-by: Hosted Weblate <hosted@weblate.org>
Signed-off-by: 秉虎 <s96016641@gmail.com>

---------

Signed-off-by: Alexander Schwartz <alexander.schwartz@gmx.net>
Signed-off-by: Hosted Weblate <hosted@weblate.org>
Signed-off-by: Ecron <ecron_89@hotmail.com>
Signed-off-by: Erik Jan de Wit <edewit@redhat.com>
Signed-off-by: Sylvain Pichon <service@spichon.fr>
Signed-off-by: 秉虎 <s96016641@gmail.com>
Co-authored-by: Alexander Schwartz <alexander.schwartz@gmx.net>
Co-authored-by: Ecron <ecron_89@hotmail.com>
Co-authored-by: Erik Jan de Wit <edewit@redhat.com>
Co-authored-by: Sylvain Pichon <service@spichon.fr>
Co-authored-by: 秉虎 <s96016641@gmail.com>
 2025-09-17 16:38:13 +02:00
Pedro Igor
39222e8ca5
Validate actions that support aggregating actions (#42624) 
Closes #42381

Signed-off-by: Pedro Igor <pigor.craveiro@gmail.com>
 2025-09-17 14:15:10 +02:00
Stian Thorgersen
34c9b47414
Update issue templates (#42612) 
* Update issue templates

Closes #42611

Signed-off-by: stianst <stianst@gmail.com>

* Update .github/ISSUE_TEMPLATE/milestone.yml

Signed-off-by: Stian Thorgersen <stian@redhat.com>

---------

Signed-off-by: stianst <stianst@gmail.com>
Signed-off-by: Stian Thorgersen <stian@redhat.com>
 2025-09-17 13:58:53 +02:00
Alexander Schwartz
b918270a3a
Adding CodeQL for GitHub Actions 
Closes #42661

Signed-off-by: Alexander Schwartz <alexander.schwartz@gmx.net>
 2025-09-17 08:46:39 -03:00
Stian Thorgersen
f9ee040ef0
Add federated subject configuration option to federated-jwt authenticator (#42610) 
Closes #42608

Signed-off-by: stianst <stianst@gmail.com>
 2025-09-17 13:39:50 +02:00
Pedro Ruivo
f7ff7e55d8
Replace UUID with composite key for client session cache 
Closes #42547

Signed-off-by: Pedro Ruivo <1492066+pruivo@users.noreply.github.com>
Signed-off-by: Alexander Schwartz <aschwart@redhat.com>
Co-authored-by: Pedro Ruivo <1492066+pruivo@users.noreply.github.com>
Co-authored-by: Alexander Schwartz <aschwart@redhat.com>
 2025-09-17 10:25:51 +00:00
Lukas Hanusovsky
d9b4bd047f
[Keycloak Test Framework] Infinispan cache + ClusterlessTestSuite configuration (#42172) 
* [Keycloak Test Framework] Infinispan server + ClusterlessTestSuite and MultisiteTestSuite configuration

Signed-off-by: Lukas Hanusovsky <lhanusov@redhat.com>

* Utilise ClientIntelligence.BASIC to ensure that internal docker IPs
never used by Infinispan client

Signed-off-by: Ryan Emerson <remerson@ibm.com>

* Code refactoring + properties utility

Signed-off-by: Lukas Hanusovsky <lhanusov@redhat.com>

---------

Signed-off-by: Lukas Hanusovsky <lhanusov@redhat.com>
Signed-off-by: Ryan Emerson <remerson@ibm.com>
Co-authored-by: Ryan Emerson <remerson@ibm.com>
 2025-09-17 07:13:11 +00:00
Alexander Schwartz
63538629db
Stabilizing test by waiting for the response 
Closes #42650

Signed-off-by: Alexander Schwartz <aschwart@redhat.com>
 2025-09-16 14:20:13 -03:00
Ryan Emerson
0c5b6398a9
Document Operator ServiceMonitor generation in release notes 
Closes #42642

Signed-off-by: Ryan Emerson <remerson@ibm.com>
 2025-09-16 18:04:58 +02:00
Pedro Ruivo
f1bd42116e
NullPointerException when persisting a client session 
Fixes #42652

Signed-off-by: Pedro Ruivo <1492066+pruivo@users.noreply.github.com>
Co-authored-by: Pedro Ruivo <1492066+pruivo@users.noreply.github.com>
 2025-09-16 17:49:36 +02:00
Marek Posolda
d9d19791a4
Clarifying OIDC logout documentation. Removing obsolete unused docs p… (#42636) 
closes #41792


Signed-off-by: mposolda <mposolda@gmail.com>
Signed-off-by: Marek Posolda <mposolda@gmail.com>
Co-authored-by: andymunro <48995441+andymunro@users.noreply.github.com>
 2025-09-16 17:37:42 +02:00
Steven Hawkins
e9bf3bc2f8
fix: updating docs related to the number of executor threads 
closes: #39342

Signed-off-by: Steve Hawkins <shawkins@redhat.com>
 2025-09-16 17:02:15 +02:00
Giuseppe Graziano
fd7f5351ad Client Authenticator configurable per client 
Closes #42044

Signed-off-by: Giuseppe Graziano <g.graziano94@gmail.com>
 2025-09-16 16:54:39 +02:00
Steven Hawkins
26597c2d9a
fix: adding docs about mTLS and probes (#42561) 
closes: #42191

Signed-off-by: Steve Hawkins <shawkins@redhat.com>
 2025-09-16 16:30:37 +02:00
Steven Hawkins
6b6cefd827
fix: aligning the elytron alt name extraction logic (#41975) 
closes: #40629

Signed-off-by: Steve Hawkins <shawkins@redhat.com>
 2025-09-16 10:11:30 -04:00
vramik
d0e83cc05e Rename RLM to Workflows 
Closes #42512

Signed-off-by: vramik <vramik@redhat.com>
 2025-09-16 08:52:50 -03:00
Ricardo Martin
a2acdda535
Automatic download and cache of the SAML client public keys (#41947) 
Closes #17028

Signed-off-by: rmartinc <rmartinc@redhat.com>
 2025-09-16 13:07:33 +02:00
MartinFMartin
3940f51cf0
Update Slovenian translations for login messages (#42637) 
Signed-off-by: MartinFMartin <139436601+MartinFMartin@users.noreply.github.com>
 2025-09-16 10:57:59 +00:00
Ryan Emerson
728118d62a
Validate wait_timeout parameter on MySQL and MariaDB 
Closes #42300

Signed-off-by: Ryan Emerson <remerson@ibm.com>
Signed-off-by: Alexander Schwartz <aschwart@redhat.com>
Co-authored-by: Alexander Schwartz <aschwart@redhat.com>
 2025-09-16 09:38:52 +00:00
Ryan Emerson
6e7a836c96
Create default ServiceMonitor with Operator 
Closes #40406

Signed-off-by: Ryan Emerson <remerson@ibm.com>
 2025-09-16 10:57:35 +02:00
Awambeng
20f9306b78
[OID4VCI] Adjust Credential Issuer Metadata endpoint, return issuer metadata at /.well-known/openid-credential-issuer/realms/{realm} (#42577) 
Closes #41589

Signed-off-by: Awambeng <awambengrodrick@gmail.com>
 2025-09-16 10:24:44 +02:00
rmartinc
8a94bd90f9 redirectToAuthentication if the request uses PAR to not lose the single object after a refresh 
Closes #36716

Signed-off-by: rmartinc <rmartinc@redhat.com>
 2025-09-16 10:14:35 +02:00
andymunro
bbe2beebbb
Keycloak 26.4 Upgrading Guide 
Closes #42564

Signed-off-by: AndyMunro <amunro@redhat.com>
Signed-off-by: Alexander Schwartz <aschwart@redhat.com>
Co-authored-by: Alexander Schwartz <aschwart@redhat.com>
 2025-09-16 08:59:28 +02:00
Pedro Ruivo
714d71b4f5
Concurrent update embedded caches and database 
Closes #42374

Signed-off-by: Pedro Ruivo <1492066+pruivo@users.noreply.github.com>
Signed-off-by: Alexander Schwartz <aschwart@redhat.com>
Co-authored-by: Pedro Ruivo <1492066+pruivo@users.noreply.github.com>
Co-authored-by: Alexander Schwartz <aschwart@redhat.com>
 2025-09-15 18:38:03 +00:00
Alexander Schwartz
cdea7d79a7
Fix chinese language names 
Closes #42575

Signed-off-by: Alexander Schwartz <aschwart@redhat.com>
 2025-09-15 15:01:08 -03:00
Steven Hawkins
c7ae7185e6
fix: updating export option text (#42621) 
closes: #42011

Signed-off-by: Steve Hawkins <shawkins@redhat.com>
 2025-09-15 15:25:54 +00:00
Steven Hawkins
bb7e5ab7b2
fix: cleaning up dockerfile build warnings (#42573) 
closes: #42572

Signed-off-by: Steve Hawkins <shawkins@redhat.com>
 2025-09-15 17:07:27 +02:00
Pedro Igor
9eb0a3a326 Make sure refresh expiration is set together with setting the previous refresh token 
Signed-off-by: Pedro Igor <pigor.craveiro@gmail.com>
 2025-09-15 10:40:19 -03:00
Matthias Peter
4774d68d4f added null check also for optional expires_in parameter 2025-09-15 10:40:19 -03:00
Matthias Peter
db4d6bb0d9 added junit tests for refreshExpiresIn fix 2025-09-15 10:40:19 -03:00
Matthias Peter
6f6419378d fixed getter setter for expiresIn comparable to refreshExpiresIn 2025-09-15 10:40:19 -03:00
pematth
0265c6c255 removed unused include 
Signed-off-by: pematth <matthiaspeter@freenet.de>
 2025-09-15 10:40:19 -03:00
pematth
d72d7a407d fix proposal for issue 41804 
Signed-off-by: pematth <matthiaspeter@freenet.de>
 2025-09-15 10:40:19 -03:00
Lukas Hanusovsky
0aff081946
Keycloak CI - Refactoring ci.yml, removing surefire reports and jvm heapdump actions (#42425) 
Signed-off-by: Lukas Hanusovsky <lhanusov@redhat.com>
 2025-09-15 14:53:45 +02:00
forkimenjeckayang
64e0b450aa
[OID4VCI]: Add support for parsing and understanding authorization_details at the Token Endpoint (#40751) 
Closes #39278
Closes #39279


Signed-off-by: forkimenjeckayang <forkimenjeckayang@gmail.com>
Signed-off-by: mposolda <mposolda@gmail.com>
Co-authored-by: mposolda <mposolda@gmail.com>
 2025-09-15 14:02:45 +02:00
rmartinc
605b51905c Do not regenerate the secret key when the size is not explicitly passed 
Closes #42405

Signed-off-by: rmartinc <rmartinc@redhat.com>
 2025-09-15 13:30:35 +02:00
Ogenbertrand
d854703a21 Update key attestation header typ from keyattestation+jwt to key-attestation+jwt 
Signed-off-by: Ogenbertrand <ogenbertrand@gmail.com>
 2025-09-15 09:21:51 +02:00
Ogen Bertrand
70b50e93e9
[OID4VCI] Add support for credential_request_encryption in metadat (#42169) 
closes #41594
closes #41593
closes #41592
closes #41582
closes #41595


Signed-off-by: Ogenbertrand <ogenbertrand@gmail.com>
 2025-09-15 09:19:15 +02:00
Stefan Guilhen
20f5a15278 Adjust scheduled action time so that it is always based on the previous action 
Closes #42385

Signed-off-by: Stefan Guilhen <sguilhen@redhat.com>
 2025-09-12 15:50:38 -03:00
Martin Kanis
5a02bc1adb Admin UI hides local users when LDAP provider fails 
Closes #42276

Signed-off-by: Martin Kanis <mkanis@redhat.com>
 2025-09-12 10:43:08 -03:00
Ricardo Martin
6d7191844e
Disable preview of the json file if the content is more than 100KB (#42528) 
Closes #40557

Signed-off-by: rmartinc <rmartinc@redhat.com>
 2025-09-12 09:21:10 -04:00
Pedro Ruivo
971016f743
More efficient secure ID generator 
Closes #42283

Signed-off-by: Pedro Ruivo <1492066+pruivo@users.noreply.github.com>
Co-authored-by: Pedro Ruivo <1492066+pruivo@users.noreply.github.com>
 2025-09-12 13:52:26 +02:00
Stefan Wiedemann
232c91e6b7
Allow configuration of clientId in TargetRoleMapper again (#42377) 
closes #42375


Signed-off-by: Stefan Wiedemann <wistefan@googlemail.com>
 2025-09-12 08:56:53 +02:00
forkimenjeckayang
66677da8f7
[OID4VC]: Update the issuer metadata for signed metadata (#42428) 
Closes #41588

Signed-off-by: forkimenjeckayang <forkimenjeckayang@gmail.com>
 2025-09-12 08:51:56 +02:00
Ryan Emerson
73a4020baa
Remove default cache configurations from cache-local.xml 
Closes #42351

Signed-off-by: Ryan Emerson <remerson@ibm.com>
 2025-09-11 21:11:56 +02:00
dependabot[bot]
df478a8a8f Bump github/codeql-action from 3.30.1 to 3.30.3 
Bumps [github/codeql-action](https://github.com/github/codeql-action) from 3.30.1 to 3.30.3.
- [Release notes](https://github.com/github/codeql-action/releases)
- [Changelog](https://github.com/github/codeql-action/blob/main/CHANGELOG.md)
- [Commits](f1f6e5f6af...192325c861)

---
updated-dependencies:
- dependency-name: github/codeql-action
  dependency-version: 3.30.3
  dependency-type: direct:production
  update-type: version-update:semver-patch
...

Signed-off-by: dependabot[bot] <support@github.com>
 2025-09-11 14:27:38 -03:00
Alexander Schwartz
78ab69b0e7
Edit Keycloak 26.4 release notes 
Closes #42532

Signed-off-by: Alexander Schwartz <aschwart@redhat.com>
Signed-off-by: Alexander Schwartz <alexander.schwartz@gmx.net>
Co-authored-by: andymunro <48995441+andymunro@users.noreply.github.com>
 2025-09-11 14:26:12 -03:00
Steven Hawkins
3724409c5e
fix: further refining when profile info is logged (#42483) 
closes: #42334

Signed-off-by: Steve Hawkins <shawkins@redhat.com>
 2025-09-11 18:17:01 +02:00
Alexander Schwartz
6ea3c8aedf
Session IDs and auth codes should have 128 bits of entropy 
Closes #42274

Signed-off-by: Alexander Schwartz <aschwart@redhat.com>
 2025-09-11 17:05:40 +02:00
KONSTANTINOS GEORGILAKIS
b6cee86e74
Add openid scope in Allowed Client Scopes options of client registration access policies 
Closes #42339

Signed-off-by: cgeorgilakis-grnet <cgeorgilakis@admin.grnet.gr>
Co-authored-by: cgeorgilakis-grnet <cgeorgilakis@admin.grnet.gr>
 2025-09-11 16:04:31 +02:00
Alexander Schwartz
6a202146b4
Handle already existing user session in the store 
Closes #40374

Signed-off-by: Alexander Schwartz <aschwart@redhat.com>
 2025-09-11 14:58:53 +02:00
andymunro
801e892be1
Edit Keycloak 26.4 release notes 
Closes #42532

Signed-off-by: AndyMunro <amunro@redhat.com>
 2025-09-11 14:17:19 +02:00
Stian Thorgersen
51465f52a3
Get client by client attribute 
Closes #42543

Signed-off-by: stianst <stianst@gmail.com>
 2025-09-11 12:07:13 +00:00
Alexander Schwartz
d98c474cdc
Add upstream architectures for the Operator (#42099) 
Closes #38928

Signed-off-by: Alexander Schwartz <aschwart@redhat.com>
 2025-09-11 12:06:50 +02:00
Alexander Schwartz
5cfdaebcea
Add missing fields for client offline session timeout and lifespan 
Closes #42369

Signed-off-by: Alexander Schwartz <aschwart@redhat.com>
 2025-09-11 11:46:50 +02:00
Stian Thorgersen
22cccdd1db
Update Admin UI for SPIFFE Identity Provider (#42507) 
Closes #42464

Signed-off-by: stianst <stianst@gmail.com>
 2025-09-11 11:44:44 +02:00
Weblate (bot)
f26e487edb
Translations update from Hosted Weblate (#42395) 
* Translated using Weblate (Portuguese (Brazil))

Translation: Keycloak/Theme base/admin
Translate-URL: https://hosted.weblate.org/projects/keycloak/theme-baseadmin/pt_BR/

Updated translation for Portuguese (Brazil)

Language: pt_BR

Updated translation for Portuguese (Brazil)

Language: pt_BR

Updated translation for Portuguese (Brazil)

Language: pt_BR

Updated translation for Portuguese (Brazil)

Language: pt_BR

Co-authored-by: Felipe Zorzo <felipe.b.zorzo@gmail.com>
Co-authored-by: Hosted Weblate <hosted@weblate.org>
Signed-off-by: Felipe Zorzo <felipe.b.zorzo@gmail.com>
Signed-off-by: Hosted Weblate <hosted@weblate.org>

* Updated translation for German

Language: de

Updated translation for German

Language: de

Co-authored-by: Hosted Weblate <hosted@weblate.org>
Co-authored-by: Robin <39960884+robson90@users.noreply.github.com>
Co-authored-by: Thomas Darimont <thomas.darimont@googlemail.com>
Signed-off-by: Hosted Weblate <hosted@weblate.org>
Signed-off-by: Robin <39960884+robson90@users.noreply.github.com>
Signed-off-by: Thomas Darimont <thomas.darimont@googlemail.com>

* Updated translation for Catalan

Language: ca

Updated translation for Catalan

Language: ca

Updated translation for Catalan

Language: ca

Translated using Weblate (Catalan)

Translation: Keycloak/Theme base/admin
Translate-URL: https://hosted.weblate.org/projects/keycloak/theme-baseadmin/ca/

Updated translation for Catalan

Language: ca

Updated translation for Catalan

Language: ca

Updated translation for Catalan

Language: ca

Co-authored-by: Ecron <ecron_89@hotmail.com>
Co-authored-by: Hosted Weblate <hosted@weblate.org>
Co-authored-by: Jordi Mallach <jordi@mallach.net>
Signed-off-by: Ecron <ecron_89@hotmail.com>
Signed-off-by: Hosted Weblate <hosted@weblate.org>
Signed-off-by: Jordi Mallach <jordi@mallach.net>

* Updated translation for Dutch

Language: nl

Updated translation for Dutch

Language: nl

Updated translation for Dutch

Language: nl

Co-authored-by: Alexander Schwartz <alexander.schwartz@gmx.net>
Co-authored-by: Erik Jan de Wit <edewit@redhat.com>
Co-authored-by: Hosted Weblate <hosted@weblate.org>
Signed-off-by: Alexander Schwartz <alexander.schwartz@gmx.net>
Signed-off-by: Erik Jan de Wit <edewit@redhat.com>
Signed-off-by: Hosted Weblate <hosted@weblate.org>

* Updated translation for French

Language: fr

Updated translation for French

Language: fr

Updated translation for French

Language: fr

Updated translation for French

Language: fr

Updated translation for French

Language: fr

Updated translation for French

Language: fr

Co-authored-by: Alexander Schwartz <alexander.schwartz@gmx.net>
Co-authored-by: Hosted Weblate <hosted@weblate.org>
Co-authored-by: Sylvain Pichon <service@spichon.fr>
Signed-off-by: Alexander Schwartz <alexander.schwartz@gmx.net>
Signed-off-by: Hosted Weblate <hosted@weblate.org>
Signed-off-by: Sylvain Pichon <service@spichon.fr>

* Updated translation for Chinese (Traditional Han script)

Language: zh_Hant

Updated translation for Chinese (Traditional Han script)

Language: zh_Hant

Updated translation for Chinese (Traditional Han script)

Language: zh_Hant

Updated translation for Chinese (Traditional Han script)

Language: zh_Hant

Updated translation for Chinese (Traditional Han script)

Language: zh_Hant

Updated translation for Chinese (Traditional Han script)

Language: zh_Hant

Updated translation for Chinese (Traditional Han script)

Language: zh_Hant

Co-authored-by: Hosted Weblate <hosted@weblate.org>
Co-authored-by: 秉虎 <s96016641@gmail.com>
Signed-off-by: Hosted Weblate <hosted@weblate.org>
Signed-off-by: 秉虎 <s96016641@gmail.com>

---------

Signed-off-by: Felipe Zorzo <felipe.b.zorzo@gmail.com>
Signed-off-by: Hosted Weblate <hosted@weblate.org>
Signed-off-by: Robin <39960884+robson90@users.noreply.github.com>
Signed-off-by: Thomas Darimont <thomas.darimont@googlemail.com>
Signed-off-by: Ecron <ecron_89@hotmail.com>
Signed-off-by: Jordi Mallach <jordi@mallach.net>
Signed-off-by: Alexander Schwartz <alexander.schwartz@gmx.net>
Signed-off-by: Erik Jan de Wit <edewit@redhat.com>
Signed-off-by: Sylvain Pichon <service@spichon.fr>
Signed-off-by: 秉虎 <s96016641@gmail.com>
Co-authored-by: Felipe Zorzo <felipe.b.zorzo@gmail.com>
Co-authored-by: Robin <39960884+robson90@users.noreply.github.com>
Co-authored-by: Thomas Darimont <thomas.darimont@googlemail.com>
Co-authored-by: Ecron <ecron_89@hotmail.com>
Co-authored-by: Jordi Mallach <jordi@mallach.net>
Co-authored-by: Alexander Schwartz <alexander.schwartz@gmx.net>
Co-authored-by: Erik Jan de Wit <edewit@redhat.com>
Co-authored-by: Sylvain Pichon <service@spichon.fr>
Co-authored-by: 秉虎 <s96016641@gmail.com>
 2025-09-10 21:41:10 +02:00
Pedro Ruivo
8567eec526
ClientSession timestamp not updated in the database 
Closes #42012

Signed-off-by: Pedro Ruivo <1492066+pruivo@users.noreply.github.com>
Co-authored-by: Pedro Ruivo <1492066+pruivo@users.noreply.github.com>
 2025-09-10 20:34:22 +02:00
Pedro Igor
f20916b632
Catch specific expeception and add logging when there is no active request context 
Closes #42525

Signed-off-by: Pedro Igor <pigor.craveiro@gmail.com>
 2025-09-10 16:38:15 +00:00
Steven Hawkins
ae1e1d3cc3
fix: allows for schedulings to be defined for operator jobs (#42310) 
* fix: allows for schedulings to be defined for operator jobs

closes: #42057

Signed-off-by: Steve Hawkins <shawkins@redhat.com>

* Update docs/guides/operator/advanced-configuration.adoc

Co-authored-by: Václav Muzikář <vaclav@muzikari.cz>
Signed-off-by: Steven Hawkins <shawkins@redhat.com>

---------

Signed-off-by: Steve Hawkins <shawkins@redhat.com>
Signed-off-by: Steven Hawkins <shawkins@redhat.com>
Co-authored-by: Václav Muzikář <vaclav@muzikari.cz>
 2025-09-10 16:28:12 +00:00
Pedro Igor
0d5dfc3eae
Add support for ad-hoc policies (#42508) 
Closes #42126

Signed-off-by: Pedro Igor <pigor.craveiro@gmail.com>
 2025-09-10 15:40:17 +00:00
Stefan Guilhen
371e4289c3
Add action that sets a required action for a user (#42509) 
Closes #42506

Signed-off-by: Stefan Guilhen <sguilhen@redhat.com>
 2025-09-10 14:40:20 +00:00
Alexander Schwartz
473864a45d
Fixing the indentation of the sections 
Closes #42501

Signed-off-by: Alexander Schwartz <aschwart@redhat.com>
 2025-09-10 13:54:50 +02:00
Václav Muzikář
c66bc10946
Upgrade to Quarkus 3.27.0.CR1 (#42495) 
Closes #42494

Signed-off-by: Václav Muzikář <vmuzikar@redhat.com>
 2025-09-10 08:14:38 -03:00
Vlasta Ramik
b32b612f75
Compilation error in RolePolicyConditionProvider (#42497) 
Closes #42496

Signed-off-by: vramik <vramik@redhat.com>
 2025-09-10 09:04:49 +00:00
Takashi Norimatsu
cdced6ca0d FAPI 2.0 Message Signing Final - Add FAPI 2.0 Final message singning as default profile of client policies 
closes #41312

Signed-off-by: Takashi Norimatsu <takashi.norimatsu.ws@hitachi.com>
 2025-09-10 09:33:28 +02:00
Takashi Norimatsu
91fa1fe6b1 FAPI 2.0 Message Signing Final - Documentation 
closes #41313

Signed-off-by: Takashi Norimatsu <takashi.norimatsu.ws@hitachi.com>
 2025-09-10 09:32:23 +02:00
Stian Thorgersen
1e5d52975e
Refactor JWTValidator to allow use both for self-signed and federated client assertions (#42472) 
Closes: #42463

Signed-off-by: stianst <stianst@gmail.com>
 2025-09-10 08:11:18 +02:00
Pedro Igor
1b17a3c9a6
Add a policy condition based on user roles (#42487) 
Closes #42117

Signed-off-by: Pedro Igor <pigor.craveiro@gmail.com>
 2025-09-10 03:23:56 +02:00
Tim M
d05c3b5a9e
Add copy functionality to out-of-band code page 
- Add clipboard copy functionality for oob code
- Use styling from official patternfly component
- Improved user experience with visual feedback on copy action

Closes #42094

Signed-off-by: Tim Menze <58325404+TimMnz09@users.noreply.github.com>
 2025-09-09 22:04:23 +00:00
Ricardo Martin
93791f67fb
Add User_agent header for documentation links checker 
Closes #42164

Signed-off-by: rmartinc <rmartinc@redhat.com>
Signed-off-by: Alexander Schwartz <aschwart@redhat.com>
Co-authored-by: Alexander Schwartz <aschwart@redhat.com>
 2025-09-09 21:02:42 +00:00
Arnold Loubriat
fc326d254d
Set aria-label on Switch control 
Closes #42403

Signed-off-by: Arnold Loubriat <datatriny@gmail.com>
 2025-09-09 21:56:56 +02:00
Ryan Emerson
a3c95a2a34
Document tested and supported configurations for single-cluster deployments 
Closes #42304

Signed-off-by: Ryan Emerson <remerson@ibm.com>
Signed-off-by: Alexander Schwartz <aschwart@redhat.com>
Co-authored-by: Alexander Schwartz <aschwart@redhat.com>
 2025-09-09 19:49:22 +00:00
Vlasta Ramik
4382072d89
[RLM] Disable policy when the origin or selection criteria is removed 
Closes keycloak#42123 
Signed-off-by: vramik <vramik@redhat.com>
 2025-09-09 16:46:43 -03:00
Jon Koops
7634b42cc3
Fix unstable user tests for admin console (#42489) 
Closes #42477

Signed-off-by: Jon Koops <jonkoops@gmail.com>
 2025-09-09 14:24:50 -04:00
dependabot[bot]
74511ddafd Bump vite from 7.1.4 to 7.1.5 in /js 
Bumps [vite](https://github.com/vitejs/vite/tree/HEAD/packages/vite) from 7.1.4 to 7.1.5.
- [Release notes](https://github.com/vitejs/vite/releases)
- [Changelog](https://github.com/vitejs/vite/blob/main/packages/vite/CHANGELOG.md)
- [Commits](https://github.com/vitejs/vite/commits/v7.1.5/packages/vite)

---
updated-dependencies:
- dependency-name: vite
  dependency-version: 7.1.5
  dependency-type: direct:development
  update-type: version-update:semver-patch
...

Signed-off-by: dependabot[bot] <support@github.com>
 2025-09-09 15:06:20 -03:00
dependabot[bot]
3839fe3b87 Bump uuid from 12.0.0 to 13.0.0 in /js 
Bumps [uuid](https://github.com/uuidjs/uuid) from 12.0.0 to 13.0.0.
- [Release notes](https://github.com/uuidjs/uuid/releases)
- [Changelog](https://github.com/uuidjs/uuid/blob/main/CHANGELOG.md)
- [Commits](https://github.com/uuidjs/uuid/compare/v12.0.0...v13.0.0)

---
updated-dependencies:
- dependency-name: uuid
  dependency-version: 13.0.0
  dependency-type: direct:production
  update-type: version-update:semver-major
...

Signed-off-by: dependabot[bot] <support@github.com>
 2025-09-09 13:10:57 -03:00
dependabot[bot]
ff0d333097 Bump properties-file from 3.6.0 to 3.6.1 in /js 
Bumps [properties-file](https://github.com/properties-file/properties-file) from 3.6.0 to 3.6.1.
- [Release notes](https://github.com/properties-file/properties-file/releases)
- [Changelog](https://github.com/properties-file/properties-file/blob/main/CHANGELOG.md)
- [Commits](https://github.com/properties-file/properties-file/compare/3.6.0...3.6.1)

---
updated-dependencies:
- dependency-name: properties-file
  dependency-version: 3.6.1
  dependency-type: direct:development
  update-type: version-update:semver-patch
...

Signed-off-by: dependabot[bot] <support@github.com>
 2025-09-09 13:09:56 -03:00
dependabot[bot]
906532922e Bump @eslint/js from 9.34.0 to 9.35.0 in /js 
Bumps [@eslint/js](https://github.com/eslint/eslint/tree/HEAD/packages/js) from 9.34.0 to 9.35.0.
- [Release notes](https://github.com/eslint/eslint/releases)
- [Changelog](https://github.com/eslint/eslint/blob/main/CHANGELOG.md)
- [Commits](https://github.com/eslint/eslint/commits/v9.35.0/packages/js)

---
updated-dependencies:
- dependency-name: "@eslint/js"
  dependency-version: 9.35.0
  dependency-type: direct:development
  update-type: version-update:semver-minor
...

Signed-off-by: dependabot[bot] <support@github.com>
 2025-09-09 13:09:01 -03:00
dependabot[bot]
87cb62e03b Bump eslint from 9.34.0 to 9.35.0 in /js 
Bumps [eslint](https://github.com/eslint/eslint) from 9.34.0 to 9.35.0.
- [Release notes](https://github.com/eslint/eslint/releases)
- [Changelog](https://github.com/eslint/eslint/blob/main/CHANGELOG.md)
- [Commits](https://github.com/eslint/eslint/compare/v9.34.0...v9.35.0)

---
updated-dependencies:
- dependency-name: eslint
  dependency-version: 9.35.0
  dependency-type: direct:development
  update-type: version-update:semver-minor
...

Signed-off-by: dependabot[bot] <support@github.com>
 2025-09-09 13:08:37 -03:00
dependabot[bot]
d1d5c4e79b Bump rollup from 4.50.0 to 4.50.1 in /js 
Bumps [rollup](https://github.com/rollup/rollup) from 4.50.0 to 4.50.1.
- [Release notes](https://github.com/rollup/rollup/releases)
- [Changelog](https://github.com/rollup/rollup/blob/master/CHANGELOG.md)
- [Commits](https://github.com/rollup/rollup/compare/v4.50.0...v4.50.1)

---
updated-dependencies:
- dependency-name: rollup
  dependency-version: 4.50.1
  dependency-type: direct:development
  update-type: version-update:semver-patch
...

Signed-off-by: dependabot[bot] <support@github.com>
 2025-09-09 13:08:05 -03:00
dependabot[bot]
685a4d107a Bump chalk from 5.6.0 to 5.6.2 in /js 
Bumps [chalk](https://github.com/chalk/chalk) from 5.6.0 to 5.6.2.
- [Release notes](https://github.com/chalk/chalk/releases)
- [Commits](https://github.com/chalk/chalk/compare/v5.6.0...v5.6.2)

---
updated-dependencies:
- dependency-name: chalk
  dependency-version: 5.6.2
  dependency-type: direct:production
  update-type: version-update:semver-patch
...

Signed-off-by: dependabot[bot] <support@github.com>
 2025-09-09 13:07:29 -03:00
Pedro Igor
58990a5544 Add a policy condition based on user attributes 
Closes #42118

Signed-off-by: Pedro Igor <pigor.craveiro@gmail.com>
 2025-09-09 12:07:59 -03:00
Stefan Guilhen
60b29daed2 Fixes to e-mail templates 
Signed-off-by: Stefan Guilhen <sguilhen@redhat.com>
 2025-09-09 06:44:43 -03:00
mposolda
5a05d2123e Unbounded login_hint parameter Can Corrupt KC_RESTART Cookie 
closes #40857

Signed-off-by: mposolda <mposolda@gmail.com>
 2025-09-09 11:05:19 +02:00
Peter Griffiths
0ebb702877 Updated the WildFly subsystem module to avoid using deprecated functionality from wildfly-core that's been removed in the latest version 
Replaced instances of the deprecated class ModuleIdentifier with strings.
For now, maintain the use of the deprecated ModuleDependency constructor (while now using the module identifier strings from above in place of the ModuleIdentifier instances) in order to maximise compatibility. This ensures support for both WildFly, up to at least 37, and EAP 8.
Moved all the module identifier strings to KeycloakDependencyProcessor so they're all in one place. Removed duplicates and update references from other classes.

Closes #41669

Signed-off-by: Peter Griffiths <peter.griffiths@1spatial.com>
 2025-09-09 10:48:54 +02:00
Steven Hawkins
fcedd14e40
fix: moving multi-option validation to propertymappergrouping interface (#42125) 
* fix: moving multi-option validation to propertymappergrouping interface

closes: #27025

Signed-off-by: Steve Hawkins <shawkins@redhat.com>

* refinements based upon review comments

Signed-off-by: Steve Hawkins <shawkins@redhat.com>

---------

Signed-off-by: Steve Hawkins <shawkins@redhat.com>
 2025-09-09 10:32:15 +02:00
Ogen Bertrand
d13c953fe4
[OID4VCI] Implement multiple credential issuance (#42167) 
closes #39277


Signed-off-by: Ingrid Kamga <Ingrid.Kamga@adorsys.com>
Co-authored-by: Ingrid Kamga <Ingrid.Kamga@adorsys.com>
 2025-09-09 09:49:03 +02:00
dependabot[bot]
3f1f471fc0 Bump i18next from 25.4.2 to 25.5.2 in /js 
Bumps [i18next](https://github.com/i18next/i18next) from 25.4.2 to 25.5.2.
- [Release notes](https://github.com/i18next/i18next/releases)
- [Changelog](https://github.com/i18next/i18next/blob/master/CHANGELOG.md)
- [Commits](https://github.com/i18next/i18next/compare/v25.4.2...v25.5.2)

---
updated-dependencies:
- dependency-name: i18next
  dependency-version: 25.5.2
  dependency-type: direct:production
  update-type: version-update:semver-minor
...

Signed-off-by: dependabot[bot] <support@github.com>
 2025-09-08 17:05:51 -03:00
dependabot[bot]
502fe79c4b Bump uuid from 11.1.0 to 12.0.0 in /js 
Bumps [uuid](https://github.com/uuidjs/uuid) from 11.1.0 to 12.0.0.
- [Release notes](https://github.com/uuidjs/uuid/releases)
- [Changelog](https://github.com/uuidjs/uuid/blob/main/CHANGELOG.md)
- [Commits](https://github.com/uuidjs/uuid/compare/v11.1.0...v12.0.0)

---
updated-dependencies:
- dependency-name: uuid
  dependency-version: 12.0.0
  dependency-type: direct:production
  update-type: version-update:semver-major
...

Signed-off-by: dependabot[bot] <support@github.com>
 2025-09-08 17:04:29 -03:00
dependabot[bot]
2da0e002e2 Bump github/codeql-action from 3.30.0 to 3.30.1 
Bumps [github/codeql-action](https://github.com/github/codeql-action) from 3.30.0 to 3.30.1.
- [Release notes](https://github.com/github/codeql-action/releases)
- [Changelog](https://github.com/github/codeql-action/blob/main/CHANGELOG.md)
- [Commits](2d92b76c45...f1f6e5f6af)

---
updated-dependencies:
- dependency-name: github/codeql-action
  dependency-version: 3.30.1
  dependency-type: direct:production
  update-type: version-update:semver-patch
...

Signed-off-by: dependabot[bot] <support@github.com>
 2025-09-08 16:49:52 -03:00
dependabot[bot]
0768b03b63 Bump @types/node from 24.3.0 to 24.3.1 in /js 
Bumps [@types/node](https://github.com/DefinitelyTyped/DefinitelyTyped/tree/HEAD/types/node) from 24.3.0 to 24.3.1.
- [Release notes](https://github.com/DefinitelyTyped/DefinitelyTyped/releases)
- [Commits](https://github.com/DefinitelyTyped/DefinitelyTyped/commits/HEAD/types/node)

---
updated-dependencies:
- dependency-name: "@types/node"
  dependency-version: 24.3.1
  dependency-type: direct:development
  update-type: version-update:semver-patch
...

Signed-off-by: dependabot[bot] <support@github.com>
 2025-09-08 16:49:24 -03:00
dependabot[bot]
42ae71f376 Bump aquasecurity/trivy-action from 0.33.0 to 0.33.1 
Bumps [aquasecurity/trivy-action](https://github.com/aquasecurity/trivy-action) from 0.33.0 to 0.33.1.
- [Release notes](https://github.com/aquasecurity/trivy-action/releases)
- [Commits](f9424c10c3...b6643a29fe)

---
updated-dependencies:
- dependency-name: aquasecurity/trivy-action
  dependency-version: 0.33.1
  dependency-type: direct:production
  update-type: version-update:semver-patch
...

Signed-off-by: dependabot[bot] <support@github.com>
 2025-09-08 16:49:02 -03:00
Pedro Igor
0074704e76
Fixing UI to allow linking brokers ot orgs without a domain 
Closes #42408

Signed-off-by: Pedro Igor <pigor.craveiro@gmail.com>
 2025-09-08 17:46:46 +00:00
Takashi Norimatsu
d740c0f3db FAPI 2.0 Security Profile Final - Add FAPI 2.0 Final security profile as default profile of client policies 
closes #41120

Signed-off-by: Takashi Norimatsu <takashi.norimatsu.ws@hitachi.com>
 2025-09-08 17:23:53 +02:00
Ingrid Kamga
8fafd4c209 Understand key attestations as additional information to jwt proofs or as per new attestation proof type (for Key binding) 
Signed-off-by: Ingrid Kamga <Ingrid.Kamga@adorsys.com>
 2025-09-08 17:18:37 +02:00
Steven Hawkins
32a268c68d
fix: default to not performing migrations with nonserver commands (#42361) 
closes: #42321

Signed-off-by: Steve Hawkins <shawkins@redhat.com>
 2025-09-08 16:51:36 +02:00
Steven Hawkins
beae28f1cc
fix: allowing resolution of log color at build time (#42393) 
closes: #42335

Signed-off-by: Steve Hawkins <shawkins@redhat.com>
 2025-09-08 16:47:16 +02:00
vramik
3507773854 [RLM] Cleanup code from initial PR 
Closes #42316

Signed-off-by: vramik <vramik@redhat.com>
 2025-09-08 11:31:12 -03:00
Pedro Igor
40476b53d9 fixup! align /users/count with /users behavior around service-accounts 2025-09-08 11:30:45 -03:00
Daniel Travieso Ramos
2cd8c353b7 align /users/count with /users behavior around service-accounts 
Signed-off-by: Daniel Travieso Ramos <daniel@spectral.energy>
 2025-09-08 11:30:45 -03:00
Alexander Schwartz
cad613aa6e
Avoid removing client sessions before the user session times out 
As the client session timeout can be overwritten on a per client level, the realm level timeout can not be used to remove client sessions early.

Closes #35825

Signed-off-by: Alexander Schwartz <aschwart@redhat.com>
 2025-09-08 10:59:15 -03:00
Ryan Emerson
05e731f098
Fix broken HA guide links 
Closes #42426

Signed-off-by: Ryan Emerson <remerson@ibm.com>
 2025-09-08 14:20:08 +02:00
Stian Thorgersen
48994b8a5f
Prevent client authenticators executing twice when client authentication fails (#42420) 
Closes #42419

Signed-off-by: stianst <stianst@gmail.com>
 2025-09-08 14:11:04 +02:00
Lukas Hanusovsky
de50a15a2f
Test framework - Fix for wrongly placed custom KeycloakServerConfig (#42422) 
Signed-off-by: Lukas Hanusovsky <lhanusov@redhat.com>
 2025-09-08 11:23:46 +02:00
Alexander Schwartz
6fce9c89e4
Translate the validation error returned from the backend 
Closes #42182

Signed-off-by: Alexander Schwartz <aschwart@redhat.com>
 2025-09-05 13:35:32 -04:00
Steven Hawkins
0897560513
fix: moves unsupported feature logging (#42380) 
closes: #42334

Signed-off-by: Steve Hawkins <shawkins@redhat.com>
 2025-09-05 19:21:20 +02:00
Steven Hawkins
05c7c625d3
fix: don't show the local access screen if a service account exists (#42218) 
closes: #42201

Signed-off-by: Steve Hawkins <shawkins@redhat.com>
 2025-09-05 18:22:31 +02:00
Steven Hawkins
966e58160a
fix: updating to MariaDB 11.8 LTS (#42357) 
closes: #42356

Signed-off-by: Steve Hawkins <shawkins@redhat.com>
 2025-09-05 18:11:47 +02:00
Eugen Stan
c0537cbbe8
Specify link to where containers are published in start-keycloak-container.adoc 
Closes #42392

Signed-off-by: Eugen Stan <eugen@ieugen.ro>
Signed-off-by: Alexander Schwartz <aschwart@redhat.com>
Co-authored-by: Alexander Schwartz <aschwart@redhat.com>
 2025-09-05 15:21:33 +00:00
Ryan Emerson
f9f9ebd5a8
Support Aurora PostgreSQL 17.5 in Keycloak's nightly run 
Closes #42308

Signed-off-by: Ryan Emerson <remerson@ibm.com>
 2025-09-05 14:58:13 +00:00
Steven Hawkins
b743b3d3b1
fix: adding better management of closed entitymanagers 
closes: #42114

Signed-off-by: Steve Hawkins <shawkins@redhat.com>
 2025-09-05 16:57:47 +02:00
Thomas Darimont
1809fe5bdb
Ease implementation of custom AccountConsole extensions 
Fixes #40464

Signed-off-by: Thomas Darimont <thomas.darimont@googlemail.com>
 2025-09-05 14:56:33 +00:00
Ryan Emerson
17684f8011
Remove usage of the term stretched from single-cluster HA guides 
Closes #42358

Signed-off-by: Ryan Emerson <remerson@ibm.com>
 2025-09-05 15:49:19 +02:00
Stan Silvert
d5ed9babf0
Issue 42360 flaky ldap mapper test 
Fixes #42360

Signed-off-by: Stan Silvert <ssilvert@redhat.com>
 2025-09-05 15:33:45 +02:00
Pedro Igor
a42550d2e5 Add support for aggregated actions 
Closes #42119

Signed-off-by: Pedro Igor <pigor.craveiro@gmail.com>
 2025-09-05 10:29:18 -03:00
Alexander Schwartz
ad12b418b4 Review 
Closes #42369

Signed-off-by: Alexander Schwartz <aschwart@redhat.com>
 2025-09-05 10:28:32 -03:00
Alexander Schwartz
78dce37197 Update documentation after changes to RFC8414 handling 
Closes #42323

Signed-off-by: Alexander Schwartz <aschwart@redhat.com>
 2025-09-05 10:28:32 -03:00
Stefan Guilhen
3d88846732 Add support for immediate policies 
Closes #42311

Signed-off-by: Stefan Guilhen <sguilhen@redhat.com>
 2025-09-05 08:50:15 -03:00
Marek Posolda
6a27a4c336
EdDSA support for DPoP (#42362) 
closes #42286

Signed-off-by: mposolda <mposolda@gmail.com>
 2025-09-05 12:54:43 +02:00
Stian Thorgersen
cbf915c570
Update timeout for Base IT (new) (#42367) 
Signed-off-by: stianst <stianst@gmail.com>
 2025-09-05 10:31:09 +02:00
Steve Hawkins
2a16655d84 fix: setting the built flag for embedded usage 
closes: #23972

Signed-off-by: Steve Hawkins <shawkins@redhat.com>
 2025-09-05 01:56:41 -03:00
Martin Bartoš
3f5812466f
Upgrade to Quarkus 3.26.2 (#42343) 
Closes #42342

Signed-off-by: Martin Bartoš <mabartos@redhat.com>
 2025-09-04 17:20:40 +02:00
Pedro Igor
4abe5b5f4a
Initial implementation for the RLM scheduled task 
Closes #42105

Signed-off-by: Pedro Igor <pigor.craveiro@gmail.com>
 2025-09-04 17:19:53 +02:00
Johannes Knutsen
973e9ad176 Add a global filter which throws bad request if a query parameter value has a control character 
Closes #41117

Signed-off-by: Johannes Knutsen <johannes@kodet.no>
 2025-09-04 10:19:51 -03:00
Awambeng
f9cb8dfe3d
[OID4VCI]: Add DPoP nonce header support to OID4VCI nonce endpoint (#41999) 
Closes #41580

Signed-off-by: Awambeng Rodrick <awambengrodrick@gmail.com>
 2025-09-04 14:52:10 +02:00
forkimenjeckayang
d5feb76f1f
Restructure credential_configurations_supported parsing to handle credential_metadata with display and claims && Update Credential Issuer Metadata structure (#42001) 
Closes #41587
Closes #41597

Signed-off-by: forkimenjeckayang <forkimenjeckayang@gmail.com>
 2025-09-04 14:48:56 +02:00
Stian Thorgersen
320ea5a9a7
Experimental SPIFFE identity provider (#42314) 
Closes #42313

Signed-off-by: stianst <stianst@gmail.com>
 2025-09-04 14:48:18 +02:00
Steven Hawkins
fc467f48c8
fix: removing script logic for determining if a build is necessary (#41771) 
closes: #23972

Signed-off-by: Steve Hawkins <shawkins@redhat.com>
 2025-09-04 08:23:04 -04:00
dependabot[bot]
6c711bbf09
Bump lint-staged from 16.1.5 to 16.1.6 in /js (#42333) 
Bumps [lint-staged](https://github.com/lint-staged/lint-staged) from 16.1.5 to 16.1.6.
- [Release notes](https://github.com/lint-staged/lint-staged/releases)
- [Changelog](https://github.com/lint-staged/lint-staged/blob/main/CHANGELOG.md)
- [Commits](https://github.com/lint-staged/lint-staged/compare/v16.1.5...v16.1.6)

---
updated-dependencies:
- dependency-name: lint-staged
  dependency-version: 16.1.6
  dependency-type: direct:development
  update-type: version-update:semver-patch
...

Signed-off-by: dependabot[bot] <support@github.com>
Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com>
 2025-09-04 08:09:52 -04:00
dependabot[bot]
29e5f49078
Bump mocha from 11.7.1 to 11.7.2 in /js (#42331) 
Bumps [mocha](https://github.com/mochajs/mocha) from 11.7.1 to 11.7.2.
- [Release notes](https://github.com/mochajs/mocha/releases)
- [Changelog](https://github.com/mochajs/mocha/blob/main/CHANGELOG.md)
- [Commits](https://github.com/mochajs/mocha/compare/v11.7.1...v11.7.2)

---
updated-dependencies:
- dependency-name: mocha
  dependency-version: 11.7.2
  dependency-type: direct:development
  update-type: version-update:semver-patch
...

Signed-off-by: dependabot[bot] <support@github.com>
Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com>
 2025-09-04 07:38:41 -04:00
dependabot[bot]
b9c1f5f02d
Bump typescript-eslint from 8.41.0 to 8.42.0 in /js (#42330) 
Bumps [typescript-eslint](https://github.com/typescript-eslint/typescript-eslint/tree/HEAD/packages/typescript-eslint) from 8.41.0 to 8.42.0.
- [Release notes](https://github.com/typescript-eslint/typescript-eslint/releases)
- [Changelog](https://github.com/typescript-eslint/typescript-eslint/blob/main/packages/typescript-eslint/CHANGELOG.md)
- [Commits](https://github.com/typescript-eslint/typescript-eslint/commits/v8.42.0/packages/typescript-eslint)

---
updated-dependencies:
- dependency-name: typescript-eslint
  dependency-version: 8.42.0
  dependency-type: direct:development
  update-type: version-update:semver-minor
...

Signed-off-by: dependabot[bot] <support@github.com>
Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com>
 2025-09-04 07:38:10 -04:00
Awambeng
3cd2141698
Add invalid_nonce error support for OID4VCI (#41977) 
Closes #39292

Signed-off-by: Awambeng Rodrick <awambengrodrick@gmail.com>
 2025-09-04 13:15:29 +02:00
forkimenjeckayang
6e767a30b8
Centralize OID4VCI Protocol Constants in Oid4VciConstants and Refactor Usages (#41481) 
Closes #40083

Signed-off-by: forkimenjeckayang <forkimenjeckayang@gmail.com>
 2025-09-04 13:12:10 +02:00
dependabot[bot]
691736f3dd Bump vite from 7.1.3 to 7.1.4 in /js 
Bumps [vite](https://github.com/vitejs/vite/tree/HEAD/packages/vite) from 7.1.3 to 7.1.4.
- [Release notes](https://github.com/vitejs/vite/releases)
- [Changelog](https://github.com/vitejs/vite/blob/main/packages/vite/CHANGELOG.md)
- [Commits](https://github.com/vitejs/vite/commits/v7.1.4/packages/vite)

---
updated-dependencies:
- dependency-name: vite
  dependency-version: 7.1.4
  dependency-type: direct:development
  update-type: version-update:semver-patch
...

Signed-off-by: dependabot[bot] <support@github.com>
 2025-09-04 07:59:09 -03:00
Martin Kanis
fc3914c439 [RLM] Provide a action to notify users by email based on a configurable time 
Closes #41788

Signed-off-by: Martin Kanis <mkanis@redhat.com>
 2025-09-03 16:38:41 -03:00
dependabot[bot]
35e6d7512c Bump actions/cache from 4.2.3 to 4.2.4 
Bumps [actions/cache](https://github.com/actions/cache) from 4.2.3 to 4.2.4.
- [Release notes](https://github.com/actions/cache/releases)
- [Changelog](https://github.com/actions/cache/blob/main/RELEASES.md)
- [Commits](5a3ec84eff...0400d5f644)

---
updated-dependencies:
- dependency-name: actions/cache
  dependency-version: 4.2.4
  dependency-type: direct:production
  update-type: version-update:semver-patch
...

Signed-off-by: dependabot[bot] <support@github.com>
 2025-09-03 16:22:35 -03:00
Alexander Schwartz
4d3589c776
Lock the database before doing migrations 
Closes #41801

Signed-off-by: Alexander Schwartz <aschwart@redhat.com>
 2025-09-03 15:22:04 -03:00
Bagautdino
d225bce21f feat(FGAPv2): introduce RESET_PASSWORD scope and evaluation 
- Add RESET_PASSWORD to AdminPermissionsSchema.USERS
- Require RESET_PASSWORD in UserResource.resetPassword()
- Expose canResetPassword()/requireResetPassword()
- Implement FGAP v2 deny-overrides + secure-by-default + optional fallback
- Include access.resetPassword for Admin Console

Closes #41901

Co-authored-by: Pedro Igor <pigor.craveiro@gmail.com>
Signed-off-by: Bagautdino <336373@edu.itmo.ru>
 2025-09-03 15:10:56 -03:00
dependabot[bot]
28d3b2dd29 Bump actions/checkout from 4.2.2 to 5.0.0 
Bumps [actions/checkout](https://github.com/actions/checkout) from 4.2.2 to 5.0.0.
- [Release notes](https://github.com/actions/checkout/releases)
- [Changelog](https://github.com/actions/checkout/blob/main/CHANGELOG.md)
- [Commits](11bd71901b...08c6903cd8)

---
updated-dependencies:
- dependency-name: actions/checkout
  dependency-version: 5.0.0
  dependency-type: direct:production
  update-type: version-update:semver-major
...

Signed-off-by: dependabot[bot] <support@github.com>
 2025-09-03 15:06:15 -03:00
dependabot[bot]
9be42e1681 Bump snyk/actions 
Bumps [snyk/actions](https://github.com/snyk/actions) from 28606799782bc8e809f4076e9f8293bc4212d05e to e2221410bff24446ba09102212d8bc75a567237d.
- [Release notes](https://github.com/snyk/actions/releases)
- [Commits](2860679978...e2221410bf)

---
updated-dependencies:
- dependency-name: snyk/actions
  dependency-version: e2221410bff24446ba09102212d8bc75a567237d
  dependency-type: direct:production
...

Signed-off-by: dependabot[bot] <support@github.com>
 2025-09-03 15:05:40 -03:00
dependabot[bot]
2237cf3dab Bump github/codeql-action from 3.29.4 to 3.29.11 
Bumps [github/codeql-action](https://github.com/github/codeql-action) from 3.29.4 to 3.29.11.
- [Release notes](https://github.com/github/codeql-action/releases)
- [Changelog](https://github.com/github/codeql-action/blob/main/CHANGELOG.md)
- [Commits](4e828ff8d4...3c3833e0f8)

---
updated-dependencies:
- dependency-name: github/codeql-action
  dependency-version: 3.29.11
  dependency-type: direct:production
  update-type: version-update:semver-patch
...

Signed-off-by: dependabot[bot] <support@github.com>
 2025-09-03 15:05:11 -03:00
dependabot[bot]
42693395e1 Bump actions/download-artifact from 4.3.0 to 5.0.0 
Bumps [actions/download-artifact](https://github.com/actions/download-artifact) from 4.3.0 to 5.0.0.
- [Release notes](https://github.com/actions/download-artifact/releases)
- [Commits](d3f86a106a...634f93cb29)

---
updated-dependencies:
- dependency-name: actions/download-artifact
  dependency-version: 5.0.0
  dependency-type: direct:production
  update-type: version-update:semver-major
...

Signed-off-by: dependabot[bot] <support@github.com>
 2025-09-03 15:04:02 -03:00
Takashi Norimatsu
ea63cdc97a
Compliant with RFC8414, return server metadata at /.well-known/oauth-authorization-server/realms/{realm} 
closes #40923

Signed-off-by: Takashi Norimatsu <takashi.norimatsu.ws@hitachi.com>
 2025-09-03 19:14:37 +02:00
Ryan Emerson
4fec0a8630
Document that single-cluster deployments expect all Keycloak instances to serve traffic 
Closes #42305

Signed-off-by: Ryan Emerson <remerson@ibm.com>
Signed-off-by: Alexander Schwartz <alexander.schwartz@gmx.net>
Co-authored-by: Alexander Schwartz <alexander.schwartz@gmx.net>
 2025-09-03 18:30:13 +02:00
Pedro Igor
8f0d528126
Make sure inner transactions are using their own session 
Closes #41942

Signed-off-by: Pedro Igor <pigor.craveiro@gmail.com>
 2025-09-03 17:38:19 +02:00
forkimenjeckayang
a74076e8ab
Enforce batch_size ≥ 2 validation for batch_credential_issuance (#42003) 
Closes #41590

Signed-off-by: forkimenjeckayang <forkimenjeckayang@gmail.com>
 2025-09-03 17:15:55 +02:00
Awambeng Rodrick
dc6afee14e Update OID4VCI error handling for draft 16 specification 
- Replace unsupported_credential_type and unsupported_credential_format with unknown_credential_configuration
- Add new unknown_credential_identifier error type as per OID4VCI draft 16
- Update error handling logic to differentiate between credential configuration and identifier errors
- Add comprehensive test coverage for new error types

Closes #41591

Signed-off-by: Awambeng Rodrick <awambengrodrick@gmail.com>

Refactor error handling in OID4VCIssuerEndpoint

Signed-off-by: Awambeng Rodrick <awambengrodrick@gmail.com>

Resolve comments on PR

Signed-off-by: Awambeng Rodrick <awambengrodrick@gmail.com>

fix failing test

Signed-off-by: Awambeng Rodrick <awambengrodrick@gmail.com>
 2025-09-03 16:53:22 +02:00
forkimenjeckayang
fc73537ba7
Rename ldp_vp to di_vp and restructure proofs object for Draft 16 compliance (#41982) 
Closes #41576
Closes #41577
Closes #41581

Signed-off-by: forkimenjeckayang <forkimenjeckayang@gmail.com>
 2025-09-03 16:33:43 +02:00
Peter Zaoral
fb35439479
Use an OS-specific key for writing for maven cache (#41735) (#41810) 
Closes: #41664

Signed-off-by: Peter Zaoral <pepo48@gmail.com>
 2025-09-03 14:52:30 +02:00
dependabot[bot]
c7b787ef1a Bump aquasecurity/trivy-action from 0.32.0 to 0.33.0 
Bumps [aquasecurity/trivy-action](https://github.com/aquasecurity/trivy-action) from 0.32.0 to 0.33.0.
- [Release notes](https://github.com/aquasecurity/trivy-action/releases)
- [Commits](dc5a429b52...f9424c10c3)

---
updated-dependencies:
- dependency-name: aquasecurity/trivy-action
  dependency-version: 0.33.0
  dependency-type: direct:production
  update-type: version-update:semver-minor
...

Signed-off-by: dependabot[bot] <support@github.com>
 2025-09-03 08:54:09 -03:00
Stan Silvert
b460b76ff7
Flaky realm role test 
* Use test id to click button instead of text locator.

Fixes #42235

Signed-off-by: Stan Silvert <ssilvert@redhat.com>
 2025-09-03 08:00:42 +02:00
Alexander Schwartz
665f4140da
Adding missing docs for 26.4 release notes 
Closes #42252

Signed-off-by: Alexander Schwartz <alexander.schwartz@gmx.net>
Signed-off-by: Alexander Schwartz <aschwart@redhat.com>
Co-authored-by: Vinod Anandan <vinod@owasp.org>
 2025-09-02 17:47:12 -03:00
Pedro Igor
028b72876f Removing fallback when there is no session 
Signed-off-by: Pedro Igor <pigor.craveiro@gmail.com>
 2025-09-02 17:45:59 -03:00
Pedro Igor
4d018406e9 Removing unused imports 
Signed-off-by: Pedro Igor <pigor.craveiro@gmail.com>
 2025-09-02 17:45:59 -03:00
Pedro Igor
76e02388ff Moving resetOnevent to base class 
Signed-off-by: Pedro Igor <pigor.craveiro@gmail.com>
 2025-09-02 17:45:59 -03:00
Pedro Igor
a4f115b4cc Moving deactivation events to base class 
Signed-off-by: Pedro Igor <pigor.craveiro@gmail.com>
 2025-09-02 17:45:59 -03:00
Pedro Igor
b65356f3c8 Refactoring how policies are activated based on user-defined events and conditions 
Signed-off-by: Pedro Igor <pigor.craveiro@gmail.com>
 2025-09-02 17:45:59 -03:00
Pedro Igor
cee9b6803b Refactoring built-in policies to use conditions 
Signed-off-by: Pedro Igor <pigor.craveiro@gmail.com>
 2025-09-02 17:45:59 -03:00
Pedro Igor
03cbc11e7e Initial refactoring to make federated identities a condition 
Signed-off-by: Pedro Igor <pigor.craveiro@gmail.com>
 2025-09-02 17:45:59 -03:00
Pedro Igor
17a053b2af Add support for generic event-based policies and conditions 
Signed-off-by: Pedro Igor <pigor.craveiro@gmail.com>
 2025-09-02 17:45:59 -03:00
Jon Koops
7990fa0300
Disable test retries for admin console (#42289) 
Closes #42288

Signed-off-by: Jon Koops <jonkoops@gmail.com>
 2025-09-02 15:49:33 -04:00
vramik
4aa604ad04 Updated the screenshot to correctly show "Apply to Resource Type" enabled, 
which is required for typed resource permissions.

Closes #42159

Signed-off-by: vramik <vramik@redhat.com>
 2025-09-02 12:27:36 -03:00
Alexander Schwartz
e46c879cde
Retry duplicate exceptions to handle concurrent client sessions 
Closes #42278

Signed-off-by: Alexander Schwartz <aschwart@redhat.com>
 2025-09-02 10:43:03 -03:00
hustrust
4441ee4444
chore: fix some typos in comment (#42279) 
Signed-off-by: hustrust <hustrust@outlook.com>
 2025-09-02 13:20:17 +00:00
stianst
57242d2497 Experimental federated client authentication 
Closes #42228

Signed-off-by: stianst <stianst@gmail.com>
 2025-09-02 10:02:51 -03:00
mposolda
624d236ced DPoP verification support for admin/account REST API endpoints. Java admin-client DPoP support 
closes #33942

Signed-off-by: mposolda <mposolda@gmail.com>
 2025-09-02 14:29:30 +02:00
trataka
9afe5fb8a9
Add wasm support for themes (#38898) 
Closes #38897

Signed-off-by: trataka <jonathan@trataka.net>
 2025-09-02 14:22:09 +02:00
Alexander Schwartz
e13eb0df90
Show length validations in the admin UI 
Closes #42178

Signed-off-by: Alexander Schwartz <aschwart@redhat.com>
Signed-off-by: Alexander Schwartz <alexander.schwartz@gmx.net>
Co-authored-by: Jon Koops <jonkoops@gmail.com>
 2025-09-02 13:30:40 +02:00
Giuseppe Graziano
0afdd00624 DPoP algorithms dynamically resolved 
Closes #42030

Signed-off-by: Giuseppe Graziano <g.graziano94@gmail.com>
 2025-09-02 11:26:00 +02:00
Weblate (bot)
9c5fa58edf
Translations update from Hosted Weblate (#42076) 
* Updated translation for Portuguese (Brazil)

Language: pt_BR

Co-authored-by: Felipe Zorzo <felipe.b.zorzo@gmail.com>
Co-authored-by: Hosted Weblate <hosted@weblate.org>
Signed-off-by: Felipe Zorzo <felipe.b.zorzo@gmail.com>
Signed-off-by: Hosted Weblate <hosted@weblate.org>

* Updated translation for German

Language: de

Co-authored-by: Hosted Weblate <hosted@weblate.org>
Co-authored-by: Robin <39960884+robson90@users.noreply.github.com>
Signed-off-by: Hosted Weblate <hosted@weblate.org>
Signed-off-by: Robin <39960884+robson90@users.noreply.github.com>

* Updated translation for Japanese

Language: ja

Updated translation for Japanese

Language: ja

Translated using Weblate (Japanese)

Translation: Keycloak/Theme base/admin
Translate-URL: https://hosted.weblate.org/projects/keycloak/theme-baseadmin/ja/

Updated translation for Japanese

Language: ja

Updated translation for Japanese

Language: ja

Co-authored-by: Hosted Weblate <hosted@weblate.org>
Co-authored-by: Kohei Tamura <ktamura.biz.80@gmail.com>
Signed-off-by: Hosted Weblate <hosted@weblate.org>
Signed-off-by: Kohei Tamura <ktamura.biz.80@gmail.com>

* Translated using Weblate (Catalan)

Translation: Keycloak/Theme base/admin
Translate-URL: https://hosted.weblate.org/projects/keycloak/theme-baseadmin/ca/

Updated translation for Catalan

Language: ca

Updated translation for Catalan

Language: ca

Translated using Weblate (Catalan)

Translation: Keycloak/Theme base/admin
Translate-URL: https://hosted.weblate.org/projects/keycloak/theme-baseadmin/ca/

Updated translation for Catalan

Language: ca

Updated translation for Catalan

Language: ca

Co-authored-by: Alexander Schwartz <alexander.schwartz@gmx.net>
Co-authored-by: Ecron <ecron_89@hotmail.com>
Co-authored-by: Hosted Weblate <hosted@weblate.org>
Signed-off-by: Alexander Schwartz <alexander.schwartz@gmx.net>
Signed-off-by: Ecron <ecron_89@hotmail.com>
Signed-off-by: Hosted Weblate <hosted@weblate.org>

* Updated translation for Dutch

Language: nl

Co-authored-by: Erik Jan de Wit <edewit@redhat.com>
Co-authored-by: Hosted Weblate <hosted@weblate.org>
Signed-off-by: Erik Jan de Wit <edewit@redhat.com>
Signed-off-by: Hosted Weblate <hosted@weblate.org>

* Updated translation for French

Language: fr

Updated translation for French

Language: fr

Updated translation for French

Language: fr

Updated translation for French

Language: fr

Updated translation for French

Language: fr

Updated translation for French

Language: fr

Updated translation for French

Language: fr

Updated translation for French

Language: fr

Updated translation for French

Language: fr

Updated translation for French

Language: fr

Translated using Weblate (French)

Translation: Keycloak/Theme base/admin
Translate-URL: https://hosted.weblate.org/projects/keycloak/theme-baseadmin/fr/

Updated translation for French

Language: fr

Updated translation for French

Language: fr

Translated using Weblate (French)

Translation: Keycloak/Theme base/admin
Translate-URL: https://hosted.weblate.org/projects/keycloak/theme-baseadmin/fr/

Updated translation for French

Language: fr

Updated translation for French

Language: fr

Updated translation for French

Language: fr

Co-authored-by: Alexander Schwartz <alexander.schwartz@gmx.net>
Co-authored-by: Hosted Weblate <hosted@weblate.org>
Co-authored-by: Sylvain Pichon <service@spichon.fr>
Signed-off-by: Alexander Schwartz <alexander.schwartz@gmx.net>
Signed-off-by: Hosted Weblate <hosted@weblate.org>
Signed-off-by: Sylvain Pichon <service@spichon.fr>

* Updated translation for Georgian

Language: ka

Updated translation for Georgian

Language: ka

Updated translation for Georgian

Language: ka

Updated translation for Georgian

Language: ka

Co-authored-by: Hosted Weblate <hosted@weblate.org>
Co-authored-by: Temuri Doghonadze <temuri.doghonadze@gmail.com>
Signed-off-by: Hosted Weblate <hosted@weblate.org>
Signed-off-by: Temuri Doghonadze <temuri.doghonadze@gmail.com>

* Updated translation for Chinese (Traditional Han script)

Language: zh_Hant

Translated using Weblate (Chinese (Traditional Han script))

Translation: Keycloak/Theme base/admin
Translate-URL: https://hosted.weblate.org/projects/keycloak/theme-baseadmin/zh_Hant/

Updated translation for Chinese (Traditional Han script)

Language: zh_Hant

Updated translation for Chinese (Traditional Han script)

Language: zh_Hant

Co-authored-by: Hosted Weblate <hosted@weblate.org>
Co-authored-by: 秉虎 <s96016641@gmail.com>
Signed-off-by: Hosted Weblate <hosted@weblate.org>
Signed-off-by: 秉虎 <s96016641@gmail.com>

---------

Signed-off-by: Felipe Zorzo <felipe.b.zorzo@gmail.com>
Signed-off-by: Hosted Weblate <hosted@weblate.org>
Signed-off-by: Robin <39960884+robson90@users.noreply.github.com>
Signed-off-by: Kohei Tamura <ktamura.biz.80@gmail.com>
Signed-off-by: Alexander Schwartz <alexander.schwartz@gmx.net>
Signed-off-by: Ecron <ecron_89@hotmail.com>
Signed-off-by: Erik Jan de Wit <edewit@redhat.com>
Signed-off-by: Sylvain Pichon <service@spichon.fr>
Signed-off-by: Temuri Doghonadze <temuri.doghonadze@gmail.com>
Signed-off-by: 秉虎 <s96016641@gmail.com>
Co-authored-by: Felipe Zorzo <felipe.b.zorzo@gmail.com>
Co-authored-by: Robin <39960884+robson90@users.noreply.github.com>
Co-authored-by: Kohei Tamura <ktamura.biz.80@gmail.com>
Co-authored-by: Alexander Schwartz <alexander.schwartz@gmx.net>
Co-authored-by: Ecron <ecron_89@hotmail.com>
Co-authored-by: Erik Jan de Wit <edewit@redhat.com>
Co-authored-by: Sylvain Pichon <service@spichon.fr>
Co-authored-by: Temuri Doghonadze <temuri.doghonadze@gmail.com>
Co-authored-by: 秉虎 <s96016641@gmail.com>
 2025-09-01 20:44:47 +02:00
Stefan Guilhen
d855e0f06c Add support for recurring policies 
Closes #42120

Signed-off-by: Stefan Guilhen <sguilhen@redhat.com>
 2025-09-01 12:28:46 -03:00
Pedro Ruivo
935caa97ea
Disable peristent user session batching 
Closes #41662

Signed-off-by: Pedro Ruivo <1492066+pruivo@users.noreply.github.com>
Signed-off-by: Alexander Schwartz <aschwart@redhat.com>
Co-authored-by: Pedro Ruivo <1492066+pruivo@users.noreply.github.com>
Co-authored-by: Alexander Schwartz <aschwart@redhat.com>
 2025-09-01 14:33:21 +00:00
Stefan Guilhen
af96183788 Allow resource policies to be deactivated for a resource based on events 
- Listen for federated identity add/remove events to activate and deactivate policies based on IDP association

Closes #42107
Closes #42108

Signed-off-by: Stefan Guilhen <sguilhen@redhat.com>
 2025-09-01 11:02:00 -03:00
Stefan Guilhen
05fa5cb552 Add enabled config option to resource policies 
Closes #42104

Signed-off-by: Stefan Guilhen <sguilhen@redhat.com>
 2025-09-01 10:28:01 -03:00
Tobias Genannt
ca93863d60
fix: Update to new dash standard 
Closes #42270

Signed-off-by: Tobias Genannt <tobias.genannt@gmail.com>
 2025-09-01 12:49:02 +00:00
am97
23b9a1fa21
Add some missing 409 REST response codes 
Closes #42269

Signed-off-by: Andrés Maldonado <maldonado@codelutin.com>
 2025-09-01 12:48:47 +00:00
Pedro Ruivo
f4ec4cff1a
Configure topology information in Infinispan 
Closes #41933

Signed-off-by: Pedro Ruivo <1492066+pruivo@users.noreply.github.com>
Co-authored-by: Pedro Ruivo <1492066+pruivo@users.noreply.github.com>
 2025-09-01 14:40:39 +02:00
Christian Ja
8566d8e74b
Add message header to e-mail validition confirmation screen 
fixes #41701

Signed-off-by: Christian Janker <christian.janker@gmx.at>
 2025-09-01 14:39:25 +02:00
Václav Muzikář
804b2df10d
Upgrade to Quarkus 3.26.1 
Closes #42243

Signed-off-by: Václav Muzikář <vmuzikar@redhat.com>
 2025-09-01 14:05:08 +02:00
am97
0c91d106a2
Add build documentation for REST API and Javadoc 
Closes #42176

Signed-off-by: Andrés Maldonado <maldonado@codelutin.com>
Signed-off-by: Alexander Schwartz <alexander.schwartz@gmx.net>
Co-authored-by: Alexander Schwartz <alexander.schwartz@gmx.net>
 2025-09-01 11:37:26 +00:00
dependabot[bot]
6f87b080b0
Bump rollup from 4.49.0 to 4.50.0 in /js (#42261) 
Bumps [rollup](https://github.com/rollup/rollup) from 4.49.0 to 4.50.0.
- [Release notes](https://github.com/rollup/rollup/releases)
- [Changelog](https://github.com/rollup/rollup/blob/master/CHANGELOG.md)
- [Commits](https://github.com/rollup/rollup/compare/v4.49.0...v4.50.0)

---
updated-dependencies:
- dependency-name: rollup
  dependency-version: 4.50.0
  dependency-type: direct:development
  update-type: version-update:semver-minor
...

Signed-off-by: dependabot[bot] <support@github.com>
Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com>
 2025-09-01 13:00:26 +02:00
Pedro Ruivo
3c541996c7
Cache UserAgent parsing result 
Closes #42180

Signed-off-by: Pedro Ruivo <1492066+pruivo@users.noreply.github.com>
Co-authored-by: Pedro Ruivo <1492066+pruivo@users.noreply.github.com>
 2025-09-01 11:50:59 +02:00
Giuseppe Graziano
a022783d27 DPop validation refactor 
Closes #42031

Signed-off-by: Giuseppe Graziano <g.graziano94@gmail.com>
 2025-09-01 11:45:07 +02:00
Giuseppe Graziano
6dc9d0d439 Check manage-account-links role for client initiated account linking 
Closes #41914

Signed-off-by: Giuseppe Graziano <g.graziano94@gmail.com>
 2025-09-01 11:25:49 +02:00
Giuseppe Graziano
4262480bc2 Validation for blank Client ID 
Closes #41041

Signed-off-by: Giuseppe Graziano <g.graziano94@gmail.com>
 2025-09-01 11:20:32 +02:00
dependabot[bot]
0d7e5b2de3
Bump react-i18next from 15.7.2 to 15.7.3 in /js (#42220) 
Bumps [react-i18next](https://github.com/i18next/react-i18next) from 15.7.2 to 15.7.3.
- [Changelog](https://github.com/i18next/react-i18next/blob/master/CHANGELOG.md)
- [Commits](https://github.com/i18next/react-i18next/compare/v15.7.2...v15.7.3)

---
updated-dependencies:
- dependency-name: react-i18next
  dependency-version: 15.7.3
  dependency-type: direct:production
  update-type: version-update:semver-patch
...

Signed-off-by: dependabot[bot] <support@github.com>
Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com>
 2025-08-31 12:49:54 +02:00
Steven Hawkins
f52421fe44
fix: improve handling when expressions are disabled (#42189) 
closes: #42158

Signed-off-by: Steve Hawkins <shawkins@redhat.com>
 2025-08-29 15:21:38 +02:00
Václav Muzikář
27249239a9
Upgrade to Quarkus 3.26.0 (#42204) 
Closes #42202

Signed-off-by: Václav Muzikář <vmuzikar@redhat.com>
 2025-08-29 09:56:22 -03:00
Jon Koops
1769e2ec46
Stabilize the client scope tests for the admin console (#42227) 
Closes #41193

Signed-off-by: Jon Koops <jonkoops@gmail.com>
 2025-08-29 07:04:39 -04:00
Steven Hawkins
ec0f64b4cd
fix: adding debug logging for the KeycloakRealmImport (#42102) 
also simplifying status logic

closes: #42019

Signed-off-by: Steve Hawkins <shawkins@redhat.com>
 2025-08-29 12:57:00 +02:00
Alexander Schwartz
1eba022149
Document network latency requirements for high available setups 
Closes #42186

Signed-off-by: Alexander Schwartz <aschwart@redhat.com>
 2025-08-28 23:46:20 +02:00
Pedro Igor
a64c5c0d70 Adding RLM Admin API and basic endpoints 
Closes #40346

Signed-off-by: Pedro Igor <pigor.craveiro@gmail.com>
 2025-08-28 14:49:21 -03:00
Steven Hawkins
e891336167
fix: expands our warnings/notes around placeholder usage (#42151) 
addresses CVE-2025-9162

closes: #42046

Signed-off-by: Steve Hawkins <shawkins@redhat.com>
 2025-08-28 17:06:55 +02:00
Steven Hawkins
183a96d6a1
enhance: adding the ability to set truststores via configmaps (#41796) 
closes: #34114

Signed-off-by: Steve Hawkins <shawkins@redhat.com>
 2025-08-28 16:55:52 +02:00
Steven Hawkins
856df9ea3d
fix: adds simple log scraping to error state detection (#41800) 
closes: #21816

Signed-off-by: Steve Hawkins <shawkins@redhat.com>
 2025-08-28 11:05:16 +02:00
Steven Hawkins
565e195f48
enhance: allow for control over what port health checks are exposed on (#41759) 
closes: #39506

Signed-off-by: Steve Hawkins <shawkins@redhat.com>
 2025-08-28 10:18:22 +02:00
dependabot[bot]
bcdbde38dd
Bump rollup from 4.48.1 to 4.49.0 in /js (#42196) 
Bumps [rollup](https://github.com/rollup/rollup) from 4.48.1 to 4.49.0.
- [Release notes](https://github.com/rollup/rollup/releases)
- [Changelog](https://github.com/rollup/rollup/blob/master/CHANGELOG.md)
- [Commits](https://github.com/rollup/rollup/compare/v4.48.1...v4.49.0)

---
updated-dependencies:
- dependency-name: rollup
  dependency-version: 4.49.0
  dependency-type: direct:development
  update-type: version-update:semver-minor
...

Signed-off-by: dependabot[bot] <support@github.com>
Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com>
 2025-08-28 09:50:12 +02:00
Alexis Rico
224ccbb79d Make organization domains optional 
Closes #31285

Signed-off-by: Alexis Rico <sferadev@gmail.com>
 2025-08-27 18:11:15 -03:00
Niko Köbler
236d2f9f62
Add configuration option to automatically add recovery codes action after otp configuration 
closes #41836

Signed-off-by: Niko Köbler <niko@n-k.de>
Signed-off-by: Alexander Schwartz <aschwart@redhat.com>
Co-authored-by: Alexander Schwartz <aschwart@redhat.com>
 2025-08-27 17:56:59 +02:00
Jon Koops
9ac33e53e6
Store Corepack tools in GitHub cache (#42168) 
Closes #42165

Signed-off-by: Jon Koops <jonkoops@gmail.com>
 2025-08-27 12:52:37 +02:00
dependabot[bot]
594a48f525
Bump vite-plugin-checker from 0.10.2 to 0.10.3 in /js (#42147) 
Bumps [vite-plugin-checker](https://github.com/fi3ework/vite-plugin-checker) from 0.10.2 to 0.10.3.
- [Release notes](https://github.com/fi3ework/vite-plugin-checker/releases)
- [Changelog](https://github.com/fi3ework/vite-plugin-checker/blob/main/CHANGELOG.md)
- [Commits](https://github.com/fi3ework/vite-plugin-checker/compare/vite-plugin-checker@0.10.2...vite-plugin-checker@0.10.3)

---
updated-dependencies:
- dependency-name: vite-plugin-checker
  dependency-version: 0.10.3
  dependency-type: direct:development
  update-type: version-update:semver-patch
...

Signed-off-by: dependabot[bot] <support@github.com>
Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com>
 2025-08-27 11:43:16 +02:00
dependabot[bot]
419b18c285
Bump @noble/hashes from 1.8.0 to 2.0.0 in /js (#42148) 
Bumps [@noble/hashes](https://github.com/paulmillr/noble-hashes) from 1.8.0 to 2.0.0.
- [Release notes](https://github.com/paulmillr/noble-hashes/releases)
- [Commits](https://github.com/paulmillr/noble-hashes/compare/1.8.0...2.0.0)

---
updated-dependencies:
- dependency-name: "@noble/hashes"
  dependency-version: 2.0.0
  dependency-type: direct:production
  update-type: version-update:semver-major
...

Signed-off-by: dependabot[bot] <support@github.com>
Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com>
 2025-08-27 11:42:55 +02:00
dependabot[bot]
95edc5dfd3
Bump typescript-eslint from 8.40.0 to 8.41.0 in /js (#42149) 
Bumps [typescript-eslint](https://github.com/typescript-eslint/typescript-eslint/tree/HEAD/packages/typescript-eslint) from 8.40.0 to 8.41.0.
- [Release notes](https://github.com/typescript-eslint/typescript-eslint/releases)
- [Changelog](https://github.com/typescript-eslint/typescript-eslint/blob/main/packages/typescript-eslint/CHANGELOG.md)
- [Commits](https://github.com/typescript-eslint/typescript-eslint/commits/v8.41.0/packages/typescript-eslint)

---
updated-dependencies:
- dependency-name: typescript-eslint
  dependency-version: 8.41.0
  dependency-type: direct:development
  update-type: version-update:semver-minor
...

Signed-off-by: dependabot[bot] <support@github.com>
Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com>
 2025-08-27 11:42:03 +02:00
dependabot[bot]
c145fdd06b
Bump rollup from 4.48.0 to 4.48.1 in /js (#42155) 
Bumps [rollup](https://github.com/rollup/rollup) from 4.48.0 to 4.48.1.
- [Release notes](https://github.com/rollup/rollup/releases)
- [Changelog](https://github.com/rollup/rollup/blob/master/CHANGELOG.md)
- [Commits](https://github.com/rollup/rollup/compare/v4.48.0...v4.48.1)

---
updated-dependencies:
- dependency-name: rollup
  dependency-version: 4.48.1
  dependency-type: direct:development
  update-type: version-update:semver-patch
...

Signed-off-by: dependabot[bot] <support@github.com>
Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com>
 2025-08-27 11:41:43 +02:00
tzchenxixi
939f8a8985
chore: remove redundant word in comment (#42160) 
Signed-off-by: tzchenxixi <tzchenxixi@icloud.com>
 2025-08-27 09:02:22 +00:00
Giuseppe Graziano
7e486cb827
Implements credential type in RecoveryAuthnCodesCredentialProvider 
Closes #42050

Signed-off-by: Giuseppe Graziano <g.graziano94@gmail.com>
 2025-08-26 21:08:35 +00:00
Alexander Schwartz
ca1e61047a
Adding TiDB dialect for Quarkus 
Closes #41897

Signed-off-by: Alexander Schwartz <aschwart@redhat.com>
Signed-off-by: Dennis Kniep <kniepdennis@gmail.com>
Co-authored-by: Dennis Kniep <kniepdennis@gmail.com>
 2025-08-26 17:44:45 -03:00
Pedro Ruivo
a01571c2cc
Import client sessions into Infinispan concurrently for persistent sessions 
Closes #41074

Signed-off-by: Pedro Ruivo <1492066+pruivo@users.noreply.github.com>
Co-authored-by: Pedro Ruivo <1492066+pruivo@users.noreply.github.com>
 2025-08-26 22:16:04 +02:00
Pedro Igor
600f03d1d0
Make it possible to check for permissions when deciding if a feature is enabled or not 
Do not query organizations if manage-realm is not granted

Closes #41418

Signed-off-by: Pedro Igor <pigor.craveiro@gmail.com>
 2025-08-26 21:31:07 +02:00
Stefan Guilhen
8eb6ee619f Rework getEligibleResourcesForInitialAction so it returns all resources that are eligible to be associated with a policy 
Closes #42106

Signed-off-by: Stefan Guilhen <sguilhen@redhat.com>
 2025-08-26 11:52:46 -03:00
Ricardo Martin
360ff7050c
Use back keycloak-js instead of initiate login in the backend for account (#42035) 
Closes #40463

Signed-off-by: rmartinc <rmartinc@redhat.com>
 2025-08-26 16:29:46 +02:00
Jon Koops
43a569768c
Add loading states for contexts to prevent partial rendering (#42070) 
Closes #42069

Signed-off-by: Jon Koops <jonkoops@gmail.com>
 2025-08-26 13:50:12 +02:00
Jon Koops
34adb1e827
Use a plain representation for WhoAmI context (#42134) 
Closes #42132

Signed-off-by: Jon Koops <jonkoops@gmail.com>
 2025-08-26 13:09:24 +02:00
Alexander Schwartz
36cbbbc7b4
Avoid deleting old client sessions 
If this is done concurrently, this can load to errors with Hibernate and its optimistic locking

Closes #41427

Signed-off-by: Alexander Schwartz <aschwart@redhat.com>
 2025-08-26 09:59:51 +02:00
Pedro Igor
ee771fe8a0
Align requirement settings for inputType and other annotations to not required (#42115) 
Closes #42052

Signed-off-by: Pedro Igor <pigor.craveiro@gmail.com>
 2025-08-25 19:24:33 -04:00
laureat-natzka
edbe28147e
Pass IDP config values to themes (#40373) 
Signed-off-by: Laureat Grepi <laureat@Laureat-MacBook-Pro.local>
Co-authored-by: Laureat Grepi <laureat@Laureat-MacBook-Pro.local>
 2025-08-25 17:50:06 +00:00
Pedro Ruivo
6bcaa63124
Concurrently update the remote caches 
Closes #42096

Signed-off-by: Pedro Ruivo <1492066+pruivo@users.noreply.github.com>
Co-authored-by: Pedro Ruivo <1492066+pruivo@users.noreply.github.com>
 2025-08-25 16:39:17 +02:00
Giuseppe Graziano
3fe390a517
Add missing messages for required actions 
Closes #41937

Signed-off-by: Giuseppe Graziano <g.graziano94@gmail.com>
 2025-08-25 14:11:14 +02:00
dependabot[bot]
d6ae704cc1
Bump react-i18next from 15.7.1 to 15.7.2 in /js (#42083) 
Bumps [react-i18next](https://github.com/i18next/react-i18next) from 15.7.1 to 15.7.2.
- [Changelog](https://github.com/i18next/react-i18next/blob/master/CHANGELOG.md)
- [Commits](https://github.com/i18next/react-i18next/compare/v15.7.1...v15.7.2)

---
updated-dependencies:
- dependency-name: react-i18next
  dependency-version: 15.7.2
  dependency-type: direct:production
  update-type: version-update:semver-patch
...

Signed-off-by: dependabot[bot] <support@github.com>
Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com>
 2025-08-25 11:20:18 +00:00
dependabot[bot]
67bf1bc641
Bump @faker-js/faker from 9.9.0 to 10.0.0 in /js (#42084) 
Bumps [@faker-js/faker](https://github.com/faker-js/faker) from 9.9.0 to 10.0.0.
- [Release notes](https://github.com/faker-js/faker/releases)
- [Changelog](https://github.com/faker-js/faker/blob/next/CHANGELOG.md)
- [Commits](https://github.com/faker-js/faker/compare/v9.9.0...v10.0.0)

---
updated-dependencies:
- dependency-name: "@faker-js/faker"
  dependency-version: 10.0.0
  dependency-type: direct:development
  update-type: version-update:semver-major
...

Signed-off-by: dependabot[bot] <support@github.com>
Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com>
 2025-08-25 11:27:46 +02:00
dependabot[bot]
8f7e2d4d0b
Bump i18next from 25.4.0 to 25.4.2 in /js (#42085) 
Bumps [i18next](https://github.com/i18next/i18next) from 25.4.0 to 25.4.2.
- [Release notes](https://github.com/i18next/i18next/releases)
- [Changelog](https://github.com/i18next/i18next/blob/master/CHANGELOG.md)
- [Commits](https://github.com/i18next/i18next/compare/v25.4.0...v25.4.2)

---
updated-dependencies:
- dependency-name: i18next
  dependency-version: 25.4.2
  dependency-type: direct:production
  update-type: version-update:semver-patch
...

Signed-off-by: dependabot[bot] <support@github.com>
Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com>
 2025-08-25 11:27:01 +02:00
dependabot[bot]
0179cd0493
Bump eslint from 9.33.0 to 9.34.0 in /js (#42086) 
Bumps [eslint](https://github.com/eslint/eslint) from 9.33.0 to 9.34.0.
- [Release notes](https://github.com/eslint/eslint/releases)
- [Changelog](https://github.com/eslint/eslint/blob/main/CHANGELOG.md)
- [Commits](https://github.com/eslint/eslint/compare/v9.33.0...v9.34.0)

---
updated-dependencies:
- dependency-name: eslint
  dependency-version: 9.34.0
  dependency-type: direct:development
  update-type: version-update:semver-minor
...

Signed-off-by: dependabot[bot] <support@github.com>
Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com>
 2025-08-25 11:26:41 +02:00
dependabot[bot]
3524ed6e9c
Bump properties-file from 3.5.13 to 3.6.0 in /js (#42087) 
Bumps [properties-file](https://github.com/properties-file/properties-file) from 3.5.13 to 3.6.0.
- [Release notes](https://github.com/properties-file/properties-file/releases)
- [Changelog](https://github.com/properties-file/properties-file/blob/main/CHANGELOG.md)
- [Commits](https://github.com/properties-file/properties-file/compare/3.5.13...3.6.0)

---
updated-dependencies:
- dependency-name: properties-file
  dependency-version: 3.6.0
  dependency-type: direct:development
  update-type: version-update:semver-minor
...

Signed-off-by: dependabot[bot] <support@github.com>
Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com>
 2025-08-25 11:26:23 +02:00
dependabot[bot]
9ed7b49eff
Bump rollup from 4.47.1 to 4.48.0 in /js (#42088) 
Bumps [rollup](https://github.com/rollup/rollup) from 4.47.1 to 4.48.0.
- [Release notes](https://github.com/rollup/rollup/releases)
- [Changelog](https://github.com/rollup/rollup/blob/master/CHANGELOG.md)
- [Commits](https://github.com/rollup/rollup/compare/v4.47.1...v4.48.0)

---
updated-dependencies:
- dependency-name: rollup
  dependency-version: 4.48.0
  dependency-type: direct:development
  update-type: version-update:semver-minor
...

Signed-off-by: dependabot[bot] <support@github.com>
Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com>
 2025-08-25 11:25:59 +02:00
dependabot[bot]
acb199aa3c
Bump chai from 5.3.1 to 6.0.1 in /js (#42089) 
Bumps [chai](https://github.com/chaijs/chai) from 5.3.1 to 6.0.1.
- [Release notes](https://github.com/chaijs/chai/releases)
- [Changelog](https://github.com/chaijs/chai/blob/main/History.md)
- [Commits](https://github.com/chaijs/chai/compare/v5.3.1...v6.0.1)

---
updated-dependencies:
- dependency-name: chai
  dependency-version: 6.0.1
  dependency-type: direct:development
  update-type: version-update:semver-major
...

Signed-off-by: dependabot[bot] <support@github.com>
Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com>
 2025-08-25 11:25:43 +02:00
dependabot[bot]
6981b532c0
Bump @eslint/js from 9.33.0 to 9.34.0 in /js (#42090) 
Bumps [@eslint/js](https://github.com/eslint/eslint/tree/HEAD/packages/js) from 9.33.0 to 9.34.0.
- [Release notes](https://github.com/eslint/eslint/releases)
- [Changelog](https://github.com/eslint/eslint/blob/main/CHANGELOG.md)
- [Commits](https://github.com/eslint/eslint/commits/v9.34.0/packages/js)

---
updated-dependencies:
- dependency-name: "@eslint/js"
  dependency-version: 9.34.0
  dependency-type: direct:development
  update-type: version-update:semver-minor
...

Signed-off-by: dependabot[bot] <support@github.com>
Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com>
 2025-08-25 11:25:17 +02:00
dependabot[bot]
aa1ab77d59
Bump @vitejs/plugin-react-swc from 4.0.0 to 4.0.1 in /js (#41990) 
Bumps [@vitejs/plugin-react-swc](https://github.com/vitejs/vite-plugin-react/tree/HEAD/packages/plugin-react-swc) from 4.0.0 to 4.0.1.
- [Release notes](https://github.com/vitejs/vite-plugin-react/releases)
- [Changelog](https://github.com/vitejs/vite-plugin-react/blob/main/packages/plugin-react-swc/CHANGELOG.md)
- [Commits](https://github.com/vitejs/vite-plugin-react/commits/plugin-react@4.0.1/packages/plugin-react-swc)

---
updated-dependencies:
- dependency-name: "@vitejs/plugin-react-swc"
  dependency-version: 4.0.1
  dependency-type: direct:development
  update-type: version-update:semver-patch
...

Signed-off-by: dependabot[bot] <support@github.com>
Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com>
 2025-08-24 14:20:15 +02:00
dependabot[bot]
18f9ca40cb
Bump react-i18next from 15.6.1 to 15.7.1 in /js (#42058) 
Bumps [react-i18next](https://github.com/i18next/react-i18next) from 15.6.1 to 15.7.1.
- [Changelog](https://github.com/i18next/react-i18next/blob/master/CHANGELOG.md)
- [Commits](https://github.com/i18next/react-i18next/compare/v15.6.1...v15.7.1)

---
updated-dependencies:
- dependency-name: react-i18next
  dependency-version: 15.7.1
  dependency-type: direct:production
  update-type: version-update:semver-minor
...

Signed-off-by: dependabot[bot] <support@github.com>
Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com>
 2025-08-24 14:20:00 +02:00
dependabot[bot]
54e9fc9e0d
Bump rollup from 4.46.3 to 4.47.1 in /js (#42059) 
Bumps [rollup](https://github.com/rollup/rollup) from 4.46.3 to 4.47.1.
- [Release notes](https://github.com/rollup/rollup/releases)
- [Changelog](https://github.com/rollup/rollup/blob/master/CHANGELOG.md)
- [Commits](https://github.com/rollup/rollup/compare/v4.46.3...v4.47.1)

---
updated-dependencies:
- dependency-name: rollup
  dependency-version: 4.47.1
  dependency-type: direct:development
  update-type: version-update:semver-minor
...

Signed-off-by: dependabot[bot] <support@github.com>
Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com>
 2025-08-24 14:19:42 +02:00
dependabot[bot]
52a5f2f3af
Bump i18next from 25.3.6 to 25.4.0 in /js (#42027) 
Bumps [i18next](https://github.com/i18next/i18next) from 25.3.6 to 25.4.0.
- [Release notes](https://github.com/i18next/i18next/releases)
- [Changelog](https://github.com/i18next/i18next/blob/master/CHANGELOG.md)
- [Commits](https://github.com/i18next/i18next/compare/v25.3.6...v25.4.0)

---
updated-dependencies:
- dependency-name: i18next
  dependency-version: 25.4.0
  dependency-type: direct:production
  update-type: version-update:semver-minor
...

Signed-off-by: dependabot[bot] <support@github.com>
Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com>
 2025-08-22 15:00:33 -04:00
dependabot[bot]
95367ca2e1
Bump @playwright/test from 1.54.2 to 1.55.0 in /js (#42025) 
Bumps [@playwright/test](https://github.com/microsoft/playwright) from 1.54.2 to 1.55.0.
- [Release notes](https://github.com/microsoft/playwright/releases)
- [Commits](https://github.com/microsoft/playwright/compare/v1.54.2...v1.55.0)

---
updated-dependencies:
- dependency-name: "@playwright/test"
  dependency-version: 1.55.0
  dependency-type: direct:development
  update-type: version-update:semver-minor
...

Signed-off-by: dependabot[bot] <support@github.com>
Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com>
 2025-08-22 15:00:06 -04:00
dependabot[bot]
e80e498aad
Bump @testing-library/jest-dom from 6.7.0 to 6.8.0 in /js (#42024) 
Bumps [@testing-library/jest-dom](https://github.com/testing-library/jest-dom) from 6.7.0 to 6.8.0.
- [Release notes](https://github.com/testing-library/jest-dom/releases)
- [Changelog](https://github.com/testing-library/jest-dom/blob/main/CHANGELOG.md)
- [Commits](https://github.com/testing-library/jest-dom/compare/v6.7.0...v6.8.0)

---
updated-dependencies:
- dependency-name: "@testing-library/jest-dom"
  dependency-version: 6.8.0
  dependency-type: direct:development
  update-type: version-update:semver-minor
...

Signed-off-by: dependabot[bot] <support@github.com>
Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com>
 2025-08-22 14:59:42 -04:00
dependabot[bot]
3177029022
Bump vite from 7.1.1 to 7.1.3 in /js (#41989) 
Bumps [vite](https://github.com/vitejs/vite/tree/HEAD/packages/vite) from 7.1.1 to 7.1.3.
- [Release notes](https://github.com/vitejs/vite/releases)
- [Changelog](https://github.com/vitejs/vite/blob/main/packages/vite/CHANGELOG.md)
- [Commits](https://github.com/vitejs/vite/commits/v7.1.3/packages/vite)

---
updated-dependencies:
- dependency-name: vite
  dependency-version: 7.1.3
  dependency-type: direct:development
  update-type: version-update:semver-patch
...

Signed-off-by: dependabot[bot] <support@github.com>
Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com>
 2025-08-22 14:57:43 -04:00
Andy
b7c876b812
fix: remove robots meta tags from Freemarker templates 
Closes: #34206

Co-authored-by: copilot-swe-agent[bot] <198982749+Copilot@users.noreply.github.com>
 2025-08-22 17:32:14 +02:00
Pedro Ruivo
61e488bbf0
Skip configuring jdbc-ping stack in local mode 
Closes #42047

Signed-off-by: Pedro Ruivo <1492066+pruivo@users.noreply.github.com>
Co-authored-by: Pedro Ruivo <1492066+pruivo@users.noreply.github.com>
 2025-08-22 15:11:58 +02:00
Thomas Darimont
8f326750e8 More flexible handling of params, headers and entities for SimpleHTTP (#42016) 
Fixes #42016

Signed-off-by: Thomas Darimont <thomas.darimont@googlemail.com>
 2025-08-22 09:44:45 -03:00
Stan Silvert
de6a1debfa
Flaky realm overrides test (#42051) 
* Fix flaky realm overrides test.

Fixes #42018

Signed-off-by: Stan Silvert <ssilvert@redhat.com>

* Change test order.

Fixes #42018

Signed-off-by: Stan Silvert <ssilvert@redhat.com>

---------

Signed-off-by: Stan Silvert <ssilvert@redhat.com>
 2025-08-21 15:33:21 -04:00
Jon Koops
1173ced9f2
Stabilize personal info tests in account console (#42007) 
Closes #42006

Signed-off-by: Jon Koops <jonkoops@gmail.com>
 2025-08-21 16:37:56 +02:00
Steven Hawkins
2f2265435c
fix: preventing possible NPEs 
closes: #39960

Signed-off-by: Steve Hawkins <shawkins@redhat.com>
Signed-off-by: Alexander Schwartz <alexander.schwartz@gmx.net>
Co-authored-by: Alexander Schwartz <alexander.schwartz@gmx.net>
 2025-08-21 15:58:30 +02:00
Martin Bartoš
9315147e47 [RLM] NPE during user authentication 
Closes #42033

Signed-off-by: Martin Bartoš <mabartos@redhat.com>
 2025-08-21 09:41:34 -03:00
Sebastian Łaskawiec
4c0f071d45
Upgrade Prep doc polishing 
Closes #41898

Signed-off-by: Sebastian Łaskawiec <sebastian.laskawiec@defenseunicorns.com>
 2025-08-21 13:19:59 +02:00
Martin Bartoš
6149d66405
Update screenshot for traces in Jaeger (#42036) 
Signed-off-by: Martin Bartoš <mabartos@redhat.com>
 2025-08-21 13:17:20 +02:00
Pedro Ruivo
2f131fa56c
Detect and handle KC split brain clusters 
Closes #41561

Signed-off-by: Pedro Ruivo <1492066+pruivo@users.noreply.github.com>
Signed-off-by: Pedro Ruivo <pruivo@users.noreply.github.com>
Signed-off-by: Alexander Schwartz <aschwart@redhat.com>
Co-authored-by: Pedro Ruivo <1492066+pruivo@users.noreply.github.com>
Co-authored-by: Alexander Schwartz <alexander.schwartz@gmx.net>
Co-authored-by: Alexander Schwartz <aschwart@redhat.com>
 2025-08-21 11:18:34 +02:00
Ricardo Martin
46e990b7a7
Check for non-ascii local part on emails depending on SMTP configuration 
Closes #41994

Signed-off-by: rmartinc <rmartinc@redhat.com>
 2025-08-21 08:16:47 +00:00
Steven Hawkins
9dc9a2ba86
fix: using volatile for double checked locking 
closes: #40630

Signed-off-by: Steve Hawkins <shawkins@redhat.com>
Signed-off-by: Steven Hawkins <shawkins@redhat.com>
 2025-08-21 09:20:39 +02:00
Steven Hawkins
c2a7914c73
fix: removing test os restriction (#41952) 
closes: #13501

Signed-off-by: Steve Hawkins <shawkins@redhat.com>
 2025-08-20 17:45:28 -04:00
Stefan Guilhen
70659ac183
Rework RLM core to schedule action based on events @sguilhen (#42010) 
* Rework RLM core to schedule action based on events

Closes #41803

Signed-off-by: Pedro Igor <pigor.craveiro@gmail.com>
Signed-off-by: Stefan Guilhen <sguilhen@redhat.com>
Co-authored-by: Pedro Igor <pigor.craveiro@gmail.com>
 2025-08-20 17:59:52 +00:00
Steven Hawkins
03b5753c84
enhance: add KC_ env variables for verbose and .sh options (#41847) 
* enhance: add KC_ env variables for verbose and .sh options

closes: #19213

Signed-off-by: Steve Hawkins <shawkins@redhat.com>
Signed-off-by: Peter Zaoral <pepo48@gmail.com>
Co-authored-by: Peter Zaoral <pepo48@gmail.com>
 2025-08-20 14:46:06 -03:00
Weblate (bot)
75078e0af8
Translations update from Hosted Weblate (#41865) 
* Updated translation for Portuguese (Brazil)

Language: pt_BR

Co-authored-by: Felipe Zorzo <felipe.b.zorzo@gmail.com>
Co-authored-by: Hosted Weblate <hosted@weblate.org>
Signed-off-by: Felipe Zorzo <felipe.b.zorzo@gmail.com>
Signed-off-by: Hosted Weblate <hosted@weblate.org>

* Updated translation for German

Language: de

Co-authored-by: Ettore Atalan <atalanttore@googlemail.com>
Co-authored-by: Hosted Weblate <hosted@weblate.org>
Signed-off-by: Ettore Atalan <atalanttore@googlemail.com>
Signed-off-by: Hosted Weblate <hosted@weblate.org>

* Update translation files

Updated by "Cleanup translation files" hook in Weblate.

Updated translation for Japanese

Language: ja

Co-authored-by: Hosted Weblate <hosted@weblate.org>
Co-authored-by: Takashi Norimatsu <takashi.norimatsu.ws@hitachi.com>
Signed-off-by: Hosted Weblate <hosted@weblate.org>
Signed-off-by: Takashi Norimatsu <takashi.norimatsu.ws@hitachi.com>

* Update translation files

Updated by "Cleanup translation files" hook in Weblate.

Updated translation for Dutch

Language: nl

Co-authored-by: Hosted Weblate <hosted@weblate.org>
Co-authored-by: Jan Herrygers <jherrygers@vaa.com>
Signed-off-by: Hosted Weblate <hosted@weblate.org>
Signed-off-by: Jan Herrygers <jherrygers@vaa.com>

* Update translation files

Updated by "Cleanup translation files" hook in Weblate.

Updated translation for French

Language: fr

Updated translation for French

Language: fr

Updated translation for French

Language: fr

Updated translation for French

Language: fr

Updated translation for French

Language: fr

Co-authored-by: Hosted Weblate <hosted@weblate.org>
Co-authored-by: Sylvain Pichon <service@spichon.fr>
Signed-off-by: Hosted Weblate <hosted@weblate.org>
Signed-off-by: Sylvain Pichon <service@spichon.fr>

* Update translation files

Updated by "Cleanup translation files" hook in Weblate.

Updated translation for Chinese (Traditional Han script)

Language: zh_Hant

Updated translation for Chinese (Traditional Han script)

Language: zh_Hant

Updated translation for Chinese (Traditional Han script)

Language: zh_Hant

Updated translation for Chinese (Traditional Han script)

Language: zh_Hant

Updated translation for Chinese (Traditional Han script)

Language: zh_Hant

Updated translation for Chinese (Traditional Han script)

Language: zh_Hant

Updated translation for Chinese (Traditional Han script)

Language: zh_Hant

Updated translation for Chinese (Traditional Han script)

Language: zh_Hant

Updated translation for Chinese (Traditional Han script)

Language: zh_Hant

Updated translation for Chinese (Traditional Han script)

Language: zh_Hant

Updated translation for Chinese (Traditional Han script)

Language: zh_Hant

Updated translation for Chinese (Traditional Han script)

Language: zh_Hant

Updated translation for Chinese (Traditional Han script)

Language: zh_Hant

Updated translation for Chinese (Traditional Han script)

Language: zh_Hant

Updated translation for Chinese (Traditional Han script)

Language: zh_Hant

Updated translation for Chinese (Traditional Han script)

Language: zh_Hant

Updated translation for Chinese (Traditional Han script)

Language: zh_Hant

Updated translation for Chinese (Traditional Han script)

Language: zh_Hant

Updated translation for Chinese (Traditional Han script)

Language: zh_Hant

Updated translation for Chinese (Traditional Han script)

Language: zh_Hant

Updated translation for Chinese (Traditional Han script)

Language: zh_Hant

Updated translation for Chinese (Traditional Han script)

Language: zh_Hant

Updated translation for Chinese (Traditional Han script)

Language: zh_Hant

Updated translation for Chinese (Traditional Han script)

Language: zh_Hant

Updated translation for Chinese (Traditional Han script)

Language: zh_Hant

Updated translation for Chinese (Traditional Han script)

Language: zh_Hant

Updated translation for Chinese (Traditional Han script)

Language: zh_Hant

Updated translation for Chinese (Traditional Han script)

Language: zh_Hant

Updated translation for Chinese (Traditional Han script)

Language: zh_Hant

Updated translation for Chinese (Traditional Han script)

Language: zh_Hant

Updated translation for Chinese (Traditional Han script)

Language: zh_Hant

Updated translation for Chinese (Traditional Han script)

Language: zh_Hant

Updated translation for Chinese (Traditional Han script)

Language: zh_Hant

Updated translation for Chinese (Traditional Han script)

Language: zh_Hant

Updated translation for Chinese (Traditional Han script)

Language: zh_Hant

Co-authored-by: Hosted Weblate <hosted@weblate.org>
Co-authored-by: 秉虎 <s96016641@gmail.com>
Co-authored-by: 翁震軒 <benwater12@gmail.com>
Signed-off-by: Hosted Weblate <hosted@weblate.org>
Signed-off-by: 秉虎 <s96016641@gmail.com>
Signed-off-by: 翁震軒 <benwater12@gmail.com>

---------

Signed-off-by: Felipe Zorzo <felipe.b.zorzo@gmail.com>
Signed-off-by: Hosted Weblate <hosted@weblate.org>
Signed-off-by: Ettore Atalan <atalanttore@googlemail.com>
Signed-off-by: Takashi Norimatsu <takashi.norimatsu.ws@hitachi.com>
Signed-off-by: Jan Herrygers <jherrygers@vaa.com>
Signed-off-by: Sylvain Pichon <service@spichon.fr>
Signed-off-by: 秉虎 <s96016641@gmail.com>
Signed-off-by: 翁震軒 <benwater12@gmail.com>
Co-authored-by: Felipe Zorzo <felipe.b.zorzo@gmail.com>
Co-authored-by: Ettore Atalan <atalanttore@googlemail.com>
Co-authored-by: Takashi Norimatsu <takashi.norimatsu.ws@hitachi.com>
Co-authored-by: Jan Herrygers <jherrygers@vaa.com>
Co-authored-by: Sylvain Pichon <service@spichon.fr>
Co-authored-by: 秉虎 <s96016641@gmail.com>
Co-authored-by: 翁震軒 <benwater12@gmail.com>
 2025-08-20 18:25:06 +02:00
Ryan Emerson
481555c97e
Define default topologySpreadConstraints 
Closes #41729

Signed-off-by: Ryan Emerson <remerson@ibm.com>
 2025-08-20 13:58:37 +02:00
Ryan Emerson
cd42a503d2
Update observability metrics guides to reference single and multi-cluster architectures 
Closes #41938

Signed-off-by: Ryan Emerson <remerson@ibm.com>
 2025-08-20 13:31:52 +02:00
Marek Posolda
dd7ad5b866
Ability to display 'authenticator provider' of the WebAuthn credential (#41615) 
closes #41613

Signed-off-by: mposolda <mposolda@gmail.com>


Co-authored-by: Jon Koops <jonkoops@gmail.com>
Signed-off-by: Marek Posolda <mposolda@gmail.com>
 2025-08-20 11:42:24 +02:00
Jon Koops
32ae5fe100
Collect Playwright reports and server logs on stability runs (#41976) 
Closes #41974

Signed-off-by: Jon Koops <jonkoops@gmail.com>
 2025-08-20 08:09:47 +02:00
Alexander Schwartz
09f863bf9d
Don't validate duplicate credential label on update if label is unchanged 
Closes #41945

Signed-off-by: Alexander Schwartz <alexander.schwartz@gmx.net>
 2025-08-20 08:06:06 +02:00
Pedro Igor
c7fedb77e3 Skip processing HEAD requests for action tokens 
Closes #41834

Signed-off-by: Pedro Igor <pigor.craveiro@gmail.com>
 2025-08-19 17:26:03 -03:00
rmartinc
0ff7d551dd Check null for new keySize and validity parameters when generating certificates 
Closes #41906

Signed-off-by: rmartinc <rmartinc@redhat.com>
 2025-08-19 21:53:24 +02:00
Steven Hawkins
b6f039a4cc
fix: adding a default for ldap connection timeout (#41726) 
closes: #39299

Signed-off-by: Steve Hawkins <shawkins@redhat.com>
Signed-off-by: Steven Hawkins <shawkins@redhat.com>
 2025-08-19 16:43:42 +00:00
Anchels
eafb3ae371
Adjusted null checks 
Closes #40061

Signed-off-by: Anchels <mishtitov@gmail.com>
Signed-off-by: Alexander Schwartz <aschwart@redhat.com>
Co-authored-by: Alexander Schwartz <aschwart@redhat.com>
 2025-08-19 16:31:59 +00:00
Ryan Emerson
b0f4b4efee
Log applied cache configurations as part of debug logs 
Closes #41950

Signed-off-by: Ryan Emerson <remerson@ibm.com>
 2025-08-19 17:01:19 +02:00
dependabot[bot]
8b69465ec0
Bump typescript-eslint from 8.39.0 to 8.40.0 in /js (#41972) 
Bumps [typescript-eslint](https://github.com/typescript-eslint/typescript-eslint/tree/HEAD/packages/typescript-eslint) from 8.39.0 to 8.40.0.
- [Release notes](https://github.com/typescript-eslint/typescript-eslint/releases)
- [Changelog](https://github.com/typescript-eslint/typescript-eslint/blob/main/packages/typescript-eslint/CHANGELOG.md)
- [Commits](https://github.com/typescript-eslint/typescript-eslint/commits/v8.40.0/packages/typescript-eslint)

---
updated-dependencies:
- dependency-name: typescript-eslint
  dependency-version: 8.40.0
  dependency-type: direct:development
  update-type: version-update:semver-minor
...

Signed-off-by: dependabot[bot] <support@github.com>
Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com>
 2025-08-19 12:39:21 +00:00
dependabot[bot]
0f1ee98fb3
Bump @types/node from 24.2.0 to 24.3.0 in /js (#41928) 
Bumps [@types/node](https://github.com/DefinitelyTyped/DefinitelyTyped/tree/HEAD/types/node) from 24.2.0 to 24.3.0.
- [Release notes](https://github.com/DefinitelyTyped/DefinitelyTyped/releases)
- [Commits](https://github.com/DefinitelyTyped/DefinitelyTyped/commits/HEAD/types/node)

---
updated-dependencies:
- dependency-name: "@types/node"
  dependency-version: 24.3.0
  dependency-type: direct:development
  update-type: version-update:semver-minor
...

Signed-off-by: dependabot[bot] <support@github.com>
Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com>
 2025-08-19 12:32:54 +00:00
dependabot[bot]
a270c2ae78
Bump @eslint/compat from 1.3.1 to 1.3.2 in /js (#41776) 
Bumps [@eslint/compat](https://github.com/eslint/rewrite/tree/HEAD/packages/compat) from 1.3.1 to 1.3.2.
- [Release notes](https://github.com/eslint/rewrite/releases)
- [Changelog](https://github.com/eslint/rewrite/blob/main/packages/compat/CHANGELOG.md)
- [Commits](https://github.com/eslint/rewrite/commits/compat-v1.3.2/packages/compat)

---
updated-dependencies:
- dependency-name: "@eslint/compat"
  dependency-version: 1.3.2
  dependency-type: direct:development
  update-type: version-update:semver-patch
...

Signed-off-by: dependabot[bot] <support@github.com>
Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com>
 2025-08-19 12:32:36 +00:00
dependabot[bot]
aa3a45af80
Bump rollup from 4.46.2 to 4.46.3 in /js (#41969) 
Bumps [rollup](https://github.com/rollup/rollup) from 4.46.2 to 4.46.3.
- [Release notes](https://github.com/rollup/rollup/releases)
- [Changelog](https://github.com/rollup/rollup/blob/master/CHANGELOG.md)
- [Commits](https://github.com/rollup/rollup/compare/v4.46.2...v4.46.3)

---
updated-dependencies:
- dependency-name: rollup
  dependency-version: 4.46.3
  dependency-type: direct:development
  update-type: version-update:semver-patch
...

Signed-off-by: dependabot[bot] <support@github.com>
Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com>
 2025-08-19 14:10:40 +02:00
dependabot[bot]
f175d1dcd1
Bump chai from 5.2.1 to 5.3.1 in /js (#41968) 
Bumps [chai](https://github.com/chaijs/chai) from 5.2.1 to 5.3.1.
- [Release notes](https://github.com/chaijs/chai/releases)
- [Changelog](https://github.com/chaijs/chai/blob/main/History.md)
- [Commits](https://github.com/chaijs/chai/compare/v5.2.1...v5.3.1)

---
updated-dependencies:
- dependency-name: chai
  dependency-version: 5.3.1
  dependency-type: direct:development
  update-type: version-update:semver-minor
...

Signed-off-by: dependabot[bot] <support@github.com>
Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com>
 2025-08-19 14:10:21 +02:00
dependabot[bot]
c98f0d8e77
Bump chalk from 5.5.0 to 5.6.0 in /js (#41927) 
Bumps [chalk](https://github.com/chalk/chalk) from 5.5.0 to 5.6.0.
- [Release notes](https://github.com/chalk/chalk/releases)
- [Commits](https://github.com/chalk/chalk/compare/v5.5.0...v5.6.0)

---
updated-dependencies:
- dependency-name: chalk
  dependency-version: 5.6.0
  dependency-type: direct:production
  update-type: version-update:semver-minor
...

Signed-off-by: dependabot[bot] <support@github.com>
Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com>
 2025-08-19 14:09:53 +02:00
dependabot[bot]
9f4858db99
Bump i18next from 25.3.2 to 25.3.6 in /js (#41895) 
Bumps [i18next](https://github.com/i18next/i18next) from 25.3.2 to 25.3.6.
- [Release notes](https://github.com/i18next/i18next/releases)
- [Changelog](https://github.com/i18next/i18next/blob/master/CHANGELOG.md)
- [Commits](https://github.com/i18next/i18next/compare/v25.3.2...v25.3.6)

---
updated-dependencies:
- dependency-name: i18next
  dependency-version: 25.3.6
  dependency-type: direct:production
  update-type: version-update:semver-patch
...

Signed-off-by: dependabot[bot] <support@github.com>
Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com>
 2025-08-19 14:09:39 +02:00
dependabot[bot]
54dd207fa7
Bump @testing-library/jest-dom from 6.6.4 to 6.7.0 in /js (#41864) 
Bumps [@testing-library/jest-dom](https://github.com/testing-library/jest-dom) from 6.6.4 to 6.7.0.
- [Release notes](https://github.com/testing-library/jest-dom/releases)
- [Changelog](https://github.com/testing-library/jest-dom/blob/main/CHANGELOG.md)
- [Commits](https://github.com/testing-library/jest-dom/compare/v6.6.4...v6.7.0)

---
updated-dependencies:
- dependency-name: "@testing-library/jest-dom"
  dependency-version: 6.7.0
  dependency-type: direct:development
  update-type: version-update:semver-minor
...

Signed-off-by: dependabot[bot] <support@github.com>
Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com>
 2025-08-19 14:09:22 +02:00
dependabot[bot]
7be747b7f6
Bump eslint from 9.32.0 to 9.33.0 in /js (#41775) 
Bumps [eslint](https://github.com/eslint/eslint) from 9.32.0 to 9.33.0.
- [Release notes](https://github.com/eslint/eslint/releases)
- [Changelog](https://github.com/eslint/eslint/blob/main/CHANGELOG.md)
- [Commits](https://github.com/eslint/eslint/compare/v9.32.0...v9.33.0)

---
updated-dependencies:
- dependency-name: eslint
  dependency-version: 9.33.0
  dependency-type: direct:development
  update-type: version-update:semver-minor
...

Signed-off-by: dependabot[bot] <support@github.com>
Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com>
 2025-08-19 14:08:24 +02:00
dependabot[bot]
d600ee6cb1
Bump @eslint/js from 9.32.0 to 9.33.0 in /js (#41774) 
Bumps [@eslint/js](https://github.com/eslint/eslint/tree/HEAD/packages/js) from 9.32.0 to 9.33.0.
- [Release notes](https://github.com/eslint/eslint/releases)
- [Changelog](https://github.com/eslint/eslint/blob/main/CHANGELOG.md)
- [Commits](https://github.com/eslint/eslint/commits/v9.33.0/packages/js)

---
updated-dependencies:
- dependency-name: "@eslint/js"
  dependency-version: 9.33.0
  dependency-type: direct:development
  update-type: version-update:semver-minor
...

Signed-off-by: dependabot[bot] <support@github.com>
Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com>
 2025-08-19 14:08:04 +02:00
dependabot[bot]
6370615170
Bump lint-staged from 16.1.4 to 16.1.5 in /js (#41773) 
Bumps [lint-staged](https://github.com/lint-staged/lint-staged) from 16.1.4 to 16.1.5.
- [Release notes](https://github.com/lint-staged/lint-staged/releases)
- [Changelog](https://github.com/lint-staged/lint-staged/blob/main/CHANGELOG.md)
- [Commits](https://github.com/lint-staged/lint-staged/compare/v16.1.4...v16.1.5)

---
updated-dependencies:
- dependency-name: lint-staged
  dependency-version: 16.1.5
  dependency-type: direct:development
  update-type: version-update:semver-patch
...

Signed-off-by: dependabot[bot] <support@github.com>
Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com>
 2025-08-19 14:07:46 +02:00
Pedro Igor
b97aad0938 URL encode forwarded parameters 
Closes #41755

Signed-off-by: Pedro Igor <pigor.craveiro@gmail.com>
 2025-08-19 11:44:12 +02:00
Steven Hawkins
b7aaf80433
fix: simplifying/docing places where the config is initted (#41949) 
closes: #25668

Signed-off-by: Steve Hawkins <shawkins@redhat.com>
 2025-08-19 09:58:32 +02:00
Steven Hawkins
2ce3474ed5
fix: addressing possible npes (#41944) 
close: #40659

Signed-off-by: Steve Hawkins <shawkins@redhat.com>
 2025-08-18 23:51:17 +02:00
Duy Nguyen
ec48a4d735 Allow claim extraction of email_verified to handle non-native boolean types 
Signed-off-by: Duy Nguyen <duy.nguyen.xb@gmail.com>
 2025-08-18 17:21:10 -03:00
Sebastian Łaskawiec
988bf9cb0b
WelcomeResource do not create temporary admins (#41416) 
Signed-off-by: Sebastian Łaskawiec <sebastian.laskawiec@defenseunicorns.com>
 2025-08-18 17:31:26 +02:00
Stefan Guilhen
4267561441 Disable testDisabledUserAfterInactivityPeriod 
- prevents CI failures while the feature is still being developed

#Closes #41913

Signed-off-by: Stefan Guilhen <sguilhen@redhat.com>
 2025-08-18 11:44:14 -03:00
Stan Silvert
be4a86a6d4
Test flaky due to dual certificates (#41825) 
* Fixes #41823

Signed-off-by: Stan Silvert <ssilvert@redhat.com>

* Make assertCertificates() more robust and accurate.

Signed-off-by: Stan Silvert <ssilvert@redhat.com>

* Bump timeout

Signed-off-by: Stan Silvert <ssilvert@redhat.com>

---------

Signed-off-by: Stan Silvert <ssilvert@redhat.com>
 2025-08-18 09:46:42 -04:00
Ryan Emerson
d7012fa58a
Upgrade to Infinispan 15.0.19.Final 
Closes #41934

Signed-off-by: Ryan Emerson <remerson@ibm.com>
 2025-08-18 13:50:42 +02:00
Steven Hawkins
f23faa71cb
fix: removing the possiblity of an npe (#41908) 
closes: #40069

Signed-off-by: Steve Hawkins <shawkins@redhat.com>
 2025-08-18 11:36:43 +02:00
Steven Hawkins
eb82f38044
fix: disable devservices api server (#41910) 
* fix: disable devservices api server

closes: #41903

Signed-off-by: Steve Hawkins <shawkins@redhat.com>
 2025-08-18 08:32:53 +00:00
Steven Hawkins
02cd3ddfb7
fix: warn instead of an error if optimized provider timestamps change (#41798) 
closes: #41268

Signed-off-by: Steve Hawkins <shawkins@redhat.com>
 2025-08-18 09:29:08 +02:00
Pedro Igor
9d934df526 Do not try to lookup the user if the sub claim is missing from the admin bearer token 
Closes #41098

Signed-off-by: Pedro Igor <pigor.craveiro@gmail.com>
 2025-08-18 09:14:24 +02:00
Steven Hawkins
85324fddeb
fix: add a warning about provider jars (#41855) 
* fix: add a warning about provider jars

closes: #41820

Signed-off-by: Steve Hawkins <shawkins@redhat.com>

* Update docs/guides/server/configuration-provider.adoc

Co-authored-by: Václav Muzikář <vaclav@muzikari.cz>
Signed-off-by: Steven Hawkins <shawkins@redhat.com>

---------

Signed-off-by: Steve Hawkins <shawkins@redhat.com>
Signed-off-by: Steven Hawkins <shawkins@redhat.com>
Co-authored-by: Václav Muzikář <vaclav@muzikari.cz>
 2025-08-18 08:54:53 +02:00
mposolda
97625173ee KeycloakSession javadoc should not reference keycloak-server.json 
closes #41854

Signed-off-by: mposolda <mposolda@gmail.com>
 2025-08-15 17:48:22 -03:00
mposolda
81bd11001c Admin console shows label 'Add providers' on some pages instead of 'Providers' 
closes #41909

Signed-off-by: mposolda <mposolda@gmail.com>
 2025-08-15 17:44:02 -03:00
Martin Kanis
aa5fadb863 Flaky test: org.keycloak.testsuite.federation.ldap.LDAPReadOnlyTest#testReadOnlyUserGetsPermanentlyLocked 
Closes #41882

Signed-off-by: Martin Kanis <mkanis@redhat.com>
 2025-08-15 15:51:25 -03:00
sguilhen
b7d3c8eb8b Forward isMemberOf call to the next delegate if the group is not managed by the mapper instance 
Closes #40680

Signed-off-by: Stefan Guilhen <sguilhen@redhat.com>
 2025-08-15 15:49:08 -03:00
Stefan Guilhen
48886a3812 Add missing @Consumes annotation to UserResource.addFederatedIdentity 
Closes #41188

Signed-off-by: Stefan Guilhen <sguilhen@redhat.com>
 2025-08-15 15:46:52 -03:00
Ryan Emerson
168d9cc090
Simplify Cache Configuration file by removing built-in cache configurations 
Closes #41559

Signed-off-by: Ryan Emerson <remerson@ibm.com>
Signed-off-by: Alexander Schwartz <aschwart@redhat.com>
Co-authored-by: Alexander Schwartz <aschwart@redhat.com>
 2025-08-15 16:16:56 +00:00
Martin Bartoš
4526d2d445
Upgrade to Quarkus 3.26.0.CR1 
Closes #41880

Signed-off-by: Martin Bartoš <mabartos@redhat.com>
Signed-off-by: Alexander Schwartz <aschwart@redhat.com>
Co-authored-by: Alexander Schwartz <aschwart@redhat.com>
 2025-08-15 15:29:19 +02:00
Ricardo Martin
949ef35a3b
Allow and control sending UTF-8 emails in the default email sender impl 
Closes #41023

Signed-off-by: rmartinc <rmartinc@redhat.com>
Signed-off-by: Alexander Schwartz <aschwart@redhat.com>
Co-authored-by: Alexander Schwartz <aschwart@redhat.com>
 2025-08-15 10:43:38 +00:00
Stav Sapir
cd62da9b02
This fix the limitation of working only with TrustStoreProvider with ID "file" and enables to work with custom trust store provider via custom SPI. (#27001) 
Closes #26972

Signed-off-by: Stav Sapir <stavsap@gmail.com>
 2025-08-15 10:37:04 +00:00
Šimon Vacek
42520d8409
Refactor test database config in the new framework (#41320) 
* Refactor test database config in the new framework

Closes #41319

Signed-off-by: Simon Vacek <simonvacky@email.cz>

# Conflicts:
#	tests/base/src/test/java/org/keycloak/tests/db/CaseSensitiveSchemaTest.java
#	tests/base/src/test/java/org/keycloak/tests/db/PreserveSchemaCaseLiquibaseTest.java

* Moved test method to the abstract class

Signed-off-by: Simon Vacek <simonvacky@email.cz>

* Conform to conventions

Signed-off-by: Simon Vacek <simonvacky@email.cz>

* Add lifecycle class to custom DBs to prevent containers with re-use from running after tests

Signed-off-by: Stian Thorgersen <stian@redhat.com>

---------

Signed-off-by: Simon Vacek <simonvacky@email.cz>
Signed-off-by: Stian Thorgersen <stian@redhat.com>
Co-authored-by: Stian Thorgersen <stian@redhat.com>
 2025-08-15 09:29:08 +02:00
Steven Hawkins
fdca122469
fix: ensuring streams are closed 
closes: #40660

Signed-off-by: Steve Hawkins <shawkins@redhat.com>
 2025-08-15 07:40:54 +02:00
Moshie Samuel
6958f57f0a
add configurable cooldown for email resend in VerifyEmail 
Closes #41331

Signed-off-by: Moshie Samuel <moshie.samuel@gmail.com>
Signed-off-by: moshiem <moshiem@hardcorebiometric.com>
Signed-off-by: Alexander Schwartz <aschwart@redhat.com>
Co-authored-by: moshiem <moshiem@hardcorebiometric.com>
Co-authored-by: Alexander Schwartz <aschwart@redhat.com>
 2025-08-15 07:31:00 +02:00
Alexander Schwartz
7629b7dc53
Show required fields when configuring protocol mappers 
Closes #40619

Signed-off-by: Alexander Schwartz <aschwart@redhat.com>
 2025-08-15 07:28:45 +02:00
Steven Hawkins
c1afa376b2
fix: adding raw environment variables (#41768) 
closes: #41766

Signed-off-by: Steve Hawkins <shawkins@redhat.com>
 2025-08-14 20:17:15 +02:00
RAMLAH MUNIR
e5c38f8a63
Fix typo in caching docs: 'Proving' → 'Providing' 
Closes #41663

Signed-off-by: Ramlah7 <ramlahmunir786@gmail.com>
 2025-08-14 16:16:18 +00:00
Martin Bartoš
c25dd1dba8
Change naming for disabling additional datasource (#41815) 
Closes #40761

Signed-off-by: Martin Bartoš <mabartos@redhat.com>
 2025-08-14 17:42:16 +02:00
Akbar Husain
06f80416fb
Replace keySet with entrySet 
Closes #40064

Signed-off-by: akbarhusainpatel <apatel@intermiles.com>
Co-authored-by: akbarhusainpatel <apatel@intermiles.com>
 2025-08-14 17:31:15 +02:00
Anchels
0c33217729
removed the keyName field 
Closes #40067

Signed-off-by: Anchels <mishtitov@gmail.com>
 2025-08-14 17:15:11 +02:00
Anchels
90d241087d
Removed redundant null checks 
Closes #40677

Signed-off-by: Anchels <mishtitov@gmail.com>
 2025-08-14 17:03:27 +02:00
Pedro Igor
3bf46e5421
"linked-accounts" endpoint displays all Identity providers 
Closes #19732

Signed-off-by: Réda Housni Alaoui <reda-alaoui@hey.com>
Co-authored-by: Réda Housni Alaoui <reda-alaoui@hey.com>
 2025-08-14 15:21:03 +02:00
Alexander Schwartz
db64deab92
Remove commons-lang v2 
Closes #41867

Signed-off-by: Alexander Schwartz <aschwart@redhat.com>
 2025-08-14 09:56:02 -03:00
alemq
5dab3d74b6
Add Kazakh (kk) locale support with translations 
Closes #41870

Signed-off-by: Arman <arman.yesseyev@gmail.com>
 2025-08-14 09:58:30 +00:00
Pedro Igor
3136ec25e6
memberOf attribute empty or values with a DN that does not match the role base DN fetches all roles 
Closes #41842

Signed-off-by: Pedro Igor <pigor.craveiro@gmail.com>
 2025-08-14 11:15:52 +02:00
Steven Hawkins
ff1a70a9f2
fix: using the non-deprecated console color option (#41857) 
closes: #38328

Signed-off-by: Steve Hawkins <shawkins@redhat.com>
 2025-08-14 08:28:23 +00:00
Dmytro Filipenko
bd5818c4c8
Add HTML5 attributes to prevent password manager interference with OTP 
* Closes #41831

Signed-off-by: dmfilipenko <wind.fd@gmail.com>
Signed-off-by: Alexander Schwartz <aschwart@redhat.com>
Co-authored-by: Alexander Schwartz <aschwart@redhat.com>
 2025-08-14 07:45:53 +00:00
Dennis Kniep
d74a10d87a
Add TiDB as supported db 
Closes #41455

Signed-off-by: Dennis Kniep <kniepdennis@gmail.com>
Signed-off-by: Alexander Schwartz <aschwart@redhat.com>
Co-authored-by: Alexander Schwartz <aschwart@redhat.com>
 2025-08-14 07:27:21 +00:00
Thomas Darimont
a47c69c370
Fix unbalanced HTML tags in login form templates 
Fixes #41860

Signed-off-by: Thomas Darimont <thomas.darimont@googlemail.com>
 2025-08-14 08:40:16 +02:00
dependabot[bot]
1a262cc899
Bump commons-io:commons-io from 2.7 to 2.14.0 in /docs/documentation/tests (#41463) 
Bumps commons-io:commons-io from 2.7 to 2.14.0.

---
updated-dependencies:
- dependency-name: commons-io:commons-io
  dependency-version: 2.14.0
  dependency-type: direct:development
...

Signed-off-by: Alexander Schwartz <aschwart@redhat.com>
Signed-off-by: dependabot[bot] <support@github.com>
Signed-off-by: Alexander Schwartz <aschwart@redhat.com>
Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com>
Co-authored-by: Alexander Schwartz <aschwart@redhat.com>
 2025-08-14 06:08:39 +00:00
mposolda
a8fa4ecb14 Remove OIDCLoginProtocolService.certsHead() 
closes #41837

Signed-off-by: mposolda <mposolda@gmail.com>
 2025-08-13 16:51:52 +02:00
Pedro Igor
9c631abb0d Remove unnecessary jandex dependency declaration 
Signed-off-by: Pedro Igor <pigor.craveiro@gmail.com>
 2025-08-13 10:30:41 -03:00
Pedro Igor
c6c1a24e64 Fix Jandex version collision to allow running tests using auth-server-quarkus-embedded 
Closes #41821

Signed-off-by: Pedro Igor <pigor.craveiro@gmail.com>
 2025-08-13 10:30:41 -03:00
Alexander Schwartz
96d2e041fc
Add information about sessions to the MDC 
Closes #41208

Signed-off-by: Alexander Schwartz <aschwart@redhat.com>
 2025-08-13 09:06:29 -03:00
Lukas Hanusovsky
5b3b36e300
Move RealmRolesTest.java to the new testsuite (#41404) 
Part of: #34494

Signed-off-by: Lukas Hanusovsky <lhanusov@redhat.com>
 2025-08-13 12:56:23 +02:00
rmartinc
da5f5281cd Do not remove the recaptcha form data because it is useless 
Closes #41148

Signed-off-by: rmartinc <rmartinc@redhat.com>
 2025-08-13 11:35:48 +02:00
Ricardo Martin
ef312b570c
Final changes for passkeys documentation (#41646) 
Closes #41557

Signed-off-by: rmartinc <rmartinc@redhat.com>

Co-authored-by: andymunro <48995441+andymunro@users.noreply.github.com>
Co-authored-by: Marek Posolda <mposolda@gmail.com>
 2025-08-13 09:01:15 +02:00
Stian Thorgersen
ddfdbfec6a
Add workflows and utils to review stability of testsuite (#40268) 
Closes #40267

Signed-off-by: stianst <stianst@gmail.com>
 2025-08-13 08:33:26 +02:00
aozturkoda
e06748908d
Add Azerbaijani translations for account, email, and login themes 
Closes #41765

Signed-off-by: Abdulkadir Öztürk <abdulkadir.ozturk@odakent.com.tr>
 2025-08-13 06:07:43 +02:00
Weblate (bot)
25d38e5cbb
Translations update from Hosted Weblate (#41709) 
* Updated translation for Portuguese (Brazil)

Language: pt_BR

Co-authored-by: Hosted Weblate <hosted@weblate.org>
Co-authored-by: Marcos Vinícius <marvinware2005@gmail.com>
Signed-off-by: Hosted Weblate <hosted@weblate.org>
Signed-off-by: Marcos Vinícius <marvinware2005@gmail.com>

* Updated translation for Russian

Language: ru

Co-authored-by: Anton Petrov <petrov9810@gmail.com>
Co-authored-by: Hosted Weblate <hosted@weblate.org>
Signed-off-by: Anton Petrov <petrov9810@gmail.com>
Signed-off-by: Hosted Weblate <hosted@weblate.org>

* Translated using Weblate (Dutch)

Translation: Keycloak/Theme base/admin
Translate-URL: https://hosted.weblate.org/projects/keycloak/theme-baseadmin/nl/

Updated translation for Dutch

Language: nl

Updated translation for Dutch

Language: nl

Updated translation for Dutch

Language: nl

Updated translation for Dutch

Language: nl

Translated using Weblate (Dutch)

Translation: Keycloak/Theme base/admin
Translate-URL: https://hosted.weblate.org/projects/keycloak/theme-baseadmin/nl/

Co-authored-by: Alexander Schwartz <alexander.schwartz@gmx.net>
Co-authored-by: Hosted Weblate <hosted@weblate.org>
Co-authored-by: Jan Herrygers <jherrygers@vaa.com>
Signed-off-by: Alexander Schwartz <alexander.schwartz@gmx.net>
Signed-off-by: Hosted Weblate <hosted@weblate.org>
Signed-off-by: Jan Herrygers <jherrygers@vaa.com>

* Updated translation for Georgian

Language: ka

Co-authored-by: Hosted Weblate <hosted@weblate.org>
Co-authored-by: Temuri Doghonadze <temuri.doghonadze@gmail.com>
Signed-off-by: Hosted Weblate <hosted@weblate.org>
Signed-off-by: Temuri Doghonadze <temuri.doghonadze@gmail.com>

* Updated translation for Chinese (Traditional Han script)

Language: zh_Hant

Updated translation for Chinese (Traditional Han script)

Language: zh_Hant

Updated translation for Chinese (Traditional Han script)

Language: zh_Hant

Updated translation for Chinese (Traditional Han script)

Language: zh_Hant

Updated translation for Chinese (Traditional Han script)

Language: zh_Hant

Updated translation for Chinese (Traditional Han script)

Language: zh_Hant

Updated translation for Chinese (Traditional Han script)

Language: zh_Hant

Updated translation for Chinese (Traditional Han script)

Language: zh_Hant

Updated translation for Chinese (Traditional Han script)

Language: zh_Hant

Updated translation for Chinese (Traditional Han script)

Language: zh_Hant

Translated using Weblate (Chinese (Traditional Han script))

Translation: Keycloak/Theme base/admin
Translate-URL: https://hosted.weblate.org/projects/keycloak/theme-baseadmin/zh_Hant/

Updated translation for Chinese (Traditional Han script)

Language: zh_Hant

Updated translation for Chinese (Traditional Han script)

Language: zh_Hant

Updated translation for Chinese (Traditional Han script)

Language: zh_Hant

Updated translation for Chinese (Traditional Han script)

Language: zh_Hant

Updated translation for Chinese (Traditional Han script)

Language: zh_Hant

Updated translation for Chinese (Traditional Han script)

Language: zh_Hant

Updated translation for Chinese (Traditional Han script)

Language: zh_Hant

Updated translation for Chinese (Traditional Han script)

Language: zh_Hant

Updated translation for Chinese (Traditional Han script)

Language: zh_Hant

Updated translation for Chinese (Traditional Han script)

Language: zh_Hant

Updated translation for Chinese (Traditional Han script)

Language: zh_Hant

Updated translation for Chinese (Traditional Han script)

Language: zh_Hant

Updated translation for Chinese (Traditional Han script)

Language: zh_Hant

Updated translation for Chinese (Traditional Han script)

Language: zh_Hant

Updated translation for Chinese (Traditional Han script)

Language: zh_Hant

Updated translation for Chinese (Traditional Han script)

Language: zh_Hant

Updated translation for Chinese (Traditional Han script)

Language: zh_Hant

Updated translation for Chinese (Traditional Han script)

Language: zh_Hant

Updated translation for Chinese (Traditional Han script)

Language: zh_Hant

Updated translation for Chinese (Traditional Han script)

Language: zh_Hant

Updated translation for Chinese (Traditional Han script)

Language: zh_Hant

Updated translation for Chinese (Traditional Han script)

Language: zh_Hant

Updated translation for Chinese (Traditional Han script)

Language: zh_Hant

Updated translation for Chinese (Traditional Han script)

Language: zh_Hant

Updated translation for Chinese (Traditional Han script)

Language: zh_Hant

Updated translation for Chinese (Traditional Han script)

Language: zh_Hant

Updated translation for Chinese (Traditional Han script)

Language: zh_Hant

Updated translation for Chinese (Traditional Han script)

Language: zh_Hant

Updated translation for Chinese (Traditional Han script)

Language: zh_Hant

Updated translation for Chinese (Traditional Han script)

Language: zh_Hant

Translated using Weblate (Chinese (Traditional Han script))

Translation: Keycloak/Theme base/admin
Translate-URL: https://hosted.weblate.org/projects/keycloak/theme-baseadmin/zh_Hant/

Updated translation for Chinese (Traditional Han script)

Language: zh_Hant

Updated translation for Chinese (Traditional Han script)

Language: zh_Hant

Updated translation for Chinese (Traditional Han script)

Language: zh_Hant

Updated translation for Chinese (Traditional Han script)

Language: zh_Hant

Updated translation for Chinese (Traditional Han script)

Language: zh_Hant

Updated translation for Chinese (Traditional Han script)

Language: zh_Hant

Updated translation for Chinese (Traditional Han script)

Language: zh_Hant

Updated translation for Chinese (Traditional Han script)

Language: zh_Hant

Updated translation for Chinese (Traditional Han script)

Language: zh_Hant

Updated translation for Chinese (Traditional Han script)

Language: zh_Hant

Updated translation for Chinese (Traditional Han script)

Language: zh_Hant

Update translation files

Updated by "Remove blank strings" hook in Weblate.

Updated translation for Chinese (Traditional Han script)

Language: zh_Hant

Updated translation for Chinese (Traditional Han script)

Language: zh_Hant

Updated translation for Chinese (Traditional Han script)

Language: zh_Hant

Updated translation for Chinese (Traditional Han script)

Language: zh_Hant

Updated translation for Chinese (Traditional Han script)

Language: zh_Hant

Updated translation for Chinese (Traditional Han script)

Language: zh_Hant

Updated translation for Chinese (Traditional Han script)

Language: zh_Hant

Updated translation for Chinese (Traditional Han script)

Language: zh_Hant

Translated using Weblate (Chinese (Traditional Han script))

Translation: Keycloak/Theme base/admin
Translate-URL: https://hosted.weblate.org/projects/keycloak/theme-baseadmin/zh_Hant/

Updated translation for Chinese (Traditional Han script)

Language: zh_Hant

Updated translation for Chinese (Traditional Han script)

Language: zh_Hant

Updated translation for Chinese (Traditional Han script)

Language: zh_Hant

Co-authored-by: Hosted Weblate <hosted@weblate.org>
Co-authored-by: 秉虎 <s96016641@gmail.com>
Co-authored-by: 翁震軒 <benwater12@gmail.com>
Signed-off-by: Hosted Weblate <hosted@weblate.org>
Signed-off-by: 秉虎 <s96016641@gmail.com>
Signed-off-by: 翁震軒 <benwater12@gmail.com>

---------

Signed-off-by: Hosted Weblate <hosted@weblate.org>
Signed-off-by: Marcos Vinícius <marvinware2005@gmail.com>
Signed-off-by: Anton Petrov <petrov9810@gmail.com>
Signed-off-by: Alexander Schwartz <alexander.schwartz@gmx.net>
Signed-off-by: Jan Herrygers <jherrygers@vaa.com>
Signed-off-by: Temuri Doghonadze <temuri.doghonadze@gmail.com>
Signed-off-by: 秉虎 <s96016641@gmail.com>
Signed-off-by: 翁震軒 <benwater12@gmail.com>
Co-authored-by: Marcos Vinícius <marvinware2005@gmail.com>
Co-authored-by: Anton Petrov <petrov9810@gmail.com>
Co-authored-by: Alexander Schwartz <alexander.schwartz@gmx.net>
Co-authored-by: Jan Herrygers <jherrygers@vaa.com>
Co-authored-by: Temuri Doghonadze <temuri.doghonadze@gmail.com>
Co-authored-by: 秉虎 <s96016641@gmail.com>
Co-authored-by: 翁震軒 <benwater12@gmail.com>
 2025-08-13 05:59:29 +02:00
Ricardo Martin
facffa36cc
Upgrade angus mail to 2.0.4 
Closes #41808

Signed-off-by: rmartinc <rmartinc@redhat.com>
 2025-08-12 17:53:55 +02:00
Peter Skopek
1ad2444945 Add missing javadocs to published artifacts to allow Maven Central Portal Publisher pass validation process. 
Signed-off-by: Peter Skopek <pskopek@redhat.com>
 2025-08-12 16:50:17 +02:00
Peter Skopek
651d651c30 Add missing artifact descriptions to allow Maven Central Portal Publisher pass validation process. (#40822) 
Signed-off-by: Peter Skopek <pskopek@redhat.com>
 2025-08-12 16:50:17 +02:00
Stian Thorgersen
dae1032382
Change teams for UI components (#41787) 
Signed-off-by: Stian Thorgersen <stianst@gmail.com>
 2025-08-12 14:46:29 +02:00
Jon Koops
a3591f670f
Isolate account console tests on a per-realm basis (#41608) 
Closes #41606

Signed-off-by: Jon Koops <jonkoops@gmail.com>
 2025-08-12 07:43:21 -04:00
Réda Housni Alaoui
a99149b83a Login[v2]: "Update email" screen is not polished 
Signed-off-by: Réda Housni Alaoui <reda-alaoui@hey.com>
 2025-08-12 07:45:46 -03:00
rmartinc
acf39b34c3 Make passkeys feature supported 
Closes #41556

Signed-off-by: rmartinc <rmartinc@redhat.com>
 2025-08-12 11:18:57 +02:00
vramik
a8225655cf Initial commit for the RLM feature 
Closes #40340
Closes #40341

Co-authored-by: Stefan Guilhen <sguilhen@redhat.com>
Co-authored-by: Pedro Igor <pigor.craveiro@gmail.com>

Signed-off-by: vramik <vramik@redhat.com>
 2025-08-11 17:34:41 -03:00
Šimon Vacek
20cb13e8dc
fix UserConfigBuilder usage (#41794) 
fixes: #41326

Signed-off-by: Simon Vacek <simonvacky@email.cz>
 2025-08-11 14:49:56 -03:00
Takashi Norimatsu
52a47a63f4 RejectImplicitGrantExecutor does not return an error when a PAR request includes Implicit or Hybrid response type 
closes #41609

Signed-off-by: Takashi Norimatsu <takashi.norimatsu.ws@hitachi.com>
 2025-08-11 17:00:53 +02:00
Lukas Hanusovsky
f12ab6b189
Move RealmTest.java to the new testsuite (#41326) 
Part of: #34494

Signed-off-by: Lukas Hanusovsky <lhanusov@redhat.com>
 2025-08-11 16:24:27 +02:00
Martin Bartoš
811e153398
Upgrade to Quarkus 3.25.2 (#41718) 
Closes #41717

Signed-off-by: Martin Bartoš <mabartos@redhat.com>
 2025-08-11 16:16:25 +02:00
Šimon Vacek
e664e56b62
Test framework config builders name unification (#41727) 
* Test framework config builders name unification

Closes #37275

Signed-off-by: Simon Vacek <simonvacky@email.cz>

* Update test-framework/core/src/main/java/org/keycloak/testframework/realm/RealmConfigBuilder.java

Signed-off-by: Stian Thorgersen <stian@redhat.com>

---------

Signed-off-by: Simon Vacek <simonvacky@email.cz>
Signed-off-by: Stian Thorgersen <stian@redhat.com>
Co-authored-by: Stian Thorgersen <stian@redhat.com>
 2025-08-11 12:56:33 +00:00
Martin Kanis
6a77072098 Skip update email required action if email attribute is not writable 
Closes #41035

Signed-off-by: Martin Kanis <mkanis@redhat.com>
 2025-08-11 08:51:16 -03:00
Stian Thorgersen
71cd3d5d2f Update bug.yml 
Signed-off-by: Stian Thorgersen <stianst@gmail.com>
 2025-08-11 08:01:04 -03:00
Alexander Schwartz
c2515bbb88
Fixing typo and formatting 
Closes #41620

Signed-off-by: Alexander Schwartz <aschwart@redhat.com>
Signed-off-by: Alexander Schwartz <alexander.schwartz@gmx.net>
Co-authored-by: andymunro <48995441+andymunro@users.noreply.github.com>
 2025-08-11 08:26:10 +02:00
Robin Meese
d235864448
Add zh_Hant.properties file 
Closes #41744

Signed-off-by: Robin Meese <39960884+robson90@users.noreply.github.com>
 2025-08-08 16:12:13 +00:00
Robin Meese
134b00abb1
Add Russian and traditional Chinese to translation.md 
Closes: #41742

Signed-off-by: Robin Meese <39960884+robson90@users.noreply.github.com>
 2025-08-08 17:46:34 +02:00
Stan Silvert
cb3d59a48c
Fix flaky org test. (#41753) 
Fixes #41752

Signed-off-by: Stan Silvert <ssilvert@redhat.com>
 2025-08-08 08:34:54 -04:00
dependabot[bot]
ec35c02392
Bump vite from 7.0.6 to 7.1.0 in /js (#41737) 
Bumps [vite](https://github.com/vitejs/vite/tree/HEAD/packages/vite) from 7.0.6 to 7.1.0.
- [Release notes](https://github.com/vitejs/vite/releases)
- [Changelog](https://github.com/vitejs/vite/blob/main/packages/vite/CHANGELOG.md)
- [Commits](https://github.com/vitejs/vite/commits/create-vite@7.1.0/packages/vite)

---
updated-dependencies:
- dependency-name: vite
  dependency-version: 7.1.0
  dependency-type: direct:development
  update-type: version-update:semver-minor
...

Signed-off-by: dependabot[bot] <support@github.com>
Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com>
 2025-08-08 11:16:15 +00:00
dependabot[bot]
6a00c48f7a
Bump @vitejs/plugin-react-swc from 3.11.0 to 4.0.0 in /js (#41738) 
Bumps [@vitejs/plugin-react-swc](https://github.com/vitejs/vite-plugin-react/tree/HEAD/packages/plugin-react-swc) from 3.11.0 to 4.0.0.
- [Release notes](https://github.com/vitejs/vite-plugin-react/releases)
- [Changelog](https://github.com/vitejs/vite-plugin-react/blob/main/packages/plugin-react-swc/CHANGELOG.md)
- [Commits](https://github.com/vitejs/vite-plugin-react/commits/plugin-react@4.0.0/packages/plugin-react-swc)

---
updated-dependencies:
- dependency-name: "@vitejs/plugin-react-swc"
  dependency-version: 4.0.0
  dependency-type: direct:development
  update-type: version-update:semver-major
...

Signed-off-by: dependabot[bot] <support@github.com>
Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com>
 2025-08-08 12:06:32 +02:00
Ryan Emerson
a2fe32617c
Default to stretched clusters on Kubernetes when possible 
Closes #41666

Signed-off-by: Ryan Emerson <remerson@ibm.com>
 2025-08-08 08:09:04 +02:00
Stefan Guilhen
5b4973f0e8 Change e-mail verification to perform a find by UUID on LDAP only when the local and imported users are different 
Closes #41532

Signed-off-by: Stefan Guilhen <sguilhen@redhat.com>
 2025-08-07 15:28:01 -03:00
Jon Koops
1f1ac2fc39
Align TypeScript code with Node.js requirements (#41731) 
Signed-off-by: Jon Koops <jonkoops@gmail.com>
 2025-08-07 14:09:28 -04:00
Bruno Oliveira da Silva
7153d8668d Automatically assign issues with observability label to SRE and CN teams 
Signed-off-by: Bruno Oliveira da Silva <bruno@abstractj.com>

Closes #41680
 2025-08-07 12:12:25 -03:00
Martin Bartoš
7d8144f433
Wildcard mappers should be implicitly handled and value propagated (#41026) 
* Wildcard mappers should be implicitly handled and value propagated

Closes #40977

Co-authored-by: Steven Hawkins <shawkins@redhat.com>
Signed-off-by: Martin Bartoš <mabartos@redhat.com>

* Include additional mapping only when from() is used

Signed-off-by: Martin Bartoš <mabartos@redhat.com>

---------

Signed-off-by: Martin Bartoš <mabartos@redhat.com>
Co-authored-by: Steven Hawkins <shawkins@redhat.com>
 2025-08-07 13:30:51 +00:00
Stan Silvert
3c30c463ea
Assert correct message for base url (#41712) 
Fixes #41711

Signed-off-by: Stan Silvert <ssilvert@redhat.com>
 2025-08-07 08:07:24 -04:00
Pedro Ruivo
ee5607727c Allow setting the number of owners 
Closes  #10875

Signed-off-by: Pedro Ruivo <1492066+pruivo@users.noreply.github.com>
 2025-08-07 08:13:15 -03:00
rmartinc
a58556d761 Use Optional instead of getOrDefault for settings in testSMTPConnection 
Closes #41643

Signed-off-by: rmartinc <rmartinc@redhat.com>
 2025-08-07 11:26:30 +02:00
Ryan Emerson
907ee2e4e2
High-availability guide restructuring 
* Refactor high-availability guide to include both single and multi cluster architectures

Closes #30095
Closes #41585

Signed-off-by: Ryan Emerson <remerson@ibm.com>
Signed-off-by: Alexander Schwartz <aschwart@redhat.com>
Signed-off-by: Alexander Schwartz <alexander.schwartz@gmx.net>
Co-authored-by: Alexander Schwartz <aschwart@redhat.com>
Co-authored-by: Alexander Schwartz <alexander.schwartz@gmx.net>
 2025-08-06 18:38:37 +00:00
Pedro Igor
84fc9bb3e5 Allow forwarding parameters set as a client note in the authentication session 
Closes #41670

Signed-off-by: Pedro Igor <pigor.craveiro@gmail.com>
 2025-08-06 14:57:47 -03:00
Weblate (bot)
cce920e1cb
Translations update from Hosted Weblate (#41602) 
* Updated translation for Japanese

Language: ja

Co-authored-by: Takashi Norimatsu <takashi.norimatsu.ws@hitachi.com>
Signed-off-by: Hosted Weblate <hosted@weblate.org>
Signed-off-by: Takashi Norimatsu <takashi.norimatsu.ws@hitachi.com>

* Updated translation for French

Language: fr

Updated translation for French

Language: fr

Co-authored-by: Hosted Weblate <hosted@weblate.org>
Co-authored-by: Sylvain Pichon <service@spichon.fr>
Signed-off-by: Hosted Weblate <hosted@weblate.org>
Signed-off-by: Sylvain Pichon <service@spichon.fr>

* Updated translation for Chinese (Traditional Han script)

Language: zh_Hant

Updated translation for Chinese (Traditional Han script)

Language: zh_Hant

Translated using Weblate (Chinese (Traditional Han script))

Translation: Keycloak/Theme base/admin
Translate-URL: https://hosted.weblate.org/projects/keycloak/theme-baseadmin/zh_Hant/

Updated translation for Chinese (Traditional Han script)

Language: zh_Hant

Updated translation for Chinese (Traditional Han script)

Language: zh_Hant

Updated translation for Chinese (Traditional Han script)

Language: zh_Hant

Co-authored-by: Hosted Weblate <hosted@weblate.org>
Co-authored-by: 秉虎 <s96016641@gmail.com>
Signed-off-by: Hosted Weblate <hosted@weblate.org>
Signed-off-by: 秉虎 <s96016641@gmail.com>

---------

Signed-off-by: Hosted Weblate <hosted@weblate.org>
Signed-off-by: Takashi Norimatsu <takashi.norimatsu.ws@hitachi.com>
Signed-off-by: Sylvain Pichon <service@spichon.fr>
Signed-off-by: 秉虎 <s96016641@gmail.com>
Co-authored-by: Takashi Norimatsu <takashi.norimatsu.ws@hitachi.com>
Co-authored-by: Sylvain Pichon <service@spichon.fr>
Co-authored-by: 秉虎 <s96016641@gmail.com>
 2025-08-06 19:47:12 +02:00
Jon Koops
a22fb31f6c
Fix broken lockfile and upgrade JS tooling (#41698) 
Signed-off-by: Jon Koops <jonkoops@gmail.com>
 2025-08-06 14:30:08 -03:00
Pedro Igor
ac632d609e Do not allow setting default values for root attributes 
Signed-off-by: Pedro Igor <pigor.craveiro@gmail.com>
 2025-08-06 13:59:54 -03:00
Pedro Igor
10c510206f Fixing formatting errors 
Signed-off-by: Pedro Igor <pigor.craveiro@gmail.com>
 2025-08-06 13:59:54 -03:00
Pedro Igor
a8997c364f Fixing updating attribute value 
Signed-off-by: Pedro Igor <pigor.craveiro@gmail.com>
 2025-08-06 13:59:54 -03:00
huyenvu2101
5436f9781c Allow setting default value for userprofile attribute 
Closes #36160

Signed-off-by: huyenvu2101 <vhuyen2101@gmail.com>
 2025-08-06 13:59:54 -03:00
Stan Silvert
1af235c4f1
Wait for key generation to finish. (#41684) 
Fixes #41683

Signed-off-by: Stan Silvert <ssilvert@redhat.com>
 2025-08-06 08:41:16 -04:00
dependabot[bot]
2d15033b47
Bump @testing-library/jest-dom from 6.6.3 to 6.6.4 in /js (#41450) 
Bumps [@testing-library/jest-dom](https://github.com/testing-library/jest-dom) from 6.6.3 to 6.6.4.
- [Release notes](https://github.com/testing-library/jest-dom/releases)
- [Changelog](https://github.com/testing-library/jest-dom/blob/main/CHANGELOG.md)
- [Commits](https://github.com/testing-library/jest-dom/compare/v6.6.3...v6.6.4)

---
updated-dependencies:
- dependency-name: "@testing-library/jest-dom"
  dependency-version: 6.6.4
  dependency-type: direct:development
  update-type: version-update:semver-patch
...

Signed-off-by: dependabot[bot] <support@github.com>
Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com>
 2025-08-06 12:32:49 +00:00
dependabot[bot]
33b9651adc
Bump @types/node from 24.1.0 to 24.2.0 in /js (#41668) 
Bumps [@types/node](https://github.com/DefinitelyTyped/DefinitelyTyped/tree/HEAD/types/node) from 24.1.0 to 24.2.0.
- [Release notes](https://github.com/DefinitelyTyped/DefinitelyTyped/releases)
- [Commits](https://github.com/DefinitelyTyped/DefinitelyTyped/commits/HEAD/types/node)

---
updated-dependencies:
- dependency-name: "@types/node"
  dependency-version: 24.2.0
  dependency-type: direct:development
  update-type: version-update:semver-minor
...

Signed-off-by: dependabot[bot] <support@github.com>
Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com>
 2025-08-06 12:29:09 +00:00
dependabot[bot]
5d8b82d95c
Bump lint-staged from 16.1.2 to 16.1.4 in /js (#41633) 
Bumps [lint-staged](https://github.com/lint-staged/lint-staged) from 16.1.2 to 16.1.4.
- [Release notes](https://github.com/lint-staged/lint-staged/releases)
- [Changelog](https://github.com/lint-staged/lint-staged/blob/main/CHANGELOG.md)
- [Commits](https://github.com/lint-staged/lint-staged/compare/v16.1.2...v16.1.4)

---
updated-dependencies:
- dependency-name: lint-staged
  dependency-version: 16.1.4
  dependency-type: direct:development
  update-type: version-update:semver-patch
...

Signed-off-by: dependabot[bot] <support@github.com>
Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com>
 2025-08-06 14:07:44 +02:00
dependabot[bot]
ca92aefcfe
Bump chalk from 5.4.1 to 5.5.0 in /js (#41634) 
Bumps [chalk](https://github.com/chalk/chalk) from 5.4.1 to 5.5.0.
- [Release notes](https://github.com/chalk/chalk/releases)
- [Commits](https://github.com/chalk/chalk/compare/v5.4.1...v5.5.0)

---
updated-dependencies:
- dependency-name: chalk
  dependency-version: 5.5.0
  dependency-type: direct:production
  update-type: version-update:semver-minor
...

Signed-off-by: dependabot[bot] <support@github.com>
Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com>
 2025-08-06 14:07:29 +02:00
dependabot[bot]
6ab5881323
Bump fs-extra from 11.3.0 to 11.3.1 in /js (#41687) 
Bumps [fs-extra](https://github.com/jprichardson/node-fs-extra) from 11.3.0 to 11.3.1.
- [Changelog](https://github.com/jprichardson/node-fs-extra/blob/master/CHANGELOG.md)
- [Commits](https://github.com/jprichardson/node-fs-extra/compare/11.3.0...11.3.1)

---
updated-dependencies:
- dependency-name: fs-extra
  dependency-version: 11.3.1
  dependency-type: direct:production
  update-type: version-update:semver-patch
...

Signed-off-by: dependabot[bot] <support@github.com>
Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com>
 2025-08-06 14:05:40 +02:00
dependabot[bot]
74300e5c6d
Bump @testing-library/dom from 10.4.0 to 10.4.1 in /js (#41447) 
Bumps [@testing-library/dom](https://github.com/testing-library/dom-testing-library) from 10.4.0 to 10.4.1.
- [Release notes](https://github.com/testing-library/dom-testing-library/releases)
- [Changelog](https://github.com/testing-library/dom-testing-library/blob/main/CHANGELOG.md)
- [Commits](https://github.com/testing-library/dom-testing-library/compare/v10.4.0...v10.4.1)

---
updated-dependencies:
- dependency-name: "@testing-library/dom"
  dependency-version: 10.4.1
  dependency-type: direct:development
  update-type: version-update:semver-patch
...

Signed-off-by: dependabot[bot] <support@github.com>
Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com>
 2025-08-06 14:05:16 +02:00
dependabot[bot]
64116817b2 Bump vite from 7.0.5 to 7.0.6 in /js 
Bumps [vite](https://github.com/vitejs/vite/tree/HEAD/packages/vite) from 7.0.5 to 7.0.6.
- [Release notes](https://github.com/vitejs/vite/releases)
- [Changelog](https://github.com/vitejs/vite/blob/main/packages/vite/CHANGELOG.md)
- [Commits](https://github.com/vitejs/vite/commits/v7.0.6/packages/vite)

---
updated-dependencies:
- dependency-name: vite
  dependency-version: 7.0.6
  dependency-type: direct:development
  update-type: version-update:semver-patch
...

Signed-off-by: dependabot[bot] <support@github.com>
 2025-08-06 09:04:28 -03:00
Martin Bartoš
73eb57a7d3
Cannot use dev-file for additional datasources (#41689) 
Closes #41641

Signed-off-by: Martin Bartoš <mabartos@redhat.com>
 2025-08-06 12:01:30 +02:00
Steven Hawkins
c231574d4c
fix: ensuring the ordering of the providers (#41685) 
closes: #41653

Signed-off-by: Steve Hawkins <shawkins@redhat.com>
 2025-08-06 10:06:56 +02:00
AvivGuiser
9feca65665
feat(operator): add support for custom labels in ingress (#41627) 
Signed-off-by: AvivGuiser <avivguiser@gmail.com>
 2025-08-06 09:09:42 +02:00
Steven Hawkins
5731cdf673
fix: correcting how provider default is found (#41678) 
closes: #41677

Signed-off-by: Steve Hawkins <shawkins@redhat.com>
 2025-08-06 08:50:43 +02:00
Martin Bartoš
534a37f356 Remove workaround for PostgreSQL and Liquibase 
Closes #40687

This reverts commit 3a7569662ee6286a9c9138963b0f70beba90a561.

Signed-off-by: Martin Bartoš <mabartos@redhat.com>
 2025-08-05 16:35:25 -03:00
Pedro Igor
6014a0e1a2 Fixing test 
Signed-off-by: Pedro Igor <pigor.craveiro@gmail.com>
 2025-08-05 14:14:49 -03:00
statist32
93bcb16b20 Use providerId from class attribute 
Signed-off-by: statist32 <lars_31@hotmail.de>
 2025-08-05 14:14:49 -03:00
statist32
85ad8a3b0d Load declarative component instead of any user profile component 
Signed-off-by: statist32 <lars_31@hotmail.de>
 2025-08-05 14:14:49 -03:00
Steven Hawkins
11924e6473
enhance: adding the ability to get the root config from a Scope 
closes: #36268

Signed-off-by: Steve Hawkins <shawkins@redhat.com>
 2025-08-05 18:51:33 +02:00
Steven Hawkins
d3d217e074
fix: showing only the canonical oauth2 property name (#41652) 
closes: #41624

Signed-off-by: Steve Hawkins <shawkins@redhat.com>
 2025-08-05 11:03:27 -04:00
Pedro Ruivo
75afda4104 Ensure cache configuration has correct number of owners 
Closes #41558

Signed-off-by: Pedro Ruivo <1492066+pruivo@users.noreply.github.com>
 2025-08-05 15:19:03 +01:00
Stan Silvert
65ba383a26
Using a different attrib name fixes flakiness (#41649) 
Fixes #41648

Signed-off-by: Stan Silvert <ssilvert@redhat.com>
 2025-08-05 10:06:05 -04:00
Pedro Igor
725f1e40f0
Re-enable test for setting the basic info in the account console (#41650) 
Closes #41289

Signed-off-by: Pedro Igor <pigor.craveiro@gmail.com>
 2025-08-05 09:17:11 -04:00
Adham Ahmed Hussein Mahrous
0c2226b4c4 Show transport media for WebAuthn authenticators in Account console 
Closes #10063

Signed-off-by: Adham Ahmed Hussein Mahrous <adhamahmad541@gmail.com>
 2025-08-05 15:03:59 +02:00
Ryan Emerson
50181816b6
Utilise table to display Features 
Closes #41328

Signed-off-by: Ryan Emerson <remerson@ibm.com>
 2025-08-04 20:14:20 +02:00
Martin Bartoš
0c213c2f3d
Fix formatting issue for Operator Realm Import docs (#41644) 
Signed-off-by: Martin Bartoš <mabartos@redhat.com>
 2025-08-04 13:55:42 -04:00
Steven Hawkins
a79e603272
fix: cutting down on the memory footprint for import (#41196) 
closes: #40875

Signed-off-by: Steve Hawkins <shawkins@redhat.com>
 2025-08-04 11:02:39 -04:00
Alexander Böhm
9cdbd1cc35
added a non-null check to check whether the to be exported realm exists (#40655) 
* added non-null check for the exported realm like already used in SingleFileExportProvider to have a proper error message in case the realm does not exist

Closes #39122

Signed-off-by: Alexander Böhm <boehm.alexanderb@gmail.com>

* added tests based upon review conversation

Closes #39122

Signed-off-by: Alexander Böhm <boehm.alexanderb@gmail.com>

* updating tests for non existent realm name

Signed-off-by: Steve Hawkins <shawkins@redhat.com>

---------

Signed-off-by: Alexander Böhm <boehm.alexanderb@gmail.com>
Signed-off-by: Steve Hawkins <shawkins@redhat.com>
Co-authored-by: Steve Hawkins <shawkins@redhat.com>
 2025-08-04 08:42:55 -04:00
Steven Hawkins
f5f93ef6e1
fix: adding the ability to set the ingress tlsSecret (#41426) 
* fix: adding the ability to set the ingress tlsSecret

closes: #34777

Signed-off-by: Steve Hawkins <shawkins@redhat.com>

* Apply suggestions from code review

Co-authored-by: Martin Bartoš <mabartos@redhat.com>
Signed-off-by: Steven Hawkins <shawkins@redhat.com>

---------

Signed-off-by: Steve Hawkins <shawkins@redhat.com>
Signed-off-by: Steven Hawkins <shawkins@redhat.com>
Co-authored-by: Martin Bartoš <mabartos@redhat.com>
 2025-08-04 09:28:46 -03:00
Ogen Bertrand
db01ff742b
[OID4VCI] Add support for credential_response_encryption in credential request (#41001) 
Closes #39310
Closes #41031


Signed-off-by: Ogenbertrand <ogenbertrand@gmail.com>
 2025-08-04 10:44:41 +00:00
mposolda
3cc8808465 Wrap deprecated passkeys authenticator behind the feature 
closes #40696

Signed-off-by: mposolda <mposolda@gmail.com>
 2025-08-01 16:48:57 +02:00
Alexander Schwartz
31495ec7b9
Adjust the test to dynamically remove all sessions 
This will handle even those sessions created by other tests.

Closes #41545

Signed-off-by: Alexander Schwartz <aschwart@redhat.com>
 2025-08-01 14:16:49 +02:00
Ricardo Martin
f45280a65d
Add a securing-apps guide with the specifications implemented by keycloak 
Closes #41176

Signed-off-by: rmartinc <rmartinc@redhat.com>
Signed-off-by: Alexander Schwartz <aschwart@redhat.com>
Co-authored-by: Alexander Schwartz <aschwart@redhat.com>
 2025-08-01 09:28:37 +00:00
Stan Silvert
eb814bb927
Move flaky test to top so it will run first. (#41599) 
Fixes #41598

Signed-off-by: Stan Silvert <ssilvert@redhat.com>
 2025-08-01 11:11:10 +02:00
Takashi Norimatsu
cb4e06b6f8 FAPI 2.0 Security Profile Final - Documentation 
closes #41121

Signed-off-by: Takashi Norimatsu <takashi.norimatsu.ws@hitachi.com>
 2025-08-01 09:24:30 +02:00
forkimenjeckayang
43610cfa67
[OID4VCI] Update SD-JWT VCs Format Identifier to dc+sd-jwt (#41233) 
Closes #39293

Signed-off-by: forkimenjeckayang <forkimenjeckayang@gmail.com>
 2025-08-01 09:13:35 +02:00
Stan Silvert
72bc02c34a
Log retry count for all Playwright runs. (#41472) 
Closes #41471

Signed-off-by: Stan Silvert <ssilvert@redhat.com>
 2025-07-31 13:33:31 -04:00
Martin Kanis
235691b6cb
LDAP Import: KERBEROS_PRINCIPAL not updated when UserPrincipal changes and KERBEROS_PRINCIPAL was null on creation 
Closes #41520

Signed-off-by: Martin Kanis <mkanis@redhat.com>
 2025-07-31 17:28:28 +02:00
Martin Bartoš
37f799ec5f
Upgrade to Quarkus 3.25.0 
Closes #41186

Signed-off-by: Martin Bartoš <mabartos@redhat.com>
 2025-07-31 14:47:25 +02:00
mposolda
2dab73063d Getting error 405 'Method Not Allowed' when calling the 'certs' endpoint with HEAD method 
closes #41537

Signed-off-by: mposolda <mposolda@gmail.com>
 2025-07-31 14:32:07 +02:00
Björn Eickvonder
c7cc162f6b
Support for RSA Key Size of 3072 
Closes #41551

Signed-off-by: Bjoern Eickvonder <bjoern.eickvonder@inform-software.com>
 2025-07-31 13:30:33 +02:00
Alexander Schwartz
e1b3afb686
Refresh token for an OAuth2 based IDP when retrieving the IDP token 
Closes #14644

Signed-off-by: Alexander Schwartz <aschwart@redhat.com>
 2025-07-31 11:11:34 +02:00
Keshav Deshpande
bee7e4b335
Change error to 400 for unknown user (#40939) 
Closes #39079

Signed-off-by: Keshav Deshpande <keshavprashantdeshpande@gmail.com>
 2025-07-31 10:23:14 +02:00
rmartinc
1f608fae6e Create a new condition for credential type and add it to default flows 
Closes #41354

Signed-off-by: rmartinc <rmartinc@redhat.com>
 2025-07-31 10:14:15 +02:00
Oliver
27cd19e68e
add index for user_id and type on event_entity 
Closes #26995

Signed-off-by: Oliver Cremerius <antikalk@users.noreply.github.com>
Signed-off-by: Alexander Schwartz <aschwart@redhat.com>
Co-authored-by: Alexander Schwartz <aschwart@redhat.com>
 2025-07-30 20:52:48 +00:00
Thomas Darimont
97dfbd2c84
Add details about client assertion to event 
Fixes #41405

Signed-off-by: Thomas Darimont <thomas.darimont@googlemail.com>
 2025-07-30 18:50:27 +00:00
Weblate (bot)
2b019d711e
Translations update from Hosted Weblate (#41506) 
* Updated translation for Georgian

Language: ka

Co-authored-by: Temuri Doghonadze <temuri.doghonadze@gmail.com>
Signed-off-by: Hosted Weblate <hosted@weblate.org>
Signed-off-by: Temuri Doghonadze <temuri.doghonadze@gmail.com>

* Updated translation for Chinese (Traditional Han script)

Language: zh_Hant

Updated translation for Chinese (Traditional Han script)

Language: zh_Hant

Updated translation for Chinese (Traditional Han script)

Language: zh_Hant

Translated using Weblate (Chinese (Traditional Han script))

Translation: Keycloak/Theme base/admin
Translate-URL: https://hosted.weblate.org/projects/keycloak/theme-baseadmin/zh_Hant/

Updated translation for Chinese (Traditional Han script)

Language: zh_Hant

Updated translation for Chinese (Traditional Han script)

Language: zh_Hant

Updated translation for Chinese (Traditional Han script)

Language: zh_Hant

Co-authored-by: Hosted Weblate <hosted@weblate.org>
Co-authored-by: 秉虎 <s96016641@gmail.com>
Co-authored-by: 翁震軒 <benwater12@gmail.com>
Signed-off-by: Hosted Weblate <hosted@weblate.org>
Signed-off-by: 秉虎 <s96016641@gmail.com>
Signed-off-by: 翁震軒 <benwater12@gmail.com>

---------

Signed-off-by: Hosted Weblate <hosted@weblate.org>
Signed-off-by: Temuri Doghonadze <temuri.doghonadze@gmail.com>
Signed-off-by: 秉虎 <s96016641@gmail.com>
Signed-off-by: 翁震軒 <benwater12@gmail.com>
Co-authored-by: Temuri Doghonadze <temuri.doghonadze@gmail.com>
Co-authored-by: 秉虎 <s96016641@gmail.com>
Co-authored-by: 翁震軒 <benwater12@gmail.com>
 2025-07-30 20:44:56 +02:00
Stan Silvert
e82f76aee5
Make fileChooser platform independent. (#41500) 
* Make fileChooser platform independent.

Fixes #41474

Signed-off-by: Stan Silvert <ssilvert@redhat.com>

* Added node: prefix to imports.

Signed-off-by: Stan Silvert <ssilvert@redhat.com>

---------

Signed-off-by: Stan Silvert <ssilvert@redhat.com>
 2025-07-30 13:21:05 -04:00
Jon Koops
1ac1f37508
Use single worker to run tests on CI (#41541) 
Signed-off-by: Jon Koops <jonkoops@gmail.com>
 2025-07-30 18:09:25 +02:00
Steven Hawkins
e4882f88ef
task: better document property mapping (#40873) 
* task: better document property mapping

closes: #40872

Signed-off-by: Steve Hawkins <shawkins@redhat.com>

* Update quarkus/runtime/src/main/java/org/keycloak/quarkus/runtime/configuration/mappers/PropertyMapper.java

Co-authored-by: Martin Bartoš <mabartos@redhat.com>
Signed-off-by: Steven Hawkins <shawkins@redhat.com>

* further refinements to the property mapping docs

Signed-off-by: Steve Hawkins <shawkins@redhat.com>

* Apply suggestions from code review

Co-authored-by: Martin Bartoš <mabartos@redhat.com>
Signed-off-by: Steven Hawkins <shawkins@redhat.com>

---------

Signed-off-by: Steve Hawkins <shawkins@redhat.com>
Signed-off-by: Steven Hawkins <shawkins@redhat.com>
Co-authored-by: Martin Bartoš <mabartos@redhat.com>
 2025-07-30 15:36:45 +00:00
Alexander Schwartz
c9943af4f3
Reduce likelihood of multiple coordinators on concurrent startup 
Closes #41290

Signed-off-by: Alexander Schwartz <aschwart@redhat.com>
Signed-off-by: Alexander Schwartz <alexander.schwartz@gmx.net>
Co-authored-by: Pedro Ruivo <pruivo@users.noreply.github.com>
 2025-07-30 15:39:44 +02:00
Steven Hawkins
a770204d0e
fix: adjusting the startup of the local api server for ci (#41364) 
closes: #39766

Signed-off-by: Steve Hawkins <shawkins@redhat.com>
 2025-07-30 14:59:30 +02:00
Martin Bartoš
7cdb994ba6
Missing comment generated by Liquibase executor in the custom script (#41490) 
Closes #41299

Signed-off-by: Martin Bartoš <mabartos@redhat.com>
 2025-07-30 14:05:50 +02:00
Freeda Vales
bcc85c2ff9
Fix: prevent federated users from being listed on initial Users page load 
Ensure that the Users page waits for userProfileProvidersEnabled to be defined
before fetching users. This prevents federated users from being listed by
default on first load, providing a consistent experience and avoiding confusion
when user federation is enabled.

Fixes #41044

Signed-off-by: Freeda Vales <freedavales28@gmail.com>
 2025-07-30 13:37:25 +02:00
Martin Bartoš
57cb321ce0 ExternalLinks are broken in documentation 
Closes #41491

Signed-off-by: Martin Bartoš <mabartos@redhat.com>
 2025-07-30 11:21:11 +02:00
Martin Bartoš
3243e95c5a Synchronize Maven surefire plugin with Quarkus 
Closes #41488

Co-authored-by: Peter Zaoral <pepo48@gmail.com>
Signed-off-by: Martin Bartoš <mabartos@redhat.com>
 2025-07-30 11:21:11 +02:00
Martin Bartoš
75ade9acef
Require setting DB kind for additional datasources (#41087) 
* Require setting DB kind for additional datasources

Closes #41161

Signed-off-by: Martin Bartoš <mabartos@redhat.com>

* refining build time check for db kind to be tolerant of existing usage

Signed-off-by: Steve Hawkins <shawkins@redhat.com>

---------

Signed-off-by: Martin Bartoš <mabartos@redhat.com>
Signed-off-by: Steve Hawkins <shawkins@redhat.com>
Co-authored-by: Steve Hawkins <shawkins@redhat.com>
 2025-07-29 14:48:28 +02:00
Takashi Norimatsu
71f510d115 PAR endpoind does not return an appropriate error regarding a request objec 
closes #41181

Signed-off-by: Takashi Norimatsu <takashi.norimatsu.ws@hitachi.com>
 2025-07-29 14:34:39 +02:00
Martin Bartoš
ae553b10f6
QuarkusTest fetches JARs again when executed (#41483) 
Closes #41466
Closes #41468

Signed-off-by: Martin Bartoš <mabartos@redhat.com>
 2025-07-29 12:31:18 +02:00
Alexander Schwartz
de953a9fae
Close spans in the exceptional path 
Closes #41469

Signed-off-by: Alexander Schwartz <aschwart@redhat.com>
 2025-07-29 11:10:47 +02:00
Martin Bartoš
3d5a1038a1
Provide simple HTTP access logs (#41389) 
Closes #41352

Signed-off-by: Martin Bartoš <mabartos@redhat.com>
 2025-07-29 10:55:18 +02:00
Alexander Schwartz
097fe4ab46
Making IDs for configuration options unique 
Closes #41423

Signed-off-by: Alexander Schwartz <aschwart@redhat.com>
 2025-07-28 14:57:16 -03:00
Jon Koops
f81e42ada5
Align and optimize Playwright configurations (#41461) 
Signed-off-by: Jon Koops <jonkoops@gmail.com>
 2025-07-28 10:56:14 -04:00
Weblate (bot)
29d1ea19a0
Translations update from Hosted Weblate (#41420) 
* Updated translation for German

Language: de

Co-authored-by: Alexander Schwartz <alexander.schwartz@gmx.net>
Co-authored-by: Hosted Weblate <hosted@weblate.org>
Signed-off-by: Alexander Schwartz <alexander.schwartz@gmx.net>
Signed-off-by: Hosted Weblate <hosted@weblate.org>

* Updated translation for Spanish

Language: es

Co-authored-by: Hernan Lopez <hernan.lopez@gmail.com>
Co-authored-by: Hosted Weblate <hosted@weblate.org>
Signed-off-by: Hernan Lopez <hernan.lopez@gmail.com>
Signed-off-by: Hosted Weblate <hosted@weblate.org>

---------

Signed-off-by: Alexander Schwartz <alexander.schwartz@gmx.net>
Signed-off-by: Hosted Weblate <hosted@weblate.org>
Signed-off-by: Hernan Lopez <hernan.lopez@gmail.com>
Co-authored-by: Alexander Schwartz <alexander.schwartz@gmx.net>
Co-authored-by: Hernan Lopez <hernan.lopez@gmail.com>
 2025-07-28 16:03:17 +02:00
dependabot[bot]
2aef3615b0 Bump @eslint/js from 9.31.0 to 9.32.0 in /js 
Bumps [@eslint/js](https://github.com/eslint/eslint/tree/HEAD/packages/js) from 9.31.0 to 9.32.0.
- [Release notes](https://github.com/eslint/eslint/releases)
- [Changelog](https://github.com/eslint/eslint/blob/main/CHANGELOG.md)
- [Commits](https://github.com/eslint/eslint/commits/v9.32.0/packages/js)

---
updated-dependencies:
- dependency-name: "@eslint/js"
  dependency-version: 9.32.0
  dependency-type: direct:development
  update-type: version-update:semver-minor
...

Signed-off-by: dependabot[bot] <support@github.com>
 2025-07-28 09:46:17 -03:00
dependabot[bot]
8852c8e961 Bump eslint from 9.31.0 to 9.32.0 in /js 
Bumps [eslint](https://github.com/eslint/eslint) from 9.31.0 to 9.32.0.
- [Release notes](https://github.com/eslint/eslint/releases)
- [Changelog](https://github.com/eslint/eslint/blob/main/CHANGELOG.md)
- [Commits](https://github.com/eslint/eslint/compare/v9.31.0...v9.32.0)

---
updated-dependencies:
- dependency-name: eslint
  dependency-version: 9.32.0
  dependency-type: direct:development
  update-type: version-update:semver-minor
...

Signed-off-by: dependabot[bot] <support@github.com>
 2025-07-28 09:34:41 -03:00
dependabot[bot]
dac226965e Bump github/codeql-action from 3.29.3 to 3.29.4 
Bumps [github/codeql-action](https://github.com/github/codeql-action) from 3.29.3 to 3.29.4.
- [Release notes](https://github.com/github/codeql-action/releases)
- [Changelog](https://github.com/github/codeql-action/blob/main/CHANGELOG.md)
- [Commits](d6bbdef45e...4e828ff8d4)

---
updated-dependencies:
- dependency-name: github/codeql-action
  dependency-version: 3.29.4
  dependency-type: direct:production
  update-type: version-update:semver-patch
...

Signed-off-by: dependabot[bot] <support@github.com>
 2025-07-28 09:21:40 -03:00
Pedro Ruivo
cf21fa10fd
Update docs how to verify that a cluster has formed 
Closes #40296

Signed-off-by: Pedro Ruivo <1492066+pruivo@users.noreply.github.com>
Signed-off-by: Alexander Schwartz <aschwart@redhat.com>
Co-authored-by: Pedro Ruivo <1492066+pruivo@users.noreply.github.com>
Co-authored-by: Alexander Schwartz <aschwart@redhat.com>
 2025-07-28 10:01:00 +00:00
秉虎
d2e9b09ebc
Migrate to zh-Hant / zh-Hans for Chinese language 
Closes: #41239

Signed-off-by: 秉虎 <s96016641@gmail.com>
Signed-off-by: Allen <s96016641@gmail.com>
Signed-off-by: Alexander Schwartz <aschwart@redhat.com>
Co-authored-by: Alexander Schwartz <aschwart@redhat.com>
 2025-07-28 11:47:55 +02:00
Martin Kylian
d97d27f827
Kerberos Server fields now trims whitespace 
Closes #41335

Signed-off-by: Martin Kylián <kylianm@plzen.eu>
Signed-off-by: Alexander Schwartz <aschwart@redhat.com>
Co-authored-by: Martin Kylián <kylianm@plzen.eu>
Co-authored-by: Alexander Schwartz <aschwart@redhat.com>
 2025-07-28 08:07:52 +00:00
Steven Hawkins
becf9eab4a
fix: removing bouncy castle from the operator (#41428) 
closes: #13959

Signed-off-by: Steve Hawkins <shawkins@redhat.com>
 2025-07-27 08:21:15 -04:00
Steven Hawkins
10947d002f
fix: using localtest.me instead of nip.io 
closes: #40645

Signed-off-by: Steve Hawkins <shawkins@redhat.com>
 2025-07-26 11:36:01 +02:00
Alexander Schwartz
4b51a2ea36
Fix broken anchor for caching docs 
Also shorten the docs as KC is now encrypting by default.

Closes #41421

Signed-off-by: Alexander Schwartz <aschwart@redhat.com>
 2025-07-26 10:55:08 +02:00
dependabot[bot]
cc69864ecd
Bump react-i18next from 15.6.0 to 15.6.1 in /js (#41346) 
Bumps [react-i18next](https://github.com/i18next/react-i18next) from 15.6.0 to 15.6.1.
- [Changelog](https://github.com/i18next/react-i18next/blob/master/CHANGELOG.md)
- [Commits](https://github.com/i18next/react-i18next/compare/v15.6.0...v15.6.1)

---
updated-dependencies:
- dependency-name: react-i18next
  dependency-version: 15.6.1
  dependency-type: direct:production
  update-type: version-update:semver-patch
...

Signed-off-by: dependabot[bot] <support@github.com>
Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com>
 2025-07-25 14:30:50 -04:00
dependabot[bot]
5451cedbd6
Bump typescript-eslint from 8.37.0 to 8.38.0 in /js (#41345) 
Bumps [typescript-eslint](https://github.com/typescript-eslint/typescript-eslint/tree/HEAD/packages/typescript-eslint) from 8.37.0 to 8.38.0.
- [Release notes](https://github.com/typescript-eslint/typescript-eslint/releases)
- [Changelog](https://github.com/typescript-eslint/typescript-eslint/blob/main/packages/typescript-eslint/CHANGELOG.md)
- [Commits](https://github.com/typescript-eslint/typescript-eslint/commits/v8.38.0/packages/typescript-eslint)

---
updated-dependencies:
- dependency-name: typescript-eslint
  dependency-version: 8.38.0
  dependency-type: direct:development
  update-type: version-update:semver-minor
...

Signed-off-by: dependabot[bot] <support@github.com>
Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com>
 2025-07-25 14:30:14 -04:00
dependabot[bot]
9a71681c07
Bump @types/node from 24.0.15 to 24.1.0 in /js (#41344) 
Bumps [@types/node](https://github.com/DefinitelyTyped/DefinitelyTyped/tree/HEAD/types/node) from 24.0.15 to 24.1.0.
- [Release notes](https://github.com/DefinitelyTyped/DefinitelyTyped/releases)
- [Commits](https://github.com/DefinitelyTyped/DefinitelyTyped/commits/HEAD/types/node)

---
updated-dependencies:
- dependency-name: "@types/node"
  dependency-version: 24.1.0
  dependency-type: direct:development
  update-type: version-update:semver-minor
...

Signed-off-by: dependabot[bot] <support@github.com>
Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com>
 2025-07-25 14:29:42 -04:00
dependabot[bot]
4b36ab7052
Bump properties-file from 3.5.12 to 3.5.13 in /js (#41343) 
Bumps [properties-file](https://github.com/properties-file/properties-file) from 3.5.12 to 3.5.13.
- [Release notes](https://github.com/properties-file/properties-file/releases)
- [Changelog](https://github.com/properties-file/properties-file/blob/main/CHANGELOG.md)
- [Commits](https://github.com/properties-file/properties-file/compare/3.5.12...3.5.13)

---
updated-dependencies:
- dependency-name: properties-file
  dependency-version: 3.5.13
  dependency-type: direct:development
  update-type: version-update:semver-patch
...

Signed-off-by: dependabot[bot] <support@github.com>
Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com>
 2025-07-25 14:29:18 -04:00
Martin Bartoš
6c4e813f59
Upgrade to Quarkus 3.24.5 
Closes #41374

Signed-off-by: Martin Bartoš <mabartos@redhat.com>
 2025-07-24 17:16:33 +02:00
Alexander Schwartz
8d8ed924c4
Setting 'write_data_on_find' to true to ensure merging of views 
Closes #41390

Signed-off-by: Alexander Schwartz <aschwart@redhat.com>
 2025-07-24 16:25:08 +02:00
rmartinc
dd17f7d811 Add a test for IdpUsernamePasswordForm in webauthn CI job 
Closes #41259

Signed-off-by: rmartinc <rmartinc@redhat.com>
 2025-07-24 10:39:29 -03:00
mposolda
0b98cb7466 Passkeys support in IdpUsernamePasswordForm 
closes #41259

Signed-off-by: mposolda <mposolda@gmail.com>
 2025-07-24 10:39:29 -03:00
Weblate (bot)
60bf9689ad
Translations update from Hosted Weblate (#41126) 
* Updated translation for Portuguese (Brazil)

Language: pt_BR

Updated translation for Portuguese (Brazil)

Language: pt_BR

Co-authored-by: Felipe Zorzo <felipe.b.zorzo@gmail.com>
Co-authored-by: Hosted Weblate <hosted@weblate.org>
Signed-off-by: Felipe Zorzo <felipe.b.zorzo@gmail.com>
Signed-off-by: Hosted Weblate <hosted@weblate.org>

* Updated translation for German

Language: de

Translated using Weblate (German)

Translation: Keycloak/Theme base/admin
Translate-URL: https://hosted.weblate.org/projects/keycloak/theme-baseadmin/de/

Co-authored-by: Hosted Weblate <hosted@weblate.org>
Co-authored-by: Robin <39960884+robson90@users.noreply.github.com>
Signed-off-by: Hosted Weblate <hosted@weblate.org>
Signed-off-by: Robin <39960884+robson90@users.noreply.github.com>

* Updated translation for Japanese

Language: ja

Updated translation for Japanese

Language: ja

Updated translation for Japanese

Language: ja

Updated translation for Japanese

Language: ja

Updated translation for Japanese

Language: ja

Updated translation for Japanese

Language: ja

Updated translation for Japanese

Language: ja

Updated translation for Japanese

Language: ja

Updated translation for Japanese

Language: ja

Updated translation for Japanese

Language: ja

Updated translation for Japanese

Language: ja

Updated translation for Japanese

Language: ja

Updated translation for Japanese

Language: ja

Updated translation for Japanese

Language: ja

Updated translation for Japanese

Language: ja

Updated translation for Japanese

Language: ja

Updated translation for Japanese

Language: ja

Updated translation for Japanese

Language: ja

Updated translation for Japanese

Language: ja

Co-authored-by: Hosted Weblate <hosted@weblate.org>
Co-authored-by: Kohei Tamura <ktamura.biz.80@gmail.com>
Signed-off-by: Hosted Weblate <hosted@weblate.org>
Signed-off-by: Kohei Tamura <ktamura.biz.80@gmail.com>

* Updated translation for Italian

Language: it

Updated translation for Italian

Language: it

Translated using Weblate (Italian)

Translation: Keycloak/Theme base/admin
Translate-URL: https://hosted.weblate.org/projects/keycloak/theme-baseadmin/it/

Updated translation for Italian

Language: it

Co-authored-by: Alexander Schwartz <alexander.schwartz@gmx.net>
Co-authored-by: EdoardoTona <tona.edoardo@gmail.com>
Co-authored-by: Hosted Weblate <hosted@weblate.org>
Signed-off-by: Alexander Schwartz <alexander.schwartz@gmx.net>
Signed-off-by: EdoardoTona <tona.edoardo@gmail.com>
Signed-off-by: Hosted Weblate <hosted@weblate.org>

* Updated translation for Dutch

Language: nl

Updated translation for Dutch

Language: nl

Co-authored-by: Alexander Schwartz <alexander.schwartz@gmx.net>
Co-authored-by: Hosted Weblate <hosted@weblate.org>
Signed-off-by: Alexander Schwartz <alexander.schwartz@gmx.net>
Signed-off-by: Hosted Weblate <hosted@weblate.org>

* Updated translation for Spanish

Language: es

Updated translation for Spanish

Language: es

Updated translation for Spanish

Language: es

Updated translation for Spanish

Language: es

Updated translation for Spanish

Language: es

Updated translation for Spanish

Language: es

Updated translation for Spanish

Language: es

Co-authored-by: Hernan Lopez <hernan.lopez@gmail.com>
Co-authored-by: Hosted Weblate <hosted@weblate.org>
Signed-off-by: Hernan Lopez <hernan.lopez@gmail.com>
Signed-off-by: Hosted Weblate <hosted@weblate.org>

* Updated translation for French

Language: fr

Updated translation for French

Language: fr

Updated translation for French

Language: fr

Co-authored-by: Hosted Weblate <hosted@weblate.org>
Co-authored-by: Sylvain Pichon <service@spichon.fr>
Signed-off-by: Hosted Weblate <hosted@weblate.org>
Signed-off-by: Sylvain Pichon <service@spichon.fr>

---------

Signed-off-by: Felipe Zorzo <felipe.b.zorzo@gmail.com>
Signed-off-by: Hosted Weblate <hosted@weblate.org>
Signed-off-by: Robin <39960884+robson90@users.noreply.github.com>
Signed-off-by: Kohei Tamura <ktamura.biz.80@gmail.com>
Signed-off-by: Alexander Schwartz <alexander.schwartz@gmx.net>
Signed-off-by: EdoardoTona <tona.edoardo@gmail.com>
Signed-off-by: Hernan Lopez <hernan.lopez@gmail.com>
Signed-off-by: Sylvain Pichon <service@spichon.fr>
Co-authored-by: Felipe Zorzo <felipe.b.zorzo@gmail.com>
Co-authored-by: Robin <39960884+robson90@users.noreply.github.com>
Co-authored-by: Kohei Tamura <ktamura.biz.80@gmail.com>
Co-authored-by: Alexander Schwartz <alexander.schwartz@gmx.net>
Co-authored-by: EdoardoTona <tona.edoardo@gmail.com>
Co-authored-by: Hernan Lopez <hernan.lopez@gmail.com>
Co-authored-by: Sylvain Pichon <service@spichon.fr>
 2025-07-24 12:52:45 +02:00
Giuseppe Graziano
8fc5664115 Add id token claims to OpenID Provider Metadata claims_supported 
Closes #41170

Signed-off-by: Giuseppe Graziano <g.graziano94@gmail.com>
 2025-07-24 07:21:45 -03:00
Martin Bartoš
4a23e43e02
Avoid additional execution of Liquibase changelog lock table statement 
Closes #41295

Signed-off-by: Martin Bartoš <mabartos@redhat.com>
 2025-07-24 12:18:25 +02:00
Ryan Emerson
7f5c747aa9
Implement CompatibilityMetadataProvider for DB options 
Closes #41297

Signed-off-by: Ryan Emerson <remerson@ibm.com>
 2025-07-24 10:30:45 +02:00
Stian Thorgersen
b71b1f5fea
Disable tests for specific databases and servers in test framework (#41358) 
Closes #41357

Signed-off-by: stianst <stianst@gmail.com>
 2025-07-24 09:34:15 +02:00
Stan Silvert
e8c4c442c2
Fix add/del bundle test (#41340) 
Fixes #41339

Signed-off-by: Stan Silvert <ssilvert@redhat.com>
 2025-07-23 07:40:27 +00:00
Steven Hawkins
8bc141d529
fix: further refining logic and docs around import/export (#40906) 
* fix: further refining logic and docs around import/export

closes: #40874

Signed-off-by: Steve Hawkins <shawkins@redhat.com>

* Update importExport.adoc

* Apply suggestions from code review

Co-authored-by: Alexander Schwartz <alexander.schwartz@gmx.net>
Signed-off-by: Steven Hawkins <shawkins@redhat.com>

---------

Signed-off-by: Steve Hawkins <shawkins@redhat.com>
Signed-off-by: Steven Hawkins <shawkins@redhat.com>
Co-authored-by: Alexander Schwartz <alexander.schwartz@gmx.net>
 2025-07-23 09:34:35 +02:00
Stian Thorgersen
bd676ea845
Test suites config for the new test framework (#41318) 
Closes #41316

Signed-off-by: stianst <stianst@gmail.com>
 2025-07-23 09:23:16 +02:00
Václav Muzikář
50a5d9afe6
Return global scope to @InjectHttpClient (#38586) 
Signed-off-by: Václav Muzikář <vmuzikar@redhat.com>
 2025-07-23 08:54:18 +02:00
dependabot[bot]
be208643f1
Bump @vitejs/plugin-react-swc from 3.10.2 to 3.11.0 in /js (#41275) 
---
updated-dependencies:
- dependency-name: "@vitejs/plugin-react-swc"
  dependency-version: 3.11.0
  dependency-type: direct:development
  update-type: version-update:semver-minor
...

Signed-off-by: dependabot[bot] <support@github.com>
Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com>
 2025-07-22 15:27:04 -04:00
Ricardo Martin
853a99c18d
Disable webauthn buttons after click 
Closes #41037

Signed-off-by: rmartinc <rmartinc@redhat.com>
 2025-07-22 15:30:52 +00:00
mposolda
57972d85d3 Update per feedback review 
Signed-off-by: mposolda <mposolda@gmail.com>
 2025-07-22 10:00:37 -03:00
mposolda
bba869b3d5 Fixing Re-authentication with passkeys 
closes #41242
closes #41008

Signed-off-by: mposolda <mposolda@gmail.com>
 2025-07-22 10:00:37 -03:00
dependabot[bot]
30f804af45
Bump i18next from 25.3.1 to 25.3.2 in /js (#41047) 
Bumps [i18next](https://github.com/i18next/i18next) from 25.3.1 to 25.3.2.
- [Release notes](https://github.com/i18next/i18next/releases)
- [Changelog](https://github.com/i18next/i18next/blob/master/CHANGELOG.md)
- [Commits](https://github.com/i18next/i18next/compare/v25.3.1...v25.3.2)

---
updated-dependencies:
- dependency-name: i18next
  dependency-version: 25.3.2
  dependency-type: direct:production
  update-type: version-update:semver-patch
...

Signed-off-by: dependabot[bot] <support@github.com>
Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com>
 2025-07-22 12:45:36 +00:00
Jon Koops
7d11ac30ea
Fix broken localization tests on Firefox (#41324) 
Closes #41323

Signed-off-by: Jon Koops <jonkoops@gmail.com>
 2025-07-22 12:11:23 +00:00
dependabot[bot]
04940d10ed
Bump eslint-config-prettier from 10.1.5 to 10.1.8 in /js (#41276) 
---
updated-dependencies:
- dependency-name: eslint-config-prettier
  dependency-version: 10.1.8
  dependency-type: direct:development
  update-type: version-update:semver-patch
...

Signed-off-by: dependabot[bot] <support@github.com>
Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com>
 2025-07-22 12:07:32 +00:00
Martin Bartoš
74cfa87f3c
Remove obsolete code for the Liquibase LogHistoryService 
Closes #41229

Signed-off-by: Martin Bartoš <mabartos@redhat.com>
 2025-07-22 13:50:30 +02:00
dependabot[bot]
6de8e2d25c
Bump github/codeql-action from 3.29.2 to 3.29.3 (#41307) 
Bumps [github/codeql-action](https://github.com/github/codeql-action) from 3.29.2 to 3.29.3.
- [Release notes](https://github.com/github/codeql-action/releases)
- [Changelog](https://github.com/github/codeql-action/blob/main/CHANGELOG.md)
- [Commits](181d5eefc2...d6bbdef45e)

---
updated-dependencies:
- dependency-name: github/codeql-action
  dependency-version: 3.29.3
  dependency-type: direct:production
  update-type: version-update:semver-patch
...

Signed-off-by: dependabot[bot] <support@github.com>
Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com>
 2025-07-22 13:49:08 +02:00
dependabot[bot]
4bb2c147eb
Bump @types/node from 24.0.12 to 24.0.15 in /js (#41273) 
---
updated-dependencies:
- dependency-name: "@types/node"
  dependency-version: 24.0.15
  dependency-type: direct:development
  update-type: version-update:semver-patch
...

Signed-off-by: dependabot[bot] <support@github.com>
Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com>
 2025-07-22 11:45:31 +00:00
Šimon Vacek
eb000cfbe0
Move ComponentsTest.java to the new testsuite (#41169) 
Part of: #34494

Signed-off-by: Simon Vacek <simonvacky@email.cz>
 2025-07-22 11:26:06 +00:00
dependabot[bot]
57d26fb228
Bump eslint-plugin-prettier from 5.5.1 to 5.5.3 in /js (#41274) 
---
updated-dependencies:
- dependency-name: eslint-plugin-prettier
  dependency-version: 5.5.3
  dependency-type: direct:development
  update-type: version-update:semver-patch
...

Signed-off-by: dependabot[bot] <support@github.com>
Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com>
 2025-07-22 13:14:50 +02:00
dependabot[bot]
df91059cfe
Bump vite from 7.0.3 to 7.0.5 in /js (#41241) 
---
updated-dependencies:
- dependency-name: vite
  dependency-version: 7.0.5
  dependency-type: direct:development
  update-type: version-update:semver-patch
...

Signed-off-by: dependabot[bot] <support@github.com>
Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com>
 2025-07-22 13:14:24 +02:00
Ryan Emerson
82dc98a0d9
Document configuration changes that prevent rolling updates 
Closes #41214

Signed-off-by: Ryan Emerson <remerson@ibm.com>
Signed-off-by: Alexander Schwartz <aschwart@redhat.com>
Co-authored-by: Alexander Schwartz <alexander.schwartz@gmx.net>
Co-authored-by: Alexander Schwartz <aschwart@redhat.com>
 2025-07-22 10:38:11 +00:00
Lukas Hanusovsky
d7273e6b1f
Move ConsentsTest.java to the new testsuite (#40323) 
* Moving files to the new test suite

Signed-off-by: Lukas Hanusovsky <lhanusov@redhat.com>

* Move ConsentsTest.java, UserRoleTest.java to the new testsuite

Part of: #34494

Signed-off-by: Lukas Hanusovsky <lhanusov@redhat.com>

---------

Signed-off-by: Lukas Hanusovsky <lhanusov@redhat.com>
 2025-07-22 12:31:59 +02:00
Alexander Schwartz
7fd3380b19
OpenTelemetry Tracing: Visualize JGroups communication (#39659) 
Closes #39658

Signed-off-by: Alexander Schwartz <aschwart@redhat.com>
 2025-07-22 11:51:58 +02:00
Steven Hawkins
98612bbb67
fix: adding group import handling similar to users 
closes: #41235

Signed-off-by: Steve Hawkins <shawkins@redhat.com>
Signed-off-by: Alexander Schwartz <aschwart@redhat.com>
Co-authored-by: Alexander Schwartz <aschwart@redhat.com>
 2025-07-22 09:29:32 +00:00
Stan Silvert
d354b2c337
Let account test pass for now. Follow up with another issue. (#41288) 
Signed-off-by: Stan Silvert <ssilvert@redhat.com>
 2025-07-22 11:08:31 +02:00
Martin Bartoš
b27213aef5
Remove obsolete Liquibase FK snapshot generator 
Closes #41293

Signed-off-by: Martin Bartoš <mabartos@redhat.com>
 2025-07-22 10:15:33 +02:00
Alexis Rico
15b0f032cd
Fallback to display text consent scopes (#40789) 
Closes #40788

Signed-off-by: Alexis Rico <sferadev@gmail.com>
 2025-07-21 16:46:18 -04:00
Stian Thorgersen
6bf8e1c48f
Update ua-parser to 1.6.1 
Closes #41283

Signed-off-by: stianst <stianst@gmail.com>
 2025-07-21 14:02:52 +02:00
stianst
f7a948fbe7 Add kcw script to Keycloak repository 
Signed-off-by: stianst <stianst@gmail.com>
 2025-07-21 08:57:19 +02:00
Martin Bartoš
6f4af1f390
Upgrade to Quarkus 3.24.4 (#41247) 
Closes #41246

Signed-off-by: Martin Bartoš <mabartos@redhat.com>
 2025-07-21 08:44:48 +02:00
dependabot[bot]
453f97adf0
Bump typescript-eslint from 8.36.0 to 8.37.0 in /js (#41154) 
Bumps [typescript-eslint](https://github.com/typescript-eslint/typescript-eslint/tree/HEAD/packages/typescript-eslint) from 8.36.0 to 8.37.0.
- [Release notes](https://github.com/typescript-eslint/typescript-eslint/releases)
- [Changelog](https://github.com/typescript-eslint/typescript-eslint/blob/main/packages/typescript-eslint/CHANGELOG.md)
- [Commits](https://github.com/typescript-eslint/typescript-eslint/commits/v8.37.0/packages/typescript-eslint)

---
updated-dependencies:
- dependency-name: typescript-eslint
  dependency-version: 8.37.0
  dependency-type: direct:development
  update-type: version-update:semver-minor
...

Signed-off-by: dependabot[bot] <support@github.com>
Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com>
 2025-07-18 15:37:22 -04:00
rmartinc
e0bba39da0 Allow configure encryption details for SAML clients 
Closes #40933

Signed-off-by: rmartinc <rmartinc@redhat.com>
 2025-07-18 20:13:40 +02:00
Ryan Emerson
52b1c1850e
Upgrade to Infinispan 15.0.18.Final 
Closes #41257

Signed-off-by: Ryan Emerson <remerson@redhat.com>
 2025-07-18 16:26:50 +00:00
Martin Bartoš
a7019c638f
Remove workaround for handling Syslog counting framing (#40989) 
Closes #40683

Signed-off-by: Martin Bartoš <mabartos@redhat.com>
 2025-07-18 17:01:10 +02:00
Steven Hawkins
6c7be65456
fix: refine test for rolling (#41254) 
closes: #41204

Signed-off-by: Steve Hawkins <shawkins@redhat.com>
 2025-07-18 15:05:23 +02:00
Martin Bartoš
744e031019
Provide DB SQL options support for additional datasources (#41223) 
* Provide DB SQL options support for additional datasources

Closes #41222

Co-authored-by: Steven Hawkins <shawkins@redhat.com>
Signed-off-by: Martin Bartoš <mabartos@redhat.com>

* Rename resultNamedKey to namedKey

Signed-off-by: Martin Bartoš <mabartos@redhat.com>

---------

Signed-off-by: Martin Bartoš <mabartos@redhat.com>
Co-authored-by: Steven Hawkins <shawkins@redhat.com>
 2025-07-18 08:13:55 +00:00
Takashi Norimatsu
631aebd848 FAPI 2.0 Final - only accept its issuer identifier value as a string in the aud claim received in client authentication assertions 
closes #41119

Signed-off-by: Takashi Norimatsu <takashi.norimatsu.ws@hitachi.com>
 2025-07-18 08:26:21 +02:00
Jon Koops
225b693c10
Stabilize flow duplication modal to avoid test failures (#41218) 
Closes #41216

Signed-off-by: Jon Koops <jonkoops@gmail.com>
 2025-07-17 16:42:16 -04:00
Ryan Emerson
52a83509dc
Default jdbc-ping cluster setup for distributed caches fails in Oracle 
* Add DatabaseConfig to TestDatabase so the underlying DB can be
  configured per test
* Allow DB initScripts to be configured by tests

Closes #40784
Closes #41105

Signed-off-by: Ryan Emerson <remerson@redhat.com>
Signed-off-by: Alexander Schwartz <aschwart@redhat.com>
Co-authored-by: Alexander Schwartz <aschwart@redhat.com>
 2025-07-17 15:57:25 +00:00
Martin Kanis
85b494ec51
Review and update the documentation regarding the UPDATE EMAIL feature 
Closes #40226

Signed-off-by: Martin Kanis <mkanis@redhat.com>
 2025-07-17 15:27:09 +00:00
SoMin Park
0ebf87920b
docs: hide Containerfile note in product docs 
Closes #41029

Signed-off-by: Somin Park <ps4708@naver.com>
Signed-off-by: Alexander Schwartz <aschwart@redhat.com>
Co-authored-by: Alexander Schwartz <aschwart@redhat.com>
 2025-07-17 15:02:00 +00:00
Martin Bartoš
8d77dfaf72
Improve handling of datasource name specified in persistence.xml files (#41194) 
Closes #41192

Signed-off-by: Martin Bartoš <mabartos@redhat.com>
 2025-07-17 16:06:00 +02:00
Ryan Emerson
7ea7c2dcc4
Document spi-user-sessions--infinispan--use-batches 
Closes #41219

Signed-off-by: Ryan Emerson <remerson@redhat.com>
 2025-07-17 12:41:53 +00:00
Stan Silvert
bfd725d851
Only view svc acct users on exact search 
Closes #41103

Signed-off-by: Stan Silvert <ssilvert@redhat.com>
 2025-07-17 09:22:46 +02:00
Martin Bartoš
0b402f47fe
Fix typo for MDC enabled property in logging guide (#41212) 
Signed-off-by: Martin Bartoš <mabartos@redhat.com>
 2025-07-17 09:05:36 +02:00
SoMin Park
0d71b4ebe8
DOC: Explain Containerfile usage and fix docker build example (#41213) 
Closes #41029

Signed-off-by: Somin Park <ps4708@naver.com>
 2025-07-17 08:28:15 +02:00
dependabot[bot]
6c777403ed
Bump rollup from 4.44.2 to 4.45.1 in /js (#41179) 
Bumps [rollup](https://github.com/rollup/rollup) from 4.44.2 to 4.45.1.
- [Release notes](https://github.com/rollup/rollup/releases)
- [Changelog](https://github.com/rollup/rollup/blob/master/CHANGELOG.md)
- [Commits](https://github.com/rollup/rollup/compare/v4.44.2...v4.45.1)

---
updated-dependencies:
- dependency-name: rollup
  dependency-version: 4.45.1
  dependency-type: direct:development
  update-type: version-update:semver-minor
...

Signed-off-by: dependabot[bot] <support@github.com>
Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com>
 2025-07-16 15:14:47 -04:00
dependabot[bot]
cfc1562485
Bump eslint from 9.30.1 to 9.31.0 in /js (#41132) 
Bumps [eslint](https://github.com/eslint/eslint) from 9.30.1 to 9.31.0.
- [Release notes](https://github.com/eslint/eslint/releases)
- [Changelog](https://github.com/eslint/eslint/blob/main/CHANGELOG.md)
- [Commits](https://github.com/eslint/eslint/compare/v9.30.1...v9.31.0)

---
updated-dependencies:
- dependency-name: eslint
  dependency-version: 9.31.0
  dependency-type: direct:development
  update-type: version-update:semver-minor
...

Signed-off-by: dependabot[bot] <support@github.com>
Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com>
 2025-07-16 15:13:46 -04:00
dependabot[bot]
7907019ca3
Bump @playwright/test from 1.53.2 to 1.54.1 in /js (#41131) 
Bumps [@playwright/test](https://github.com/microsoft/playwright) from 1.53.2 to 1.54.1.
- [Release notes](https://github.com/microsoft/playwright/releases)
- [Commits](https://github.com/microsoft/playwright/compare/v1.53.2...v1.54.1)

---
updated-dependencies:
- dependency-name: "@playwright/test"
  dependency-version: 1.54.1
  dependency-type: direct:development
  update-type: version-update:semver-minor
...

Signed-off-by: dependabot[bot] <support@github.com>
Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com>
 2025-07-16 15:13:15 -04:00
dependabot[bot]
71899976d3
Bump @eslint/js from 9.30.1 to 9.31.0 in /js (#41129) 
Bumps [@eslint/js](https://github.com/eslint/eslint/tree/HEAD/packages/js) from 9.30.1 to 9.31.0.
- [Release notes](https://github.com/eslint/eslint/releases)
- [Changelog](https://github.com/eslint/eslint/blob/main/CHANGELOG.md)
- [Commits](https://github.com/eslint/eslint/commits/v9.31.0/packages/js)

---
updated-dependencies:
- dependency-name: "@eslint/js"
  dependency-version: 9.31.0
  dependency-type: direct:development
  update-type: version-update:semver-minor
...

Signed-off-by: dependabot[bot] <support@github.com>
Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com>
 2025-07-16 15:12:51 -04:00
dependabot[bot]
46e26175b3
Bump chai from 5.2.0 to 5.2.1 in /js (#41015) 
Bumps [chai](https://github.com/chaijs/chai) from 5.2.0 to 5.2.1.
- [Release notes](https://github.com/chaijs/chai/releases)
- [Changelog](https://github.com/chaijs/chai/blob/main/History.md)
- [Commits](https://github.com/chaijs/chai/compare/v5.2.0...v5.2.1)

---
updated-dependencies:
- dependency-name: chai
  dependency-version: 5.2.1
  dependency-type: direct:development
  update-type: version-update:semver-patch
...

Signed-off-by: dependabot[bot] <support@github.com>
Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com>
 2025-07-16 15:11:59 -04:00
dependabot[bot]
a61146c911
Bump react-i18next from 15.5.3 to 15.6.0 in /js (#40909) 
---
updated-dependencies:
- dependency-name: react-i18next
  dependency-version: 15.6.0
  dependency-type: direct:production
  update-type: version-update:semver-minor
...

Signed-off-by: dependabot[bot] <support@github.com>
Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com>
 2025-07-16 15:11:26 -04:00
Jon Koops
c12d0c958a
Fix client scope assigned type test (#41198) 
Closes #41195

Signed-off-by: Jon Koops <jonkoops@gmail.com>
 2025-07-16 14:52:13 -04:00
Ryan Emerson
4bb02305c3
Implement CompatibilityMetadataProvider for Cache CLI args 
Closes #41138

Signed-off-by: Ryan Emerson <remerson@redhat.com>
 2025-07-16 19:52:51 +02:00
Björn Eickvonder
d62d5030fe
Adds log context information for MDC for realm, users, etc. 
Closes #39812

Signed-off-by: Björn Eickvonder <b.eicki@gmx.net>
Signed-off-by: Alexander Schwartz <aschwart@redhat.com>
Signed-off-by: Bjoern Eickvonder <bjoern.eickvonder@inform-software.com>
Co-authored-by: Pedro Ruivo <pruivo@users.noreply.github.com>
Co-authored-by: Alexander Schwartz <aschwart@redhat.com>
 2025-07-16 17:46:46 +02:00
Alexander Schwartz
180745b65f
Fix em-dash in SPI options in the docs 
Closes #41152

Signed-off-by: Alexander Schwartz <aschwart@redhat.com>
Signed-off-by: Alexander Schwartz <alexander.schwartz@gmx.net>
Co-authored-by: Steven Hawkins <shawkins@redhat.com>
 2025-07-16 12:18:09 -03:00
Pedro Igor
87f30a6285
Adding a config to the UPDATE_EMAIL action to force users to verify email 
Closes #32569

Signed-off-by: Pedro Igor <pigor.craveiro@gmail.com>
 2025-07-16 16:21:08 +02:00
Ryan Emerson
0a745d6aeb
Allow Features to declare that they support Rolling upgrades 
Closes #41022

Signed-off-by: Ryan Emerson <remerson@redhat.com>
Signed-off-by: Alexander Schwartz <aschwart@redhat.com>
Co-authored-by: Alexander Schwartz <aschwart@redhat.com>
 2025-07-16 12:10:29 +02:00
Martin Bartoš
265364bffe
Upgrade to Quarkus 3.24.3 (#41173) 
Closes #41172

Signed-off-by: Martin Bartoš <mabartos@redhat.com>
 2025-07-16 07:43:22 +00:00
Takashi Norimatsu
f00cd980c4 Add FAPI 2.0 + DPoP security profile as default profile of client policies 
closes #35441

Signed-off-by: Takashi Norimatsu <takashi.norimatsu.ws@hitachi.com>
 2025-07-16 09:30:11 +02:00
Lukas Hanusovsky
788e981917 Move UserTest.java to the new testsuite 
Part of: #34494

Signed-off-by: Lukas Hanusovsky <lhanusov@redhat.com>
 2025-07-16 08:13:30 +02:00
Andreas Kozadinos
5c930c1f73
Bug Fix: Blank Tab in Client Registration Access Policies (#41143) 
Closes #41140

Signed-off-by: Andreas Kozadinos <koza-sparrow@hotmail.com>
 2025-07-15 14:09:32 -04:00
Steven Hawkins
b6b1731181
fix: adding a release note for http-management-scheme and operator (#41144) 
handling

closes: #40945

Signed-off-by: Steve Hawkins <shawkins@redhat.com>
 2025-07-15 19:21:40 +02:00
Martin Bartoš
23c301f2ed
Upgrade to the Quarkus 3.24.2 version (#40867) 
Closes #40592

Signed-off-by: Martin Bartoš <mabartos@redhat.com>
 2025-07-15 16:15:03 +02:00
Stan Silvert
15c83f8722
Add pagination to user idp links. (#41068) 
* Add pagination to user idp links.

Fixes #40818

Signed-off-by: Stan Silvert <ssilvert@redhat.com>

* Update js/apps/admin-ui/src/user/UserIdentityProviderLinks.tsx

Co-authored-by: Jon Koops <jonkoops@gmail.com>
Signed-off-by: Stan Silvert <ssilvert@redhat.com>

* Update js/apps/admin-ui/src/user/UserIdentityProviderLinks.tsx

Co-authored-by: Jon Koops <jonkoops@gmail.com>
Signed-off-by: Stan Silvert <ssilvert@redhat.com>

* Refactor

Signed-off-by: Stan Silvert <ssilvert@redhat.com>

* Refactor for useFetch instead of useEffect

Signed-off-by: Stan Silvert <ssilvert@redhat.com>

---------

Signed-off-by: Stan Silvert <ssilvert@redhat.com>
Co-authored-by: Jon Koops <jonkoops@gmail.com>
 2025-07-15 09:32:01 -04:00
Steven Hawkins
cf7c9a6ecd
fix: prevent quarkus from persisting logging runtime defaults (#41005) 
* fix: ensures that build time logging wildcards are not used at runtime

closes: #40977

Signed-off-by: Steve Hawkins <shawkins@redhat.com>

* fix: removing the usage of ConfigValue.getRawValue where not appropriate

closes:

Signed-off-by: Steve Hawkins <shawkins@redhat.com>

* correcting auto logging tests

Signed-off-by: Steve Hawkins <shawkins@redhat.com>

---------

Signed-off-by: Steve Hawkins <shawkins@redhat.com>
 2025-07-15 14:09:12 +02:00
Lukas Hanusovsky
5e805ac6b3 Move UserStorageRestTest.java to the new testsuite 
Part of: #34494

Signed-off-by: Lukas Hanusovsky <lhanusov@redhat.com>
 2025-07-15 13:39:32 +02:00
Lukas Hanusovsky
2145830d57 Moving files to the new test suite 
Signed-off-by: Lukas Hanusovsky <lhanusov@redhat.com>
 2025-07-15 13:39:32 +02:00
Lukas Hanusovsky
17beaa1359 Migrate FineGrainAdminUnitTest.java to the new testsuite 
Part of: #34494

Signed-off-by: Lukas Hanusovsky <lhanusov@redhat.com>
 2025-07-15 13:38:03 +02:00
dependabot[bot]
4fd047c58e Bump github/codeql-action from 3.29.0 to 3.29.2 
Bumps [github/codeql-action](https://github.com/github/codeql-action) from 3.29.0 to 3.29.2.
- [Release notes](https://github.com/github/codeql-action/releases)
- [Changelog](https://github.com/github/codeql-action/blob/main/CHANGELOG.md)
- [Commits](ce28f5bb42...181d5eefc2)

---
updated-dependencies:
- dependency-name: github/codeql-action
  dependency-version: 3.29.2
  dependency-type: direct:production
  update-type: version-update:semver-patch
...

Signed-off-by: dependabot[bot] <support@github.com>
 2025-07-14 19:11:54 -03:00
dependabot[bot]
bcde7954eb Bump aquasecurity/trivy-action from 0.31.0 to 0.32.0 
Bumps [aquasecurity/trivy-action](https://github.com/aquasecurity/trivy-action) from 0.31.0 to 0.32.0.
- [Release notes](https://github.com/aquasecurity/trivy-action/releases)
- [Commits](76071ef0d7...dc5a429b52)

---
updated-dependencies:
- dependency-name: aquasecurity/trivy-action
  dependency-version: 0.32.0
  dependency-type: direct:production
  update-type: version-update:semver-minor
...

Signed-off-by: dependabot[bot] <support@github.com>
 2025-07-14 18:58:21 -03:00
dependabot[bot]
80a2b4401b Bump snyk/actions 
Bumps [snyk/actions](https://github.com/snyk/actions) from cdb760004ba9ea4d525f2e043745dfe85bb9077e to 28606799782bc8e809f4076e9f8293bc4212d05e.
- [Release notes](https://github.com/snyk/actions/releases)
- [Commits](cdb760004b...2860679978)

---
updated-dependencies:
- dependency-name: snyk/actions
  dependency-version: 28606799782bc8e809f4076e9f8293bc4212d05e
  dependency-type: direct:production
...

Signed-off-by: dependabot[bot] <support@github.com>
 2025-07-14 18:57:25 -03:00
Pedro Igor
d5206b61f6 Update email feature only enabled if the required action is enabled at the realm 
Closes #41045

Signed-off-by: Pedro Igor <pigor.craveiro@gmail.com>
 2025-07-14 16:31:15 -03:00
Steven Hawkins
be6ba05444
fix: using unversioned key in docs (#41142) 
closes: #40959

Signed-off-by: Steve Hawkins <shawkins@redhat.com>
 2025-07-14 18:11:24 +02:00
秉虎
21878c164d
Update Traditional Chinese locale to latest version 
Closes #41151

Signed-off-by: 秉虎 <s96016641@gmail.com>
Signed-off-by: Alexander Schwartz <alexander.schwartz@gmx.net>
Co-authored-by: Alexander Schwartz <alexander.schwartz@gmx.net>
 2025-07-14 17:49:39 +02:00
Lukas Hanusovsky
660a4aa48a Move IdentityProviderTest.java to the new testsuite 
Part of: #34494

Signed-off-by: Lukas Hanusovsky <lhanusov@redhat.com>
 2025-07-14 15:55:50 +02:00
Lukas Hanusovsky
21d033dc3a Moving files to the new test suite 
Signed-off-by: Lukas Hanusovsky <lhanusov@redhat.com>
 2025-07-14 15:55:50 +02:00
Lukas Hanusovsky
73aa3e9c18 Move IllegalAdminUpgradeTest.java to the new testsuite 
Part of: #34494

Signed-off-by: Lukas Hanusovsky <lhanusov@redhat.com>
 2025-07-14 14:31:59 +02:00
Erik Jan de Wit
f979a6fe92
added erik as maintainer dutch language (#41141) 
Signed-off-by: Erik Jan de Wit <erikjan.dewit@gmail.com>
Signed-off-by: Alexander Schwartz <alexander.schwartz@gmx.net>
Co-authored-by: Alexander Schwartz <aschwart@redhat.com>
 2025-07-14 12:06:39 +00:00
Lukas Hanusovsky
d2b45373d3 Move PartialImportTest.java to the new testsuite 
Part of: #34494

Signed-off-by: Lukas Hanusovsky <lhanusov@redhat.com>
 2025-07-14 14:00:17 +02:00
Steven Hawkins
2397ff9b8e
fix: providing a single property to declare management interface as http (#41089) 
closes: #40945

Signed-off-by: Steve Hawkins <shawkins@redhat.com>
 2025-07-14 12:54:22 +02:00
forkimenjeckayang
a3441689e9
[OID4VCI] OpenID for Verifiable Credentials support in client settings (#39385) 
Closes #32967

Signed-off-by: forkimenjeckayang <forkimenjeckayang@gmail.com>


Co-authored-by: Francis Pouatcha <francis.pouatcha@adorsys.com>
 2025-07-14 11:47:10 +02:00
Lukas Hanusovsky
cabd7cd474 Move ConcurrencyTest.java, AbstractConcurrencyTest.java to the new testsuite 
Part of: #34494

Signed-off-by: Lukas Hanusovsky <lhanusov@redhat.com>
 2025-07-14 11:10:54 +02:00
Weblate (bot)
adae1bbcb1
Translations update from Hosted Weblate (#41017) 
* Updated translation for Japanese

Language: ja

Updated translation for Japanese

Language: ja

Updated translation for Japanese

Language: ja

Updated translation for Japanese

Language: ja

Updated translation for Japanese

Language: ja

Updated translation for Japanese

Language: ja

Updated translation for Japanese

Language: ja

Updated translation for Japanese

Language: ja

Updated translation for Japanese

Language: ja

Updated translation for Japanese

Language: ja

Co-authored-by: Hosted Weblate <hosted@weblate.org>
Co-authored-by: Kohei Tamura <ktamura.biz.80@gmail.com>
Signed-off-by: Hosted Weblate <hosted@weblate.org>
Signed-off-by: Kohei Tamura <ktamura.biz.80@gmail.com>

* Updated translation for French

Language: fr

Co-authored-by: Hosted Weblate <hosted@weblate.org>
Co-authored-by: William Oprandi <william.oprandi@gmail.com>
Signed-off-by: Hosted Weblate <hosted@weblate.org>
Signed-off-by: William Oprandi <william.oprandi@gmail.com>

---------

Signed-off-by: Hosted Weblate <hosted@weblate.org>
Signed-off-by: Kohei Tamura <ktamura.biz.80@gmail.com>
Signed-off-by: William Oprandi <william.oprandi@gmail.com>
Co-authored-by: Kohei Tamura <ktamura.biz.80@gmail.com>
Co-authored-by: William Oprandi <william.oprandi@gmail.com>
 2025-07-12 09:44:45 +02:00
Pedro Igor
03a95ef395 Selected client ID is a string and not an array 
Closes #41080

Signed-off-by: Pedro Igor <pigor.craveiro@gmail.com>
 2025-07-11 15:43:18 -03:00
Giuseppe Graziano
2f36276ff0
Remove FGAP:v1 from external-internal token exchange (#40938) 
Closes #40855

Signed-off-by: Giuseppe Graziano <g.graziano94@gmail.com>
 2025-07-11 17:42:47 +02:00
Pedro Ruivo
cf0b3c542a
Add SRE maintainers team to CODEOWNERS 
Closes #41111

Signed-off-by: Pedro Ruivo <1492066+pruivo@users.noreply.github.com>
Signed-off-by: Alexander Schwartz <alexander.schwartz@gmx.net>
Co-authored-by: Pedro Ruivo <1492066+pruivo@users.noreply.github.com>
Co-authored-by: Alexander Schwartz <alexander.schwartz@gmx.net>
 2025-07-11 16:25:11 +02:00
mposolda
274afa88fa Add option 'Requires short state parameter' to OIDC IDP 
closes #40237

Signed-off-by: mposolda <mposolda@gmail.com>
 2025-07-11 16:17:03 +02:00
Ricardo Martin
164274ac51
Check if PK for DATABASECHANGELOG already exists 
Closes #41082

Signed-off-by: rmartinc <rmartinc@redhat.com>
 2025-07-11 16:06:08 +02:00
Stian Thorgersen
8a694a585b
Add generic update methods for builders (#40312) 
Closes #40311

Signed-off-by: stianst <stianst@gmail.com>
 2025-07-11 09:03:28 +02:00
Pedro Ruivo
5219a331b9
Skip computing lifespan for read-only sessions 
Fixes #40980

Signed-off-by: Pedro Ruivo <1492066+pruivo@users.noreply.github.com>
Co-authored-by: Pedro Ruivo <1492066+pruivo@users.noreply.github.com>
 2025-07-10 20:40:28 +02:00
Pedro Igor
919554e6fc
Resolve organization when scope is requested and the user is a member or the email domain matches the organization 
Closes #39864

Signed-off-by: Pedro Igor <pigor.craveiro@gmail.com>
 2025-07-10 20:38:47 +02:00
Pedro Igor
88069cd5fb
Mark user session for removal when the user bound to cannot be resolved 
Closes #40398

Signed-off-by: Pedro Igor <pigor.craveiro@gmail.com>
 2025-07-10 20:37:18 +02:00
Sylvere Richard
173471a1c9 Fix #40995 avoid ModelException: At least one condition should be provided to OR query 
Closes #40995
Signed-off-by: Sylvere Richard <sylvere.richard@gmail.com>
 2025-07-10 15:34:02 -03:00
Stian Thorgersen
efd1ffd244
Increase timeout when publishing to Maven Central (#41051) 
Signed-off-by: stianst <stianst@gmail.com>
 2025-07-10 20:30:04 +02:00
Pascal Knüppel
f39a37d8d1
[OID4VCI] Move realm attributes to clientScope and protocol-mappers (#39768) 
fixes #39527


Signed-off-by: Pascal Knüppel <pascal.knueppel@governikus.de>
Signed-off-by: Captain-P-Goldfish <captain.p.goldfish@gmx.de>
 2025-07-10 14:46:36 +02:00
Steven Hawkins
66ffce6661
fix: restricting lookup of existing resources to current owner (#40985) 
closes: #40932

Signed-off-by: Steve Hawkins <shawkins@redhat.com>
 2025-07-10 11:04:04 +00:00
Pedro Ruivo
21eda2ae7a
Improve logging for client sessions load 
Closes #41034

Signed-off-by: Pedro Ruivo <1492066+pruivo@users.noreply.github.com>
Signed-off-by: Alexander Schwartz <alexander.schwartz@gmx.net>
Co-authored-by: Pedro Ruivo <1492066+pruivo@users.noreply.github.com>
Co-authored-by: Alexander Schwartz <alexander.schwartz@gmx.net>
Co-authored-by: Marek Posolda <mposolda@gmail.com>
 2025-07-10 10:08:27 +00:00
rmartinc
e631ef4f92 Remove /etc/system-fips file before executing fips-mode-setup 
Closes #41038

Signed-off-by: rmartinc <rmartinc@redhat.com>
 2025-07-10 09:02:37 +02:00
Martin Kanis
5a42390341 Make UPDATE_EMAIL a supported feature 
Closes #40227

Signed-off-by: Martin Kanis <mkanis@redhat.com>
 2025-07-09 10:15:48 -03:00
michael.cordingley
20a4dc283b Generate a UUID to be the JTI instead of reusing the nonce. 
Signed-off-by: michael.cordingley <michael.cordingley@upstart.com>
 2025-07-09 13:15:17 +02:00
forkimenjeckayang
beb4be6b32
[OID4VCI] : Update Credential Issuer Metadata Model for OID4VCI Draft-15 (#40749) 
Closes #39290

Signed-off-by: forkimenjeckayang <forkimenjeckayang@gmail.com>
 2025-07-09 11:41:17 +02:00
Håvar Nøvik
9d41092944 BUGFIX: session limit exceeded for both client & realm 
This commit fixes a bug the wrong user session is removed if the user session limit
for realm and client is exceeded at the same time.

Closes #38016

Signed-off-by: Håvar Nøvik <havar@novik.email>
 2025-07-09 11:37:55 +02:00
rmartinc
900d8c7400 Changing default passwordless webauthn policy to follow recommended values in the documentation 
Closes #40792

Signed-off-by: rmartinc <rmartinc@redhat.com>
 2025-07-09 11:34:28 +02:00
rmartinc
6b050776bc Set client in the session context for logout token encode 
Closes #40984

Signed-off-by: rmartinc <rmartinc@redhat.com>
 2025-07-09 10:50:05 +02:00
rmartinc
d62114e50e Do not add steps if feature disabled in default flows 
Allow login if a step is disabled even the authenticator is not enabled by profile
Closes #40954

Signed-off-by: rmartinc <rmartinc@redhat.com>
 2025-07-09 10:44:36 +02:00
dependabot[bot]
966aab5585
Bump @types/node from 24.0.10 to 24.0.12 in /js (#41016) 
Bumps [@types/node](https://github.com/DefinitelyTyped/DefinitelyTyped/tree/HEAD/types/node) from 24.0.10 to 24.0.12.
- [Release notes](https://github.com/DefinitelyTyped/DefinitelyTyped/releases)
- [Commits](https://github.com/DefinitelyTyped/DefinitelyTyped/commits/HEAD/types/node)

---
updated-dependencies:
- dependency-name: "@types/node"
  dependency-version: 24.0.12
  dependency-type: direct:development
  update-type: version-update:semver-patch
...

Signed-off-by: dependabot[bot] <support@github.com>
Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com>
 2025-07-09 08:00:32 +00:00
vramik
332c9b6e4a Fix NPE when accessing group concurrently 
Closes #40368

Signed-off-by: vramik <vramik@redhat.com>
 2025-07-08 16:13:54 -03:00
Ogen Bertrand
e92b825a14
[OID4VCI]: Add a unique notification_id generation to OID4VCIssuerEndpoint used in CredentialResponse. (#40229) 
closes #39284

Signed-off-by: Ogenbertrand <ogenbertrand@gmail.com>
 2025-07-08 19:57:31 +02:00
Alexander Schwartz
2e613dea27
Rework floating promises to avoid concurrency side effects 
Closes #40739

Signed-off-by: Alexander Schwartz <aschwart@redhat.com>
Signed-off-by: Alexander Schwartz <alexander.schwartz@gmx.net>
Co-authored-by: Jon Koops <jonkoops@gmail.com>
 2025-07-08 19:43:15 +02:00
dependabot[bot]
70f4acdf43
Bump vite from 7.0.0 to 7.0.2 in /js (#40953) 
Bumps [vite](https://github.com/vitejs/vite/tree/HEAD/packages/vite) from 7.0.0 to 7.0.2.
- [Release notes](https://github.com/vitejs/vite/releases)
- [Changelog](https://github.com/vitejs/vite/blob/main/packages/vite/CHANGELOG.md)
- [Commits](https://github.com/vitejs/vite/commits/v7.0.2/packages/vite)

---
updated-dependencies:
- dependency-name: vite
  dependency-version: 7.0.2
  dependency-type: direct:development
  update-type: version-update:semver-patch
...

Signed-off-by: dependabot[bot] <support@github.com>
Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com>
 2025-07-08 15:44:22 +00:00
dependabot[bot]
d3e4c88836
Bump i18next from 25.3.0 to 25.3.1 in /js (#40950) 
Bumps [i18next](https://github.com/i18next/i18next) from 25.3.0 to 25.3.1.
- [Release notes](https://github.com/i18next/i18next/releases)
- [Changelog](https://github.com/i18next/i18next/blob/master/CHANGELOG.md)
- [Commits](https://github.com/i18next/i18next/compare/v25.3.0...v25.3.1)

---
updated-dependencies:
- dependency-name: i18next
  dependency-version: 25.3.1
  dependency-type: direct:production
  update-type: version-update:semver-patch
...

Signed-off-by: dependabot[bot] <support@github.com>
Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com>
 2025-07-08 15:38:16 +00:00
dependabot[bot]
905e526c2d
Bump rollup from 4.44.1 to 4.44.2 in /js (#40951) 
Bumps [rollup](https://github.com/rollup/rollup) from 4.44.1 to 4.44.2.
- [Release notes](https://github.com/rollup/rollup/releases)
- [Changelog](https://github.com/rollup/rollup/blob/master/CHANGELOG.md)
- [Commits](https://github.com/rollup/rollup/compare/v4.44.1...v4.44.2)

---
updated-dependencies:
- dependency-name: rollup
  dependency-version: 4.44.2
  dependency-type: direct:development
  update-type: version-update:semver-patch
...

Signed-off-by: dependabot[bot] <support@github.com>
Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com>
 2025-07-08 16:46:54 +02:00
dependabot[bot]
1df6a60f46
Bump react-hook-form from 7.59.0 to 7.60.0 in /js (#40952) 
Bumps [react-hook-form](https://github.com/react-hook-form/react-hook-form) from 7.59.0 to 7.60.0.
- [Release notes](https://github.com/react-hook-form/react-hook-form/releases)
- [Changelog](https://github.com/react-hook-form/react-hook-form/blob/master/CHANGELOG.md)
- [Commits](https://github.com/react-hook-form/react-hook-form/compare/v7.59.0...v7.60.0)

---
updated-dependencies:
- dependency-name: react-hook-form
  dependency-version: 7.60.0
  dependency-type: direct:production
  update-type: version-update:semver-minor
...

Signed-off-by: dependabot[bot] <support@github.com>
Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com>
 2025-07-08 16:46:29 +02:00
dependabot[bot]
93501839f6
Bump typescript-eslint from 8.35.1 to 8.36.0 in /js (#40986) 
Bumps [typescript-eslint](https://github.com/typescript-eslint/typescript-eslint/tree/HEAD/packages/typescript-eslint) from 8.35.1 to 8.36.0.
- [Release notes](https://github.com/typescript-eslint/typescript-eslint/releases)
- [Changelog](https://github.com/typescript-eslint/typescript-eslint/blob/main/packages/typescript-eslint/CHANGELOG.md)
- [Commits](https://github.com/typescript-eslint/typescript-eslint/commits/v8.36.0/packages/typescript-eslint)

---
updated-dependencies:
- dependency-name: typescript-eslint
  dependency-version: 8.36.0
  dependency-type: direct:development
  update-type: version-update:semver-minor
...

Signed-off-by: dependabot[bot] <support@github.com>
Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com>
 2025-07-08 16:40:08 +02:00
dependabot[bot]
f974ead889
Bump vite-plugin-checker from 0.9.3 to 0.10.0 in /js (#40987) 
Bumps [vite-plugin-checker](https://github.com/fi3ework/vite-plugin-checker) from 0.9.3 to 0.10.0.
- [Release notes](https://github.com/fi3ework/vite-plugin-checker/releases)
- [Changelog](https://github.com/fi3ework/vite-plugin-checker/blob/main/CHANGELOG.md)
- [Commits](https://github.com/fi3ework/vite-plugin-checker/compare/vite-plugin-checker@0.9.3...vite-plugin-checker@0.10.0)

---
updated-dependencies:
- dependency-name: vite-plugin-checker
  dependency-version: 0.10.0
  dependency-type: direct:development
  update-type: version-update:semver-minor
...

Signed-off-by: dependabot[bot] <support@github.com>
Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com>
 2025-07-08 16:39:30 +02:00
rmartinc
70f0731b21 Make passkeys feature dependent on web_authn 
Closes #40975

Signed-off-by: rmartinc <rmartinc@redhat.com>
 2025-07-08 13:59:43 +02:00
Michal Hajas
aafcb60da8
Update MAINTAINERS.md (#40800) 
Signed-off-by: Michal Hajas <mhajas@redhat.com>
 2025-07-08 13:46:58 +02:00
Weblate (bot)
0e52770387
Translations update from Hosted Weblate (#40979) 
* Updated translation for Portuguese (Brazil)

Language: pt_BR

Updated translation for Portuguese (Brazil)

Language: pt_BR

Updated translation for Portuguese (Brazil)

Language: pt_BR

Updated translation for Portuguese (Brazil)

Language: pt_BR

Updated translation for Portuguese (Brazil)

Language: pt_BR

Co-authored-by: Felipe Zorzo <felipe.b.zorzo@gmail.com>
Co-authored-by: Hosted Weblate <hosted@weblate.org>
Signed-off-by: Felipe Zorzo <felipe.b.zorzo@gmail.com>
Signed-off-by: Hosted Weblate <hosted@weblate.org>

* Updated translation for Russian

Language: ru

Co-authored-by: Anton Petrov <petrov9810@gmail.com>
Co-authored-by: Hosted Weblate <hosted@weblate.org>
Signed-off-by: Anton Petrov <petrov9810@gmail.com>
Signed-off-by: Hosted Weblate <hosted@weblate.org>

* Updated translation for Romanian

Language: ro

Co-authored-by: Hosted Weblate <hosted@weblate.org>
Co-authored-by: Liviu Roman <contact@liviuroman.com>
Signed-off-by: Hosted Weblate <hosted@weblate.org>
Signed-off-by: Liviu Roman <contact@liviuroman.com>

* Updated translation for Japanese

Language: ja

Updated translation for Japanese

Language: ja

Updated translation for Japanese

Language: ja

Translated using Weblate (Japanese)

Translation: Keycloak/Theme base/admin
Translate-URL: https://hosted.weblate.org/projects/keycloak/theme-baseadmin/ja/

Updated translation for Japanese

Language: ja

Updated translation for Japanese

Language: ja

Updated translation for Japanese

Language: ja

Updated translation for Japanese

Language: ja

Updated translation for Japanese

Language: ja

Updated translation for Japanese

Language: ja

Updated translation for Japanese

Language: ja

Updated translation for Japanese

Language: ja

Updated translation for Japanese

Language: ja

Co-authored-by: Hosted Weblate <hosted@weblate.org>
Co-authored-by: Kohei Tamura <ktamura.biz.80@gmail.com>
Co-authored-by: Yoshiyuki Tabata <yoshiyuki.tabata.jy@hitachi.com>
Signed-off-by: Hosted Weblate <hosted@weblate.org>
Signed-off-by: Kohei Tamura <ktamura.biz.80@gmail.com>
Signed-off-by: Yoshiyuki Tabata <yoshiyuki.tabata.jy@hitachi.com>

* Updated translation for Dutch

Language: nl

Co-authored-by: Erik Jan de Wit <edewit@redhat.com>
Co-authored-by: Hosted Weblate <hosted@weblate.org>
Signed-off-by: Erik Jan de Wit <edewit@redhat.com>
Signed-off-by: Hosted Weblate <hosted@weblate.org>

* Updated translation for Spanish

Language: es

Co-authored-by: Hernan Lopez <hernan.lopez@gmail.com>
Co-authored-by: Hosted Weblate <hosted@weblate.org>
Signed-off-by: Hernan Lopez <hernan.lopez@gmail.com>
Signed-off-by: Hosted Weblate <hosted@weblate.org>

* Updated translation for French

Language: fr

Co-authored-by: Hosted Weblate <hosted@weblate.org>
Co-authored-by: Sylvain Pichon <service@spichon.fr>
Signed-off-by: Hosted Weblate <hosted@weblate.org>
Signed-off-by: Sylvain Pichon <service@spichon.fr>

* Update translation files

Updated by "Remove blank strings" hook in Weblate.

Updated translation for Georgian

Language: ka

Updated translation for Georgian

Language: ka

Updated translation for Georgian

Language: ka

Updated translation for Georgian

Language: ka

Co-authored-by: Hosted Weblate <hosted@weblate.org>
Co-authored-by: Temuri Doghonadze <temuri.doghonadze@gmail.com>
Signed-off-by: Hosted Weblate <hosted@weblate.org>
Signed-off-by: Temuri Doghonadze <temuri.doghonadze@gmail.com>

---------

Signed-off-by: Felipe Zorzo <felipe.b.zorzo@gmail.com>
Signed-off-by: Hosted Weblate <hosted@weblate.org>
Signed-off-by: Anton Petrov <petrov9810@gmail.com>
Signed-off-by: Liviu Roman <contact@liviuroman.com>
Signed-off-by: Kohei Tamura <ktamura.biz.80@gmail.com>
Signed-off-by: Yoshiyuki Tabata <yoshiyuki.tabata.jy@hitachi.com>
Signed-off-by: Erik Jan de Wit <edewit@redhat.com>
Signed-off-by: Hernan Lopez <hernan.lopez@gmail.com>
Signed-off-by: Sylvain Pichon <service@spichon.fr>
Signed-off-by: Temuri Doghonadze <temuri.doghonadze@gmail.com>
Co-authored-by: Felipe Zorzo <felipe.b.zorzo@gmail.com>
Co-authored-by: Anton Petrov <petrov9810@gmail.com>
Co-authored-by: Liviu Roman <contact@liviuroman.com>
Co-authored-by: Kohei Tamura <ktamura.biz.80@gmail.com>
Co-authored-by: Yoshiyuki Tabata <yoshiyuki.tabata.jy@hitachi.com>
Co-authored-by: Erik Jan de Wit <edewit@redhat.com>
Co-authored-by: Hernan Lopez <hernan.lopez@gmail.com>
Co-authored-by: Sylvain Pichon <service@spichon.fr>
Co-authored-by: Temuri Doghonadze <temuri.doghonadze@gmail.com>
 2025-07-08 09:58:52 +02:00
Ryan Emerson
f0c623598e
Run clustering compatibility tests on release/x.y branches 
Closes #39966

Signed-off-by: Ryan Emerson <remerson@redhat.com>
 2025-07-07 21:08:11 +02:00
Pedro Ruivo
9322d71d61
UserSession Offline removed from DB if not in cache 
Fixes #40754

Signed-off-by: Pedro Ruivo <pruivo@redhat.com>
Signed-off-by: Alexander Schwartz <alexander.schwartz@gmx.net>
Co-authored-by: Alexander Schwartz <alexander.schwartz@gmx.net>
 2025-07-07 20:52:06 +02:00
Alexis Rico
c834e7473c
Fix typo in consent scope) 
* Deprecate `displayTest`

Closes #40786

Signed-off-by: Alexis Rico <sferadev@gmail.com>
Signed-off-by: Alexander Schwartz <aschwart@redhat.com>
Co-authored-by: Alexander Schwartz <aschwart@redhat.com>
 2025-07-07 16:38:47 +00:00
Steven Hawkins
d74e71e5ed
fix: streamlining the client scope update (#40808) 
closes: #40805

Signed-off-by: Steve Hawkins <shawkins@redhat.com>
 2025-07-07 17:57:39 +02:00
Alexander Schwartz
0077b27c1f
Update documentation when no rolling update is performed 
Closes #40962

Signed-off-by: Alexander Schwartz <aschwart@redhat.com>
 2025-07-07 17:50:02 +02:00
Steven Hawkins
193ab471c1
fix: correcting to use the X-Forwarded-Proto header (#40905) 
close: #40903

Signed-off-by: Steve Hawkins <shawkins@redhat.com>
 2025-07-07 17:07:47 +02:00
vramik
114afee7f1 Use MgmtPermissionsV2 by default 
Closes #40192

Signed-off-by: vramik <vramik@redhat.com>
 2025-07-07 11:07:21 -03:00
Steven Hawkins
eba4934950
fix: correcting spi-theme options 
closes: #40930

Signed-off-by: Steve Hawkins <shawkins@redhat.com>
 2025-07-07 13:18:24 +00:00
forkimenjeckayang
2aca97bd19
Remove interval property from Credential Offer (#40412) 
Closes #39294

Signed-off-by: forkimenjeckayang <forkimenjeckayang@gmail.com>
 2025-07-07 13:55:39 +02:00
forkimenjeckayang
178b893492
Always Return Array of Credentilas for Credential Responses (#40409) 
Closes #39283

Signed-off-by: forkimenjeckayang <forkimenjeckayang@gmail.com>


Co-authored-by: Francis Pouatcha <francis.pouatcha@adorsys.com>
 2025-07-07 13:53:28 +02:00
Ryan Emerson
eb7ce6ae15
Provide CLI Parameters for jgroups.* options 
Closes #40481

Signed-off-by: Ryan Emerson <remerson@redhat.com>
 2025-07-07 13:07:45 +02:00
mkrueger92
b70342dda7 Fix NPE when client is not set in context during token encoding 
This commit fixes an issue throwing an NPE when trying to encode a token without having a client set in the session context. In other places in this class (like getSignatureAlgorithm(String)) this is checked. But in the type(TokenCategory) it was forgotten to check.
 2025-07-07 13:01:25 +02:00
Alexander Schwartz
05d0c34681
Automatically connect to a writer instance of PostgreSQL (#40384) 
Closes #40383

Signed-off-by: Alexander Schwartz <alexander.schwartz@gmx.net>
Co-authored-by: Václav Muzikář <vaclav@muzikari.cz>
Co-authored-by: Martin Bartoš <mabartos@redhat.com>
 2025-07-04 16:46:49 +02:00
mposolda
47ca339656 More secure call of Facebook debug token 
closes #40926

Signed-off-by: mposolda <mposolda@gmail.com>
 2025-07-04 14:44:56 +02:00
Ryan Emerson
f8f561a435
Check cluster is correctly formed in ClusteredKeycloakServer 
Closes #40858

Signed-off-by: Ryan Emerson <remerson@redhat.com>
Co-authored-by: Pedro Ruivo <pruivo@users.noreply.github.com>
 2025-07-04 09:12:51 +00:00
Steven Hawkins
919838089f
fix: detecting when we can set the serviceName (#40894) 
closes: #40890

Signed-off-by: Steve Hawkins <shawkins@redhat.com>
 2025-07-04 09:03:42 +02:00
Barathwaja S
81a7f38a76 Added emailVerified filtering for users endpoint; updated user count endpoint with logic to support enabled, emailVerified, idpAlias, idpUserId, and exact field query parameters 
Closes #38556
Closes #29295

Signed-off-by: Barathwaja S <sbarathwaj4@gmail.com>
 2025-07-03 17:05:36 -03:00
Jon Koops
89af7fe56d
Remove myself from the Dutch language maintainers (#40893) 
Signed-off-by: Jon Koops <jonkoops@gmail.com>
 2025-07-03 21:24:33 +02:00
Michael-AT-Corporation
ff9e7c2371 Added new searchByAttributes function to UsersResource with the exact parameter 
Closes #39609

Signed-off-by: Michael-AT-Corporation <michael-hu@ooutlook.de>
 2025-07-03 13:51:46 -03:00
Mircea Talu
c315762883
Allow host:port syntax for --debug in kc.sh (#39924) 
* Allow host:port syntax for --debug in kc.sh

Loosen the --debug argument parsing in kc.sh to accept full host:port
addresses (e.g. 0.0.0.0:8787 or *:8787) in addition to plain port
numbers. This enables JDWP to bind to all container interfaces when
running Keycloak in Docker, without requiring manual JAVA_OPTS overrides
or script edits.

Closes #38924

Signed-off-by: mircea.talu <talumircea13@gmail.com>

* Handle IPv6 address in --debug parameter in kc.sh

Signed-off-by: mircea.talu <talumircea13@gmail.com>

* Handle both bare and bracketed IPv6 addresses in kc.sh --debug parameter

Signed-off-by: mircea.talu <talumircea13@gmail.com>

* Handle corner cases in kc.sh --debug parameter IPv6 address handling

Signed-off-by: mircea.talu <talumircea13@gmail.com>

* Simplify kc.sh --debug parameter parsing, assume bracketed IPv6 addresses

Signed-off-by: mircea.talu <talumircea13@gmail.com>

* Remove final else case to avoid consuming following parameters

Signed-off-by: mircea.talu <talumircea13@gmail.com>

* Standardize indentation in kc.bat script

Signed-off-by: mircea.talu <talumircea13@gmail.com>

* Allow host:port syntax for --debug in kc.bat

Signed-off-by: mircea.talu <talumircea13@gmail.com>

* Add documentation for host:port usage in --debug parameter

Signed-off-by: mircea.talu <talumircea13@gmail.com>

---------

Signed-off-by: mircea.talu <talumircea13@gmail.com>
Co-authored-by: Martin Bartoš <mabartos@redhat.com>
 2025-07-03 12:34:17 -04:00
mposolda
c52edc853d Verification of external OIDC token by introspection-endpoint. Adding ExternalInternalTokenExchangeV2Test 
closes #40167
closes #40198

Signed-off-by: mposolda <mposolda@gmail.com>
 2025-07-03 16:23:13 +02:00
Weblate (bot)
7fd37690c4
Updated translation for Japanese (#40801) 
Language: ja

Updated translation for Japanese

Language: ja

Updated translation for Japanese

Language: ja

Updated translation for Japanese

Language: ja

Signed-off-by: Hosted Weblate <hosted@weblate.org>
Signed-off-by: Kohei Tamura <ktamura.biz.80@gmail.com>
Co-authored-by: Kohei Tamura <ktamura.biz.80@gmail.com>
 2025-07-02 21:15:27 +02:00
Ryan Emerson
7eef7697e6
Upgrade to Infinispan 15.0.16.Final 
Closes #40851

Signed-off-by: Ryan Emerson <remerson@redhat.com>
 2025-07-02 17:53:10 +02:00
rmartinc
6535ae687e Only include new fields for key generation if not useFile 
Closes #40860

Signed-off-by: rmartinc <rmartinc@redhat.com>
 2025-07-02 15:37:44 +02:00
dependabot[bot]
5937b28efa
Bump @eslint/js from 9.30.0 to 9.30.1 in /js (#40848) 
Bumps [@eslint/js](https://github.com/eslint/eslint/tree/HEAD/packages/js) from 9.30.0 to 9.30.1.
- [Release notes](https://github.com/eslint/eslint/releases)
- [Changelog](https://github.com/eslint/eslint/blob/main/CHANGELOG.md)
- [Commits](https://github.com/eslint/eslint/commits/v9.30.1/packages/js)

---
updated-dependencies:
- dependency-name: "@eslint/js"
  dependency-version: 9.30.1
  dependency-type: direct:development
  update-type: version-update:semver-patch
...

Signed-off-by: dependabot[bot] <support@github.com>
Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com>
 2025-07-02 08:46:14 -04:00
dependabot[bot]
dbaf529f79
Bump eslint from 9.30.0 to 9.30.1 in /js (#40847) 
Bumps [eslint](https://github.com/eslint/eslint) from 9.30.0 to 9.30.1.
- [Release notes](https://github.com/eslint/eslint/releases)
- [Changelog](https://github.com/eslint/eslint/blob/main/CHANGELOG.md)
- [Commits](https://github.com/eslint/eslint/compare/v9.30.0...v9.30.1)

---
updated-dependencies:
- dependency-name: eslint
  dependency-version: 9.30.1
  dependency-type: direct:development
  update-type: version-update:semver-patch
...

Signed-off-by: dependabot[bot] <support@github.com>
Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com>
 2025-07-02 08:45:51 -04:00
dependabot[bot]
8ceb935b9a
Bump @faker-js/faker from 9.8.0 to 9.9.0 in /js (#40846) 
Bumps [@faker-js/faker](https://github.com/faker-js/faker) from 9.8.0 to 9.9.0.
- [Release notes](https://github.com/faker-js/faker/releases)
- [Changelog](https://github.com/faker-js/faker/blob/next/CHANGELOG.md)
- [Commits](https://github.com/faker-js/faker/compare/v9.8.0...v9.9.0)

---
updated-dependencies:
- dependency-name: "@faker-js/faker"
  dependency-version: 9.9.0
  dependency-type: direct:development
  update-type: version-update:semver-minor
...

Signed-off-by: dependabot[bot] <support@github.com>
Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com>
 2025-07-02 08:02:13 -04:00
dependabot[bot]
d0dddf239c
Bump @types/node from 24.0.8 to 24.0.10 in /js (#40845) 
Bumps [@types/node](https://github.com/DefinitelyTyped/DefinitelyTyped/tree/HEAD/types/node) from 24.0.8 to 24.0.10.
- [Release notes](https://github.com/DefinitelyTyped/DefinitelyTyped/releases)
- [Commits](https://github.com/DefinitelyTyped/DefinitelyTyped/commits/HEAD/types/node)

---
updated-dependencies:
- dependency-name: "@types/node"
  dependency-version: 24.0.10
  dependency-type: direct:development
  update-type: version-update:semver-patch
...

Signed-off-by: dependabot[bot] <support@github.com>
Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com>
 2025-07-02 08:01:48 -04:00
dependabot[bot]
83fd565b13
Bump typescript-eslint from 8.35.0 to 8.35.1 in /js (#40816) 
Bumps [typescript-eslint](https://github.com/typescript-eslint/typescript-eslint/tree/HEAD/packages/typescript-eslint) from 8.35.0 to 8.35.1.
- [Release notes](https://github.com/typescript-eslint/typescript-eslint/releases)
- [Changelog](https://github.com/typescript-eslint/typescript-eslint/blob/main/packages/typescript-eslint/CHANGELOG.md)
- [Commits](https://github.com/typescript-eslint/typescript-eslint/commits/v8.35.1/packages/typescript-eslint)

---
updated-dependencies:
- dependency-name: typescript-eslint
  dependency-version: 8.35.1
  dependency-type: direct:development
  update-type: version-update:semver-patch
...

Signed-off-by: dependabot[bot] <support@github.com>
Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com>
 2025-07-02 08:01:14 -04:00
Martin Bartoš
b8ce83772b
Mark options for additional datasources as preview (#40839) 
* Mark options for additional datasources as preview

Closes #40838

Signed-off-by: Martin Bartoš <mabartos@redhat.com>

* Update docs/documentation/upgrading/topics/changes/changes-26_3_1.adoc

Co-authored-by: Václav Muzikář <vaclav@muzikari.cz>
Signed-off-by: Martin Bartoš <mabartos@redhat.com>

---------

Signed-off-by: Martin Bartoš <mabartos@redhat.com>
Co-authored-by: Václav Muzikář <vaclav@muzikari.cz>
 2025-07-02 10:46:45 +00:00
Steven Hawkins
9dff965e9b
fix: consolidating profile logic and refactoring Picocli (#38514) 
moves more logic onto the commands

closes: #38581

Signed-off-by: Steve Hawkins <shawkins@redhat.com>
 2025-07-02 11:45:31 +02:00
Steven Hawkins
3760e726cd
fix: map just logging env wildcards to . (#40834) 
* fix: map just logging env wildcards to .

closes: #40833

Signed-off-by: Steve Hawkins <shawkins@redhat.com>

* updates based upon review comments

Signed-off-by: Steve Hawkins <shawkins@redhat.com>

---------

Signed-off-by: Steve Hawkins <shawkins@redhat.com>
 2025-07-02 10:06:29 +02:00
dependabot[bot]
877b9968a1
Bump i18next from 25.2.1 to 25.3.0 in /js (#40815) 
Bumps [i18next](https://github.com/i18next/i18next) from 25.2.1 to 25.3.0.
- [Release notes](https://github.com/i18next/i18next/releases)
- [Changelog](https://github.com/i18next/i18next/blob/master/CHANGELOG.md)
- [Commits](https://github.com/i18next/i18next/compare/v25.2.1...v25.3.0)

---
updated-dependencies:
- dependency-name: i18next
  dependency-version: 25.3.0
  dependency-type: direct:production
  update-type: version-update:semver-minor
...

Signed-off-by: dependabot[bot] <support@github.com>
Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com>
 2025-07-01 14:11:09 -04:00
dependabot[bot]
b8832db63a
Bump @types/dagre from 0.7.52 to 0.7.53 in /js (#40814) 
Bumps [@types/dagre](https://github.com/DefinitelyTyped/DefinitelyTyped/tree/HEAD/types/dagre) from 0.7.52 to 0.7.53.
- [Release notes](https://github.com/DefinitelyTyped/DefinitelyTyped/releases)
- [Commits](https://github.com/DefinitelyTyped/DefinitelyTyped/commits/HEAD/types/dagre)

---
updated-dependencies:
- dependency-name: "@types/dagre"
  dependency-version: 0.7.53
  dependency-type: direct:development
  update-type: version-update:semver-patch
...

Signed-off-by: dependabot[bot] <support@github.com>
Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com>
 2025-07-01 14:10:43 -04:00
dependabot[bot]
ed4559c786
Bump @types/node from 24.0.4 to 24.0.8 in /js (#40813) 
Bumps [@types/node](https://github.com/DefinitelyTyped/DefinitelyTyped/tree/HEAD/types/node) from 24.0.4 to 24.0.8.
- [Release notes](https://github.com/DefinitelyTyped/DefinitelyTyped/releases)
- [Commits](https://github.com/DefinitelyTyped/DefinitelyTyped/commits/HEAD/types/node)

---
updated-dependencies:
- dependency-name: "@types/node"
  dependency-version: 24.0.8
  dependency-type: direct:development
  update-type: version-update:semver-patch
...

Signed-off-by: dependabot[bot] <support@github.com>
Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com>
 2025-07-01 14:10:17 -04:00
dependabot[bot]
48c050cbc3
Bump tar-fs from 3.0.10 to 3.1.0 in /js (#40812) 
Bumps [tar-fs](https://github.com/mafintosh/tar-fs) from 3.0.10 to 3.1.0.
- [Commits](https://github.com/mafintosh/tar-fs/compare/v3.0.10...v3.1.0)

---
updated-dependencies:
- dependency-name: tar-fs
  dependency-version: 3.1.0
  dependency-type: direct:production
  update-type: version-update:semver-minor
...

Signed-off-by: dependabot[bot] <support@github.com>
Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com>
 2025-07-01 10:47:41 -04:00
dependabot[bot]
c6b9a6543a
Bump @playwright/test from 1.53.1 to 1.53.2 in /js (#40810) 
Bumps [@playwright/test](https://github.com/microsoft/playwright) from 1.53.1 to 1.53.2.
- [Release notes](https://github.com/microsoft/playwright/releases)
- [Commits](https://github.com/microsoft/playwright/compare/v1.53.1...v1.53.2)

---
updated-dependencies:
- dependency-name: "@playwright/test"
  dependency-version: 1.53.2
  dependency-type: direct:development
  update-type: version-update:semver-patch
...

Signed-off-by: dependabot[bot] <support@github.com>
Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com>
 2025-07-01 10:47:13 -04:00
dependabot[bot]
57d53ec584
Bump eslint from 9.29.0 to 9.30.0 in /js (#40780) 
---
updated-dependencies:
- dependency-name: eslint
  dependency-version: 9.30.0
  dependency-type: direct:development
  update-type: version-update:semver-minor
...

Signed-off-by: dependabot[bot] <support@github.com>
Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com>
 2025-07-01 10:46:34 -04:00
Martin Bartoš
41dcad59f6
test: Provide test cases for datasources ENV vars handling (#40760) 
Signed-off-by: Martin Bartoš <mabartos@redhat.com>
 2025-07-01 15:34:26 +02:00
Giuseppe Graziano
886c592422 Verification of external GitHub token via "check token" endpoint 
Closes #40164

Signed-off-by: Giuseppe Graziano <g.graziano94@gmail.com>
 2025-07-01 15:03:49 +02:00
mposolda
daba8ad53f Improve javadoc for admin-client methods with injecting own resteasyClient 
closes #40231

Signed-off-by: mposolda <mposolda@gmail.com>
 2025-07-01 14:53:28 +02:00
Pedro Igor
2a9f4336c3
Updating upgrading guide about changes in user-profile-commons.ftl template 
Closes #39562

Signed-off-by: Pedro Igor <pigor.craveiro@gmail.com>
 2025-07-01 13:11:23 +02:00
Steven Hawkins
c9f38d36a9
fix: reducing memory footprint for cached entries 
closes: #35932

Signed-off-by: Steve Hawkins <shawkins@redhat.com>
 2025-06-30 18:18:29 +00:00
Alexis Rico
9aab6ac73e
Add Xata to ADOPTERS.md (#40802) 
Signed-off-by: Alexis Rico <me@sferadev.com>
 2025-06-30 19:32:32 +02:00
Martin Bartoš
664827de98
Unable to configure TLS reloading in Keycloak version 26.2.0 or later (#40790) 
Closes #40713

Signed-off-by: Martin Bartoš <mabartos@redhat.com>
Co-authored-by: Steve Hawkins <shawkins@redhat.com>
 2025-06-30 18:58:03 +02:00
6330 changed files with 194231 additions and 71062 deletions
Show Stats Expand all files Collapse all files

1
.editorconfig
View File

@ -10,3 +10,4 @@ insert_final_newline = true
ij_java_use_single_class_imports = true
ij_java_class_count_to_use_import_on_demand = 999
ij_java_names_count_to_use_import_on_demand = 999
ij_java_imports_layout = java.**,javax.**,|,jakarta.**,|,org.keycloak.**,|,*,|,$jakarta.**,$java.**,javax.**,|,$org.keycloak.**,|,$*

11
.github/CODEOWNERS vendored
View File

@ -40,6 +40,7 @@
/docs/guides/server/ @keycloak/cloud-native-maintainers @keycloak/maintainers
/docs/guides/operator/ @keycloak/cloud-native-maintainers @keycloak/maintainers
/integration/client-cli/admin-cli/ @keycloak/cloud-native-maintainers @keycloak/maintainers
/rest/admin-v2/ @keycloak/cloud-native-maintainers @keycloak/maintainers
###################################################################################################
# UI (@keycloak/ui-maintainers)
@ -50,3 +51,13 @@
/js/**/messages_*.properties @keycloak/ui-maintainers @keycloak/maintainers
/adapters/oidc/js/ @keycloak/ui-maintainers @keycloak/maintainers
/rest/admin-ui-ext/ @keycloak/ui-maintainers @keycloak/maintainers
###################################################################################################
# SRE (@keycloak/sre-maintainers)
###################################################################################################
/model/infinispan/ @keycloak/sre-maintainers @keycloak/maintainers
/tests/clustering/ @keycloak/sre-maintainers @keycloak/maintainers
/test-framework/clustering/ @keycloak/sre-maintainers @keycloak/maintainers
/docs/guides/high-availability/ @keycloak/sre-maintainers @keycloak/maintainers
/docs/guides/observability/ @keycloak/sre-maintainers @keycloak/maintainers

2
.github/ISSUE_TEMPLATE/bug.yml vendored
View File

@ -1,6 +1,7 @@
name: Bug Report
description: Report a non-security sensitive bug in Keycloak
labels: ["kind/bug", "status/triage"]
type: bug
body:
- type: checkboxes
attributes:
@ -48,6 +49,7 @@ body:
- infinispan
- ldap
- login/ui
- observability
- oidc
- oid4vc
- operator

39
.github/ISSUE_TEMPLATE/enhancement.yml vendored
View File

@ -1,12 +1,34 @@
name: Enhancement Request
description: Request an enhancement to an existing feature
labels: ["kind/enhancement", "status/triage"]
type: enhancement
body:
- type: textarea
id: description
attributes:
label: Description
description: Describe the enhancement at a high-level.
description: Describe the enhancement at a high-level
validations:
required: true
- type: textarea
id: value_proposition
attributes:
label: Value Proposition
description: Describe what value the enhancement brings
validations:
required: true
- type: textarea
id: goals
attributes:
label: Goals
description: Describe what the enhancement should provide
validations:
required: true
- type: textarea
id: non_goals
attributes:
label: Non-Goals
description: Describe what the enhancement should not provide, or is out of scope
validations:
required: true
- type: input
@ -16,20 +38,13 @@ body:
description: |
If there has been a discussion around the enhancement, provide a link to the discussion.
Please note that larger enhancements should be discussed through [GitHub Discussion](https://github.com/keycloak/keycloak/discussions/categories/ideas).
Please note that all, except small requests, should be discussed through [GitHub Discussion](https://github.com/keycloak/keycloak/discussions/categories/ideas).
validations:
required: false
- type: textarea
id: motivation
id: notes
attributes:
label: Motivation
description: Describe why the feature should be added.
validations:
required: false
- type: textarea
id: details
attributes:
label: Details
description: More details? Implementation ideas? Anything that will give us more context about the enhancement you are proposing!
label: Notes
description: Design ideas? Implementation ideas? Anything that will give us more context about the enhancement you are proposing!
validations:
required: false

36
.github/ISSUE_TEMPLATE/epic.yml vendored
View File

@ -1,36 +0,0 @@
name: Epic
description: A large feature that is broken down into multiple linked issues.
labels: ["kind/epic", "status/triage"]
body:
- type: textarea
id: description
attributes:
label: Description
description: Describe the feature at a high-level.
validations:
required: true
- type: input
id: discussion
attributes:
label: Discussion
description: |
Provide a link to the GitHub Discussion for the feature.
validations:
required: true
- type: textarea
id: issues
attributes:
label: Issues
description: List the issues related to this epic.
placeholder: |
- #1
- #2
validations:
required: false
- type: textarea
id: motivation
attributes:
label: Motivation
description: Provide a brief explanation of why the feature should be added.
validations:
required: false

35
.github/ISSUE_TEMPLATE/feature.yml vendored
View File

@ -1,12 +1,34 @@
name: Feature Request
description: Request a new feature to be added to Keycloak
labels: ["kind/feature", "status/triage"]
type: feature
body:
- type: textarea
id: description
attributes:
label: Description
description: Describe the feature at a high-level.
description: Describe the feature at a high-level
validations:
required: true
- type: textarea
id: value_proposition
attributes:
label: Value Proposition
description: Describe what value the feature brings
validations:
required: true
- type: textarea
id: goals
attributes:
label: Goals
description: Describe what capabilities the feature should provide
validations:
required: true
- type: textarea
id: non_goals
attributes:
label: Non-Goals
description: Describe capabilities the feature should not provide, or is out of scope
validations:
required: true
- type: input
@ -20,16 +42,9 @@ body:
validations:
required: false
- type: textarea
id: motivation
id: notes
attributes:
label: Motivation
description: Describe why the feature should be added.
validations:
required: false
- type: textarea
id: details
attributes:
label: Details
label: Notes
description: Design ideas? Implementation ideas? Anything that will give us more context about the feature you are proposing!
validations:
required: false

33
.github/ISSUE_TEMPLATE/milestone.yml vendored Normal file
View File

@ -0,0 +1,33 @@
name: Milestone
description: Milestones are used to break up larger features
labels: ["kind/milestone", "status/triage"]
type: milestone
body:
- type: textarea
id: description
attributes:
label: Description
description: Describe the milestone at a high-level
validations:
required: true
- type: textarea
id: goals
attributes:
label: Goals
description: Describe what capabilities the milestone should provide
validations:
required: true
- type: textarea
id: non_goals
attributes:
label: Non-Goals
description: Describe capabilities the milestone should not provide, or is out of scope
validations:
required: true
- type: textarea
id: notes
attributes:
label: Notes
description: Design ideas? Implementation ideas? Anything that will give us more about the milestone
validations:
required: false

1
.github/ISSUE_TEMPLATE/task.yml vendored
View File

@ -1,6 +1,7 @@
name: Task
description: Any tasks that are not directly adding a new feature, enhancement or fixing a bug
labels: ["kind/task"]
type: task
body:
- type: textarea
id: description

46
.github/actions/archive-surefire-reports/action.yml vendored
View File

@ -1,46 +0,0 @@
name: Archive Surefire reports
description: It will upload and archive surefire reports per particular test run.
inputs:
job-id:
description: 'Id of the particular job run.'
required: true
release-branches:
description: 'List of all related release branches (in JSON format)'
required: false
default: '["refs/heads/release/22.0","refs/heads/release/24.0","refs/heads/release/26.0"]'
keep-days:
description: 'For how many days to store the particular artifact.'
required: false
default: 1
runs:
using: composite
steps:
- id: find-surefire-reports-linux
name: Find Surefire reports directories
if: runner.os == 'Linux'
shell: bash
run: |
echo "dirs<<EOF" >> $GITHUB_OUTPUT
echo "$(find ~+ -type d -not -empty -name surefire-reports*)" >> $GITHUB_OUTPUT
echo "EOF" >> $GITHUB_OUTPUT
- id: find-surefire-reports-win
name: Find Surefire reports directories
if: runner.os == 'Windows'
shell: bash
run: |
echo "dirs<<EOF" >> $GITHUB_OUTPUT
echo "$(find ~+ -type d -not -empty -name surefire-reports* | sed 's@/d@D:@')" >> $GITHUB_OUTPUT
echo "EOF" >> $GITHUB_OUTPUT
- id: upload-surefire-linux
name: Upload Surefire reports
if: (!cancelled() && contains(fromJSON(inputs.release-branches), github.ref) && contains(fromJSON('["push", "workflow_dispatch"]'), github.event_name))
uses: actions/upload-artifact@ea165f8d65b6e75b540449e92b4886f43607fa02 # v4.6.2
with:
name: surefire-${{ inputs.job-id }}
path: |
${{ steps.find-surefire-reports-linux.outputs.dirs }}
${{ steps.find-surefire-reports-win.outputs.dirs }}
retention-days: ${{ inputs.keep-days }}

102
.github/actions/azure-create-database/action.yml vendored Normal file
View File

@ -0,0 +1,102 @@
name: Create Azure SQL Database
description: Create Azure SQL Database
inputs:
name:
description: 'The name prefix for the Azure SQL resources'
required: true
region:
description: 'The Azure region used to host the SQL server'
required: true
admin-user:
description: 'The admin username for the SQL server'
required: false
default: 'sqladmin'
db-user:
description: 'The db username for the Keycloak DB'
required: false
default: 'keycloak'
admin-password:
description: 'Override admin password (auto-generated if not provided)'
required: false
db-password:
description: 'Override DB password (auto-generated if not provided)'
required: false
subscription:
description: 'Azure subscription ID'
required: true
outputs:
endpoint:
description: 'The Endpoint URL for SQL clients to connect to'
value: ${{ steps.create.outputs.endpoint }}
db:
description: 'Database name'
value: ${{ steps.create.outputs.db }}
username:
description: 'DB user principal'
value: ${{ steps.create.outputs.username }}
runs:
using: "composite"
steps:
- name: Generate secure passwords
id: generate-passwords
shell: bash
run: |
# Generate passwords using OpenSSL
generate_password() {
openssl rand -base64 48 | tr -d '\n/' | head -c 32
}
# Use provided passwords or generate random ones
if [[ -n "${{ inputs.admin-password }}" ]]; then
ADMIN_PASSWORD="${{ inputs.admin-password }}"
echo "INFO: Using provided admin password"
else
ADMIN_PASSWORD=$(generate_password)
echo "INFO: Using generated admin password"
fi
if [[ -n "${{ inputs.db-password }}" ]]; then
DB_PASSWORD="${{ inputs.db-password }}"
echo "INFO: Using provided DB password"
else
DB_PASSWORD=$(generate_password)
echo "INFO: Using generated DB password"
fi
# Mask passwords
echo "::add-mask::$ADMIN_PASSWORD"
echo "::add-mask::$DB_PASSWORD"
# Export to environment for subsequent steps
{
echo "AZURE_ADMIN_PASSWORD=$ADMIN_PASSWORD"
echo "AZURE_DB_PASSWORD=$DB_PASSWORD"
} >> $GITHUB_ENV
- name: Install sqlcmd (mssql-tools)
shell: bash
run: |
sudo apt-get update
sudo ACCEPT_EULA=Y apt-get install -y curl apt-transport-https gnupg
curl https://packages.microsoft.com/keys/microsoft.asc | sudo apt-key add -
curl https://packages.microsoft.com/config/ubuntu/22.04/prod.list | sudo tee /etc/apt/sources.list.d/msprod.list
sudo apt-get update
sudo ACCEPT_EULA=Y apt-get install -y mssql-tools unixodbc-dev
echo "/opt/mssql-tools/bin" >> $GITHUB_PATH
- id: create
shell: bash
run: |
./azure_create_sql.sh
working-directory: .github/scripts/azure/sql
env:
AZURE_NAME: ${{ inputs.name }}
AZURE_REGION: ${{ inputs.region }}
AZURE_SUBSCRIPTION: ${{ inputs.subscription }}
AZURE_ADMIN_PASSWORD: ${{ env.AZURE_ADMIN_PASSWORD }}
AZURE_ADMIN_USER: ${{ inputs.admin-user }}
AZURE_DB_PASSWORD: ${{ env.AZURE_DB_PASSWORD }}
AZURE_DB_USER: ${{ inputs.db-user }}

6
.github/actions/conditional/action.yml vendored
View File

@ -34,6 +34,9 @@ outputs:
codeql-javascript:
description: Should "codeql-analysis.yml / javascript" execute
value: ${{ steps.changes.outputs.codeql-javascript }}
codeql-actions:
description: Should "codeql-analysis.yml / GitHub Actions" execute
value: ${{ steps.changes.outputs.codeql-actions }}
codeql-typescript:
description: Should "codeql-analysis.yml / typescript" execute
value: ${{ steps.changes.outputs.codeql-typescript }}
@ -46,6 +49,9 @@ outputs:
sssd:
description: Should "sssd.yml" execute
value: ${{ steps.changes.outputs.sssd }}
admin-v2:
description: Should Admin v2 tests execute
value: ${{ steps.changes.outputs.admin-v2 }}
runs:
using: composite

8
.github/actions/conditional/conditions vendored
View File

@ -11,9 +11,13 @@
.github/workflows/ci.yml ci ci-quarkus ci-store ci-sssd ci-webauthn
.github/workflows/operator-ci.yml operator
.github/workflows/js-ci.yml js
.github/workflows/codeql-analysis.yml codeql-java codeql-javascript codeql-typescript
.github/workflows/codeql-analysis.yml codeql-java codeql-javascript codeql-typescript codeql-actions
.github/codeql/codeql-config-javascript.yml codeql-javascript
.github/codeql/codeql-config-typescript.yml codeql-typescript
.github/workflows/guides.yml guides
.github/workflows/documentation.yml documentation
.github/workflows/*.yml codeql-actions
.github/actions/**/*.yml codeql-actions
.mvn/ ci ci-quarkus ci-store ci-sssd ci-webauthn operator js codeql-java codeql-javascript codeql-typescript guides documentation
mvnw ci ci-quarkus ci-store ci-sssd ci-webauthn operator js codeql-java codeql-javascript codeql-typescript guides documentation
@ -55,3 +59,5 @@ js/libs/ui-shared/ ci ci-webauthn
*.tsx codeql-typescript
testsuite::database-suite ci-store
rest/admin-v2/ admin-v2

36
.github/actions/corepack-setup/action.yml vendored Normal file
View File

@ -0,0 +1,36 @@
name: Setup Corepack
description: Sets up and caches the Corepack tools to speed up the build.
runs:
using: composite
steps:
- name: Enable Corepack
shell: bash
run: corepack enable
- id: cache-key
name: Generate key for tools cache
shell: bash
working-directory: js
run: echo "key=corepack-tools-$(jq -r '.packageManager' package.json)" >> $GITHUB_OUTPUT
- uses: actions/cache@5a3ec84eff668545956fd18022155c47e93e2684 # v4.2.3
id: cache
name: Cache Corepack tools
with:
# See: https://github.com/nodejs/corepack?tab=readme-ov-file#offline-workflow
path: ./js/corepack.tgz
key: ${{ runner.os }}-${{ steps.cache-key.outputs.key }}
- name: Install Corepack tools from cache
if: steps.cache.outputs.cache-hit == 'true'
shell: bash
working-directory: js
run: corepack install -g --cache-only ./corepack.tgz
- name: Package Corepack tools
if: steps.cache.outputs.cache-hit != 'true'
shell: bash
working-directory: js
run: corepack pack

13
.github/actions/maven-cache/action.yml vendored
View File

@ -3,7 +3,7 @@ description: Caches Maven artifacts
inputs:
create-cache-if-it-doesnt-exist:
description: >
description: >
Only those callers which fill the cache with the right contents should set this to true to avoid creating a cache
which contains too few or too many entries.
required: false
@ -24,10 +24,14 @@ runs:
with:
# Two asterisks are needed to make the follow-up exclusion work
# see https://github.com/actions/toolkit/issues/713 for the upstream issue
#
# Hybrid cache strategy: Use an OS-specific key for writing, but allow fallback to a cross-OS cache for reading.
path: |
~/.m2/repository/*/*
!~/.m2/repository/org/keycloak
key: ${{ steps.weekly-cache-key.outputs.key }}
key: mvn-${{ runner.os }}-${{ steps.weekly-cache-key.outputs.key }}
restore-keys: |
mvn--${{ steps.weekly-cache-key.outputs.key }}
# Enable cross-os archive use the cache on both Linux and Windows
enableCrossOsArchive: true
@ -37,10 +41,13 @@ runs:
if: inputs.create-cache-if-it-doesnt-exist == 'false'
with:
# This needs to repeat the same path pattern as above to find the matching cache
# Hybrid cache strategy used again
path: |
~/.m2/repository/*/*
!~/.m2/repository/org/keycloak
key: ${{ steps.weekly-cache-key.outputs.key }}
key: mvn-${{ runner.os }}-${{ steps.weekly-cache-key.outputs.key }}
restore-keys: |
mvn--${{ steps.weekly-cache-key.outputs.key }}
enableCrossOsArchive: true
- shell: bash

7
.github/actions/pnpm-setup/action.yml vendored
View File

@ -5,7 +5,7 @@ inputs:
node-version:
description: Node.js version
required: false
default: "22"
default: "24"
runs:
using: composite
@ -16,9 +16,8 @@ runs:
node-version: ${{ inputs.node-version }}
check-latest: true
- name: Enable Corepack
shell: bash
run: corepack enable
- name: Setup Corepack
uses: ./.github/actions/corepack-setup
- name: PNPM store cache
uses: ./.github/actions/pnpm-store-cache

81
.github/actions/prunsrv-setup/action.yml vendored Normal file
View File

@ -0,0 +1,81 @@
name: Setup Apache Commons Daemon (Procrun)
description: Download and cache Apache Commons Daemon prunsrv.exe for Windows service tests
inputs:
version:
description: Apache Commons Daemon version (leave empty for latest)
required: false
default: ""
outputs:
prunsrv-path:
description: Path to the prunsrv.exe executable
value: ${{ steps.setup.outputs.prunsrv-path }}
version:
description: The resolved Apache Commons Daemon version
value: ${{ steps.resolve-version.outputs.version }}
runs:
using: composite
steps:
- name: Resolve latest version
id: resolve-version
shell: pwsh
run: |
$inputVersion = "${{ inputs.version }}"
if ([string]::IsNullOrWhiteSpace($inputVersion)) {
Write-Host "No version specified, detecting latest version from Apache downloads..."
$indexUrl = "https://downloads.apache.org/commons/daemon/binaries/windows/"
$response = Invoke-WebRequest -Uri $indexUrl -UseBasicParsing
# Parse the HTML to find the zip file and extract version
$match = [regex]::Match($response.Content, 'commons-daemon-(\d+\.\d+\.\d+)-bin-windows\.zip')
if ($match.Success) {
$version = $match.Groups[1].Value
Write-Host "Detected latest version: $version"
} else {
Write-Error "Could not detect latest version from Apache downloads page"
exit 1
}
} else {
$version = $inputVersion
Write-Host "Using specified version: $version"
}
echo "version=$version" >> $env:GITHUB_OUTPUT
- uses: actions/cache@5a3ec84eff668545956fd18022155c47e93e2684 # v4.2.3
id: cache
name: Cache Apache Commons Daemon
with:
path: ${{ runner.temp }}/commons-daemon
key: commons-daemon-${{ steps.resolve-version.outputs.version }}-windows-amd64
- name: Download Apache Commons Daemon
if: steps.cache.outputs.cache-hit != 'true'
shell: pwsh
run: |
$version = "${{ steps.resolve-version.outputs.version }}"
$downloadUrl = "https://downloads.apache.org/commons/daemon/binaries/windows/commons-daemon-${version}-bin-windows.zip"
$zipPath = Join-Path "${{ runner.temp }}" "commons-daemon.zip"
$extractPath = Join-Path "${{ runner.temp }}" "commons-daemon"
Write-Host "Downloading Apache Commons Daemon $version from $downloadUrl"
Invoke-WebRequest -Uri $downloadUrl -OutFile $zipPath -UseBasicParsing
Write-Host "Extracting to $extractPath"
Expand-Archive -Path $zipPath -DestinationPath $extractPath -Force
Remove-Item $zipPath -Force
- name: Setup environment
id: setup
shell: pwsh
run: |
$prunsrvPath = "${{ runner.temp }}/commons-daemon/amd64/prunsrv.exe"
if (-not (Test-Path $prunsrvPath)) {
Write-Error "prunsrv.exe not found at $prunsrvPath"
exit 1
}
Write-Host "Apache Commons Daemon prunsrv.exe found at: $prunsrvPath"
echo "COMMONS_DAEMON_HOME=${{ runner.temp }}/commons-daemon/amd64" >> $env:GITHUB_ENV
echo "prunsrv-path=$prunsrvPath" >> $env:GITHUB_OUTPUT

85
.github/actions/run-store-tests/action.yml vendored Normal file
View File

@ -0,0 +1,85 @@
name: Store IT
description: Run Store integration tests
inputs:
db:
description: The database to use for tests
required: true
runs:
using: composite
steps:
- uses: actions/checkout@08c6903cd8c0fde910a37f88322edcfb5dd907a8 # v5.0.0
- id: integration-test-setup
name: Integration test setup
uses: ./.github/actions/integration-test-setup
- name: Run new base tests
shell: bash
run: |
KC_TEST_DATABASE=${{ inputs.db }} KC_TEST_DATABASE_REUSE=true TESTCONTAINERS_REUSE_ENABLE=true ./mvnw package -f tests/pom.xml -Dtest=DatabaseTestSuite -Dkeycloak.distribution.start.timeout=360
- name: Database container port
shell: bash
run: |
# The Ryuk container process exists temporarily after the JVM terminates, wait for only the database container to remain
while [ "$(docker ps -q | wc -l)" -ne 1 ]; do
docker ps
sleep 10
done
DATABASE_PORT=$(docker ps -l --format '{{ .ID }}' | xargs docker port | cut -d ':' -f 2)
echo "DATABASE_PORT=$DATABASE_PORT" >> $GITHUB_ENV
- name: Run base tests
shell: bash
run: |
TESTS=`testsuite/integration-arquillian/tests/base/testsuites/suite.sh database`
echo "Tests: $TESTS"
./mvnw test ${{ env.SUREFIRE_RETRY }} \
-Pauth-server-quarkus -Pdb-${{ inputs.db }} \
"-Dwebdriver.chrome.driver=$CHROMEWEBDRIVER/chromedriver" \
-Dtest=$TESTS \
-Ddocker.database.skip=true \
-Ddocker.database.port=$DATABASE_PORT \
-Ddocker.container.testdb.ip=localhost \
-Dkeycloak.distribution.start.timeout=360 \
-pl testsuite/integration-arquillian/tests/base 2>&1 | misc/log/trimmer.sh
- name: Run cluster JDBC_PING2 UDP smoke test
shell: bash
run: |
./mvnw test ${{ env.SUREFIRE_RETRY }} \
-Pauth-server-cluster-quarkus \
-Pdb-${{ inputs.db }} \
-Dtest=RealmInvalidationClusterTest \
-Dsession.cache.owners=2 \
-Dauth.server.quarkus.cluster.stack=jdbc-ping-udp \
-Ddocker.database.skip=true \
-Ddocker.database.port=$DATABASE_PORT \
-Ddocker.container.testdb.ip=localhost \
-pl testsuite/integration-arquillian/tests/base \
2>&1 | misc/log/trimmer.sh
- name: Run cluster JDBC_PING2 TCP smoke test
shell: bash
run: |
./mvnw test ${{ env.SUREFIRE_RETRY }} \
-Pauth-server-cluster-quarkus \
-Pdb-${{ inputs.db }} \
-Dtest=RealmInvalidationClusterTest \
-Dsession.cache.owners=2 \
-Dauth.server.quarkus.cluster.stack=jdbc-ping \
-Ddocker.database.skip=true \
-Ddocker.database.port=$DATABASE_PORT \
-Ddocker.container.testdb.ip=localhost \
-pl testsuite/integration-arquillian/tests/base \
2>&1 | misc/log/trimmer.sh
- uses: ./.github/actions/upload-flaky-tests
name: Upload flaky tests
env:
GH_TOKEN: ${{ github.token }}
with:
job-name: Store IT

6
.github/actions/update-hosts/action.yml vendored
View File

@ -1,5 +1,5 @@
name: Update /etc/hosts
description: Update /etc/hosts file to hardcode known nip.io hostnames. This is to avoid test instability due to DNS resolution issues.
description: Update /etc/hosts file to hardcode known hostnames. This is to avoid test instability due to DNS resolution issues.
runs:
using: composite
@ -10,7 +10,7 @@ runs:
if: runner.os == 'Linux'
shell: bash
run: |
printf "\n\n$(cat .github/actions/update-hosts/nipio-hosts)" | sudo tee -a /etc/hosts
printf "\n\n$(cat .github/actions/update-hosts/hosts)" | sudo tee -a /etc/hosts
- id: update-hosts-windows
name: Update C:\Windows\System32\drivers\etc\hosts
@ -18,4 +18,4 @@ runs:
shell: powershell
run: |
"`n`n" | Add-Content C:\Windows\System32\drivers\etc\hosts
Get-Content .github/actions/update-hosts/nipio-hosts | Add-Content C:\Windows\System32\drivers\etc\hosts
Get-Content .github/actions/update-hosts/hosts | Add-Content C:\Windows\System32\drivers\etc\hosts

2
.github/actions/update-hosts/hosts vendored Normal file
View File

@ -0,0 +1,2 @@
127.0.0.1 localtest.me admin.localtest.me localhost-myapp.localtest.me localhost-sso.localtest.me realmFrontend.localtest.me proxy.kc.localtest.me
::1 localtest.me admin.localtest.me localhost-myapp.localtest.me localhost-sso.localtest.me realmFrontend.localtest.me proxy.kc.localtest.me

2
.github/actions/update-hosts/nipio-hosts vendored
View File

@ -1,2 +0,0 @@
127.0.0.1 localtest.me 127.0.0.1.nip.io admin.127.0.0.1.nip.io localhost-myapp.127.0.0.1.nip.io localhost-sso.127.0.0.1.nip.io realmFrontend.127.0.0.1.nip.io proxy.kc.127.0.0.1.nip.io
::1 localtest.me 127.0.0.1.nip.io admin.127.0.0.1.nip.io localhost-myapp.127.0.0.1.nip.io localhost-sso.127.0.0.1.nip.io realmFrontend.127.0.0.1.nip.io proxy.kc.127.0.0.1.nip.io

17
.github/actions/upload-heapdumps/action.yml vendored
View File

@ -1,17 +0,0 @@
name: Upload JVM Heapdumps
description: Upload JVM Heapdumps
runs:
using: composite
steps:
- id: upload-jvm-heapdumps
name: Upload JVM Heapdumps
# Windows runners are running into https://github.com/actions/upload-artifact/issues/240
if: runner.os != 'Windows'
uses: actions/upload-artifact@ea165f8d65b6e75b540449e92b4886f43607fa02 # v4.6.2
with:
name: jvm-heap-dumps
path: |
'**/java_pid*.hprof'
!distribution/**
if-no-files-found: ignore

3
.github/codeql/codeql-config-javascript.yml vendored Normal file
View File

@ -0,0 +1,3 @@
paths-ignore:
# This file is invalid on purpose for testing. Exclude it to prevent an "Unexpected token" error in CodeQL being reported.
- testsuite/integration-arquillian/servers/auth-server/services/testsuite-providers-deployment/src/main/resources/scripts/test-bad-script-mapper3.js

3
.github/codeql/codeql-config-typescript.yml vendored Normal file
View File

@ -0,0 +1,3 @@
paths-ignore:
# This file is invalid on purpose for testing. Exclude it to prevent an "Unexpected token" error in CodeQL being reported.
- testsuite/integration-arquillian/servers/auth-server/services/testsuite-providers-deployment/src/main/resources/scripts/test-bad-script-mapper3.js

31
.github/dependabot.yml vendored
View File

@ -2,22 +2,32 @@ version: 2
updates:
- package-ecosystem: github-actions
directory: /
open-pull-requests-limit: 999
rebase-strategy: disabled
schedule:
interval: daily
time: "00:00"
interval: weekly
day: "sunday"
time: "03:00"
timezone: Etc/GMT
open-pull-requests-limit: 10 # It's wise to keep this low even with grouping
rebase-strategy: disabled
labels:
- area/dependencies
- area/ci
groups:
actions-dependencies: # This name will be used in the PR title
patterns:
- "*"
update-types:
- "minor"
- "patch"
- package-ecosystem: npm
directory: js
schedule:
interval: daily
time: "00:00"
interval: weekly
day: "thursday"
time: "03:00"
timezone: Etc/GMT
open-pull-requests-limit: 999
open-pull-requests-limit: 10 # It's wise to keep this low even with grouping
rebase-strategy: disabled
labels:
- area/dependencies
@ -35,3 +45,10 @@ updates:
update-types: ["version-update:semver-major"]
- dependency-name: "react-router-dom"
update-types: ["version-update:semver-major"]
groups:
npm-dependencies: # This name will be used in the PR title
patterns:
- "*"
update-types:
- "minor"
- "patch"

88
.github/scripts/ansible/azure_vm_manager.sh vendored Executable file
View File

@ -0,0 +1,88 @@
#!/usr/bin/env bash
set -euo pipefail
# Usage: ./azure_vm_manager.sh <create|delete> <region> <cluster_name>
ACTION=${1:-}
REGION=${2:-}
CLUSTER=${3:-}
if [[ -z "$ACTION" || -z "$REGION" || -z "$CLUSTER" ]]; then
echo "Usage: $0 <create|delete> <region> <cluster_name>"
exit 1
fi
SSH_KEY="$CLUSTER"_"$REGION"
ADMIN_USER="azureuser"
VM_SIZE="Standard_D2s_v5"
IMAGE="Ubuntu2404"
if [[ "$ACTION" == "create" ]]; then
# 1. Resource group (created via idempotent command)
az group create --name "$CLUSTER" --location "$REGION"
# 2. SSH key
if [[ ! -f "${SSH_KEY}" ]]; then
ssh-keygen -t rsa -b 2048 -f "${SSH_KEY}" -N ""
fi
# 3. Network security group
az network nsg create --resource-group "$CLUSTER" --name "$CLUSTER-nsg"
az network nsg rule create --resource-group "$CLUSTER" --nsg-name "$CLUSTER-nsg" --name Allow-SSH --protocol Tcp --priority 1000 --destination-port-range 22 --access Allow --direction Inbound
# 4. Public IP
az network public-ip create --resource-group "$CLUSTER" --name "$CLUSTER-pip" --allocation-method Static
# 5. Virtual network
az network vnet create --resource-group "$CLUSTER" --name "$CLUSTER-vnet" --address-prefix 10.0.0.0/16
# 6. Subnet
az network vnet subnet create --resource-group "$CLUSTER" --vnet-name "$CLUSTER-vnet" --name "$CLUSTER-subnet" --address-prefix 10.0.0.0/24
# 7. Network interface
az network nic create --resource-group "$CLUSTER" --name "$CLUSTER-nic" --vnet-name "$CLUSTER-vnet" --subnet "$CLUSTER-subnet" --network-security-group "$CLUSTER-nsg" --public-ip-address "$CLUSTER-pip"
# 8. VM
az vm create \
--resource-group "$CLUSTER" \
--name "$CLUSTER-vm" \
--nics "$CLUSTER-nic" \
--image "$IMAGE" \
--size "$VM_SIZE" \
--admin-username "$ADMIN_USER" \
--ssh-key-values "${SSH_KEY}.pub" \
--authentication-type ssh \
--no-wait
# 9. Wait for VM IP
az vm wait --created --resource-group "$CLUSTER" --name "$CLUSTER-vm"
VM_IP=$(az network public-ip show --resource-group "$CLUSTER" --name "$CLUSTER-pip" --query ipAddress -o tsv)
# 10. Wait for SSH
for i in {1..30}; do
if nc -z "$VM_IP" 22; then break; fi
sleep 5
done
# 11. Create inventory file with both host and group
cat > "${CLUSTER}_${REGION}_inventory.yml" <<EOF
all:
hosts:
keycloak:
ansible_host: $VM_IP
ansible_user: $ADMIN_USER
ansible_ssh_private_key_file: ${SSH_KEY}
children:
keycloak_group:
hosts:
keycloak:
EOF
echo "VM provisioned. Inventory: ${CLUSTER}_${REGION}_inventory.yml"
elif [[ "$ACTION" == "delete" ]]; then
az group delete --name "$CLUSTER" --yes --no-wait
echo "Resource group $CLUSTER deletion initiated."
else
echo "Unknown action: $ACTION"
exit 2
fi

2
.github/scripts/ansible/keycloak.yml vendored
View File

@ -1,2 +1,2 @@
- hosts: keycloak
roles: [keycloak_ec2_installer]
roles: [keycloak_remote_installer]

2
.github/scripts/ansible/keycloak_ec2_installer.sh → .github/scripts/ansible/keycloak_remote_installer.sh vendored
View File

@ -11,6 +11,6 @@ CLUSTER_NAME=$2
KEYCLOAK_SRC=$3
MAVEN_ARCHIVE=$4
ansible-playbook -i ${CLUSTER_NAME}_${REGION}_inventory.yml keycloak.yml \
ansible-playbook -vvvv -i ${CLUSTER_NAME}_${REGION}_inventory.yml keycloak.yml \
-e "keycloak_src=\"${KEYCLOAK_SRC}\"" \
-e "maven_archive=\"${MAVEN_ARCHIVE}\""

2
.github/scripts/ansible/mvn.yml vendored
View File

@ -1,2 +1,2 @@
- hosts: keycloak
roles: [mvn_ec2_runner]
roles: [mvn_remote_runner]

0
.github/scripts/ansible/mvn_ec2_runner.sh → .github/scripts/ansible/mvn_remote_runner.sh vendored
View File

2
.github/scripts/ansible/roles/keycloak_ec2_installer/README.md → .github/scripts/ansible/roles/keycloak_remote_installer/README.md vendored
View File

@ -1,4 +1,4 @@
# Ansible Role `keycloak_ec2_installer`
# Ansible Role `keycloak_remote_installer`
Ansible role for installing Keycloak sources and build dependencies on remote nodes.

2
.github/scripts/ansible/roles/keycloak_ec2_installer/defaults/main.yml → .github/scripts/ansible/roles/keycloak_remote_installer/defaults/main.yml vendored
View File

@ -1,5 +1,3 @@
# This should match the user in the *_inventory.yml
ansible_ssh_user: ec2-user
# Workspace on the remote hosts
kc_home: /opt/keycloak
m2_home: ~/.m2

22
.github/scripts/ansible/roles/keycloak_ec2_installer/tasks/install.yml → .github/scripts/ansible/roles/keycloak_remote_installer/tasks/install.yml vendored
View File

@ -4,8 +4,26 @@
name: "*"
state: latest
- name: Install Java {{ java_version }} packages on the remote hosts
when: install_java
- name: Update apt cache on Ubuntu/Debian
when: ansible_os_family == 'Debian'
apt:
update_cache: yes
- name: Install Java {{ java_version }} packages on Ubuntu/Debian
when:
- install_java
- ansible_os_family == 'Debian'
package:
name:
- "openjdk-{{ java_version }}-jdk"
- "openjdk-{{ java_version }}-jre"
state: present
- name: Install Java {{ java_version }} packages on RedHat/Amazon
when:
- install_java
- ansible_os_family != 'Debian'
package:
name:
- "java-{{ java_version }}-openjdk"

0
.github/scripts/ansible/roles/keycloak_ec2_installer/tasks/main.yml → .github/scripts/ansible/roles/keycloak_remote_installer/tasks/main.yml vendored
View File

2
.github/scripts/ansible/roles/mvn_ec2_runner/README.md → .github/scripts/ansible/roles/mvn_remote_runner/README.md vendored
View File

@ -1,4 +1,4 @@
# Ansible Role `mvn_ec2_runner`
# Ansible Role `mvn_remote_runner`
Ansible role for executing `mvn` commands against a Keycloak src on a remote node.

0
.github/scripts/ansible/roles/mvn_ec2_runner/defaults/main.yml → .github/scripts/ansible/roles/mvn_remote_runner/defaults/main.yml vendored
View File

0
.github/scripts/ansible/roles/mvn_ec2_runner/tasks/main.yml → .github/scripts/ansible/roles/mvn_remote_runner/tasks/main.yml vendored
View File

0
.github/scripts/ansible/roles/mvn_ec2_runner/tasks/run.yml → .github/scripts/ansible/roles/mvn_remote_runner/tasks/run.yml vendored
View File

63
.github/scripts/azure/sql/README.md vendored Normal file
View File

@ -0,0 +1,63 @@
# Azure SQL Automation
This folder contains scripts, a composite action, and Ansible helpers to:
- Create an Azure SQL Server + database and the Keycloak DB user
- Provision an Azure VM and run Maven/Keycloak tasks on it (Ansible role)
---
## Prerequisites
Make sure that your Azure subscription is registered to use the `Microsoft.Sql` resource provider in order to create SQL resources. You can do this via the Azure Portal or Azure CLI:
```bash
# Ensure correct subscription is selected
az account set --subscription <your-subscription-id>
# Check registration status
az provider show --namespace Microsoft.Sql --query registrationState -o table
# Register the provider
az provider register --namespace Microsoft.Sql
```
---
## Files
### Azure-specific scripts
- **`azure_common.sh`** - Shared defaults and environment checks
- **`azure_create_sql.sh`** - Create resource group, server, database and DB user using Azure CLI + sqlcmd
- **`azure_vm_manager.sh`** - CLI wrapper to create/delete Azure VM and produce inventory via Ansible
### Common files shared with EC2 automation
- **`mvn_remote_runner.sh`** - Runs the existing `mvn.yml` Ansible playbook against the created Azure or EC2 VM
- **`keycloak_remote_installer.sh`** - Shell script that runs the Ansible playbook to install Keycloak on the provisioned VM
- **Ansible playbooks and roles** - Under `.github/scripts/ansible/roles/`
---
## GitHub Secrets and Configuration
### Required Secret
**`AZURE_CREDENTIALS`** *(required)* - Service principal JSON used by the `azure/login` action
Create via Azure CLI:
```bash
az ad sp create-for-rbac \
--name "keycloak-ci" \
--role contributor \
--scopes /subscriptions/<your-subscription-id> \
--sdk-auth
```
### Optional Variables (override defaults)
- **`AZURE_ADMIN_USER`** - SQL Server admin username *(default: `sqladmin`)*
- **`AZURE_DB_USER`** - Keycloak database username *(default: `keycloak`)*
### Optional Secrets (override auto-generated passwords)
- **`AZURE_ADMIN_PASSWORD`** - SQL Server admin password *(default: auto-generated)*
- **`AZURE_DB_PASSWORD`** - Keycloak database user password *(default: auto-generated)*

26
.github/scripts/azure/sql/azure_common.sh vendored Executable file
View File

@ -0,0 +1,26 @@
#!/usr/bin/env bash
set -e
if [[ "$RUNNER_DEBUG" == "1" ]]; then
set -x
fi
function requiredEnv() {
for ENV in $@; do
if [ -z "${!ENV}" ]; then
echo "${ENV} variable must be set"
exit 1
fi
done
}
requiredEnv AZURE_NAME AZURE_REGION AZURE_ADMIN_PASSWORD AZURE_DB_PASSWORD
SCRIPT_DIR=${SCRIPT_DIR:-$( cd -- "$( dirname -- "${BASH_SOURCE[0]}" )" &> /dev/null && pwd )}
export AZURE_RG=${AZURE_RG:-"${AZURE_NAME}-rg"}
export AZURE_ADMIN_USER=${AZURE_ADMIN_USER:-"sqladmin"}
export AZURE_ADMIN_PASSWORD=${AZURE_ADMIN_PASSWORD}
export AZURE_DB=${AZURE_DB:-"keycloakdb"}
export AZURE_DB_USER=${AZURE_DB_USER:-"keycloak"}
export AZURE_DB_PASSWORD=${AZURE_DB_PASSWORD}
export AZURE_ALLOW_ALL_FIREWALL=${AZURE_ALLOW_ALL_FIREWALL:-"true"}

65
.github/scripts/azure/sql/azure_create_sql.sh vendored Executable file
View File

@ -0,0 +1,65 @@
#!/usr/bin/env bash
set -e
if [[ "$RUNNER_DEBUG" == "1" ]]; then
set -x
fi
SCRIPT_DIR=$( cd -- "$( dirname -- "${BASH_SOURCE[0]}" )" &> /dev/null && pwd )
source ${SCRIPT_DIR}/azure_common.sh
requiredEnv AZURE_SUBSCRIPTION AZURE_ADMIN_USER AZURE_DB_USER
# Login is expected to be done by the workflow via az login with service principal
# Resource group (created via idempotent command)
echo "Creating resource group ${AZURE_RG} in ${AZURE_REGION}"
az group create --name ${AZURE_RG} --location ${AZURE_REGION} --subscription ${AZURE_SUBSCRIPTION}
echo "Creating SQL server ${AZURE_NAME}-sqlsrv"
az sql server create \
--name ${AZURE_NAME}-sqlsrv \
--resource-group ${AZURE_RG} \
--location ${AZURE_REGION} \
--admin-user ${AZURE_ADMIN_USER} \
--admin-password "${AZURE_ADMIN_PASSWORD}" \
--subscription ${AZURE_SUBSCRIPTION}
echo "Creating database ${AZURE_DB}"
az sql db create \
--resource-group ${AZURE_RG} \
--server ${AZURE_NAME}-sqlsrv \
--name ${AZURE_DB} \
--service-objective Basic \
--subscription ${AZURE_SUBSCRIPTION}
if [ "${AZURE_ALLOW_ALL_FIREWALL}" = "true" ]; then
echo "Allowing Azure services and current IP (0.0.0.0) - use with caution"
az sql server firewall-rule create --resource-group ${AZURE_RG} --server ${AZURE_NAME}-sqlsrv --name AllowAll --start-ip-address 0.0.0.0 --end-ip-address 0.0.0.0 --subscription ${AZURE_SUBSCRIPTION}
fi
# Create login in master and then create user in the database
# Wait until server is provisioned
echo "Waiting for SQL server to be provisioned..."
for i in {1..30}; do
state=$(az sql server show --name ${AZURE_NAME}-sqlsrv --resource-group ${AZURE_RG} --subscription ${AZURE_SUBSCRIPTION} --query "state" -o tsv || echo "")
if [ "${state}" = "Ready" ] || [ -z "${state}" ]; then
break
fi
echo "server state=${state}, retrying..."
sleep 5
done
ENDPOINT="${AZURE_NAME}-sqlsrv.database.windows.net"
ADMIN_USER_FULL="${AZURE_ADMIN_USER}@${AZURE_NAME}-sqlsrv"
echo "Creating login ${AZURE_DB_USER} in master via sqlcmd"
PASS_ESCAPED=${AZURE_DB_PASSWORD//\'/''}
sqlcmd -S ${ENDPOINT} -U "${ADMIN_USER_FULL}" -P "${AZURE_ADMIN_PASSWORD}" -d master -Q "IF EXISTS (SELECT 1 FROM sys.sql_logins WHERE name = '${AZURE_DB_USER}') BEGIN ALTER LOGIN [${AZURE_DB_USER}] WITH PASSWORD='${PASS_ESCAPED}'; END ELSE BEGIN CREATE LOGIN [${AZURE_DB_USER}] WITH PASSWORD='${PASS_ESCAPED}'; END"
echo "Creating user ${AZURE_DB_USER} in database ${AZURE_DB} and adding db_owner"
sqlcmd -S ${ENDPOINT} -U "${ADMIN_USER_FULL}" -P "${AZURE_ADMIN_PASSWORD}" -d ${AZURE_DB} -Q "IF NOT EXISTS (SELECT name FROM sys.database_principals WHERE name = '${AZURE_DB_USER}') BEGIN CREATE USER [${AZURE_DB_USER}] FOR LOGIN [${AZURE_DB_USER}]; END; IF NOT EXISTS (SELECT 1 FROM sys.database_role_members drm JOIN sys.database_principals r ON drm.role_principal_id = r.principal_id JOIN sys.database_principals m ON drm.member_principal_id = m.principal_id WHERE r.name = 'db_owner' AND m.name='${AZURE_DB_USER}') BEGIN ALTER ROLE db_owner ADD MEMBER [${AZURE_DB_USER}]; END"
echo "endpoint=${ENDPOINT}" >> $GITHUB_OUTPUT
echo "db=${AZURE_DB}" >> $GITHUB_OUTPUT
echo "username=${AZURE_DB_USER}@${AZURE_NAME}-sqlsrv" >> $GITHUB_OUTPUT

9
.github/scripts/find-modules-with-unit-tests.sh vendored Executable file
View File

@ -0,0 +1,9 @@
#!/bin/bash -e
find . -path '**/src/test/java' -type d \
| grep -v -E '\./(docs|distribution|misc|operator|((.+/)?tests)|testsuite|test-framework|quarkus)/' \
| sed 's|/src/test/java||' \
| sed 's|./||' \
| sort \
| tr '\n' ',' \
| sed 's/,$//'

8
.github/scripts/run-fips-it.sh vendored
View File

@ -1,5 +1,6 @@
#!/bin/bash -x
rm -f /etc/system-fips
dnf install -y java-21-openjdk-devel
fips-mode-setup --enable --no-bootcfg
fips-mode-setup --is-enabled
@ -7,8 +8,10 @@ if [ $? -ne 0 ]; then
exit 1
fi
STRICT_OPTIONS=""
TESTSUITE_NAME="FipsNonStrictTestSuite"
if [ "$1" = "strict" ]; then
STRICT_OPTIONS="-Dauth.server.fips.mode=strict -Dauth.server.supported.keystore.types=BCFKS -Dauth.server.keystore.type=bcfks -Dauth.server.supported.rsa.key.sizes=2048,4096"
STRICT_OPTIONS="-Dauth.server.fips.mode=strict -Dauth.server.supported.keystore.types=BCFKS -Dauth.server.keystore.type=bcfks -Dauth.server.supported.rsa.key.sizes=2048,3072,4096"
TESTSUITE_NAME="FipsStrictTestSuite"
fi
echo "STRICT_OPTIONS: $STRICT_OPTIONS"
TESTS=`testsuite/integration-arquillian/tests/base/testsuites/suite.sh fips`
@ -36,3 +39,6 @@ fi
# Profile app-server-wildfly needs to be explicitly set for FIPS tests
./mvnw test -Dsurefire.rerunFailingTestsCount=$SUREFIRE_RERUN_FAILING_COUNT -nsu -B -Pauth-server-quarkus,auth-server-fips140-2,app-server-wildfly -Dcom.redhat.fips=false $STRICT_OPTIONS -Dtest=$TESTS -pl testsuite/integration-arquillian/tests/base 2>&1 | misc/log/trimmer.sh
# New Base Tests
./mvnw package -nsu -B -Dcom.redhat.fips=false -Dtest=$TESTSUITE_NAME -pl tests/base

1
.github/scripts/run-fips-ut.sh vendored
View File

@ -1,5 +1,6 @@
#!/bin/bash
rm -f /etc/system-fips
dnf install -y java-21-openjdk-devel crypto-policies-scripts
fips-mode-setup --enable --no-bootcfg
fips-mode-setup --is-enabled

30
.github/scripts/version-compatibility.sh vendored Executable file
View File

@ -0,0 +1,30 @@
#!/bin/bash -e
if [[ "$RUNNER_DEBUG" == "1" ]]; then
set -x
fi
TARGET_BRANCH="$1"
REPO="${2:-keycloak}"
ORG="${3:-keycloak}"
if [[ "${TARGET_BRANCH}" != "release/"* ]]; then
echo "skip"
exit 0
fi
ALL_RELEASES=$(gh release list \
--repo "${ORG}/${REPO}" \
--exclude-drafts \
--exclude-pre-releases \
--json name \
--template '{{range .}}{{.name}}{{"\n"}}{{end}}'
)
MAJOR_MINOR=${TARGET_BRANCH#"release/"}
MAJOR_MINOR_RELEASES=$(echo "${ALL_RELEASES}" | (grep "${MAJOR_MINOR}" || true))
if [[ -z "${MAJOR_MINOR_RELEASES}" ]]; then
echo "skip"
else
echo -n "${MAJOR_MINOR_RELEASES}" | jq -cnR '[inputs] | map({version: .})'
fi

13
.github/teams.yml vendored
View File

@ -2,8 +2,10 @@ team/cloud-native:
- area/admin/cli
- area/dist/quarkus
- area/operator
- area/observability
- area/welcome/ui
team/continuous-testing:
team/continuous-delivery:
- area/ci
- area/testsuite
@ -29,6 +31,7 @@ team/core-iam:
- area/ldap
- area/organizations
- area/user-profile
- area/workflows
team/core-shared:
- area/account/api
@ -38,14 +41,12 @@ team/core-shared:
- area/import-export
- area/infinispan
- area/storage
team/sre:
team/ui:
- area/account/ui
- area/admin/client-js
- area/admin/ui
- area/welcome/ui
team/sre:
- area/observability
team/community:
- area/translations

2
.github/workflows/aurora-delete.yml vendored
View File

@ -20,7 +20,7 @@ jobs:
name: Delete Aurora DB
runs-on: ubuntu-latest
steps:
- uses: actions/checkout@11bd71901bbe5b1630ceea73d27597364c9af683 # v4.2.2
- uses: actions/checkout@08c6903cd8c0fde910a37f88322edcfb5dd907a8 # v5.0.0
- name: Initialize AWS client
run: |

662
.github/workflows/ci.yml vendored
View File

File diff suppressed because it is too large Load Diff

53
.github/workflows/codeql-analysis.yml vendored
View File

@ -33,11 +33,12 @@ jobs:
java: ${{ steps.conditional.outputs.codeql-java }}
javascript: ${{ steps.conditional.outputs.codeql-javascript }}
typescript: ${{ steps.conditional.outputs.codeql-typescript }}
actions: ${{ steps.conditional.outputs.codeql-actions }}
permissions:
contents: read
pull-requests: read
steps:
- uses: actions/checkout@11bd71901bbe5b1630ceea73d27597364c9af683 # v4.2.2
- uses: actions/checkout@08c6903cd8c0fde910a37f88322edcfb5dd907a8 # v5.0.0
- id: conditional
uses: ./.github/actions/conditional
@ -55,10 +56,10 @@ jobs:
conclusion: ${{ steps.check.outputs.conclusion }}
steps:
- uses: actions/checkout@11bd71901bbe5b1630ceea73d27597364c9af683 # v4.2.2
- uses: actions/checkout@08c6903cd8c0fde910a37f88322edcfb5dd907a8 # v5.0.0
- name: Initialize CodeQL
uses: github/codeql-action/init@ce28f5bb42b7a9f2c824e633a3f6ee835bab6858 # v3.29.0
uses: github/codeql-action/init@5d4e8d1aca955e8d8589aabd499c5cae939e33c7 # v4.31.9
with:
languages: java
@ -66,7 +67,7 @@ jobs:
uses: ./.github/actions/build-keycloak
- name: Perform CodeQL Analysis
uses: github/codeql-action/analyze@ce28f5bb42b7a9f2c824e633a3f6ee835bab6858 # v3.29.0
uses: github/codeql-action/analyze@5d4e8d1aca955e8d8589aabd499c5cae939e33c7 # v4.31.9
with:
wait-for-processing: true
env:
@ -83,17 +84,18 @@ jobs:
conclusion: ${{ steps.check.outputs.conclusion }}
steps:
- uses: actions/checkout@11bd71901bbe5b1630ceea73d27597364c9af683 # v4.2.2
- uses: actions/checkout@08c6903cd8c0fde910a37f88322edcfb5dd907a8 # v5.0.0
- name: Initialize CodeQL
uses: github/codeql-action/init@ce28f5bb42b7a9f2c824e633a3f6ee835bab6858 # v3.29.0
uses: github/codeql-action/init@5d4e8d1aca955e8d8589aabd499c5cae939e33c7 # v4.31.9
env:
CODEQL_ACTION_EXTRA_OPTIONS: '{"database":{"finalize":["--no-run-unnecessary-builds"]}}'
with:
languages: javascript
config-file: ./.github/codeql/codeql-config-javascript.yml
- name: Perform CodeQL Analysis
uses: github/codeql-action/analyze@ce28f5bb42b7a9f2c824e633a3f6ee835bab6858 # v3.29.0
uses: github/codeql-action/analyze@5d4e8d1aca955e8d8589aabd499c5cae939e33c7 # v4.31.9
with:
wait-for-processing: true
env:
@ -110,17 +112,45 @@ jobs:
conclusion: ${{ steps.check.outputs.conclusion }}
steps:
- uses: actions/checkout@11bd71901bbe5b1630ceea73d27597364c9af683 # v4.2.2
- uses: actions/checkout@08c6903cd8c0fde910a37f88322edcfb5dd907a8 # v5.0.0
- name: Initialize CodeQL
uses: github/codeql-action/init@ce28f5bb42b7a9f2c824e633a3f6ee835bab6858 # v3.29.0
uses: github/codeql-action/init@5d4e8d1aca955e8d8589aabd499c5cae939e33c7 # v4.31.9
env:
CODEQL_ACTION_EXTRA_OPTIONS: '{"database":{"finalize":["--no-run-unnecessary-builds"]}}'
with:
languages: typescript
config-file: ./.github/codeql/codeql-config-typescript.yml
- name: Perform CodeQL Analysis
uses: github/codeql-action/analyze@ce28f5bb42b7a9f2c824e633a3f6ee835bab6858 # v3.29.0
uses: github/codeql-action/analyze@5d4e8d1aca955e8d8589aabd499c5cae939e33c7 # v4.31.9
with:
wait-for-processing: true
env:
CODEQL_ACTION_EXTRA_OPTIONS: '{"database":{"interpret-results":["--max-paths",0]}}'
actions:
name: CodeQL GitHub Actions
needs: conditional
runs-on: ubuntu-latest
permissions:
security-events: write # Required for SARIF upload
if: needs.conditional.outputs.actions == 'true'
outputs:
conclusion: ${{ steps.check.outputs.conclusion }}
steps:
- uses: actions/checkout@08c6903cd8c0fde910a37f88322edcfb5dd907a8 # v5.0.0
- name: Initialize CodeQL
uses: github/codeql-action/init@5d4e8d1aca955e8d8589aabd499c5cae939e33c7 # v4.31.9
env:
CODEQL_ACTION_EXTRA_OPTIONS: '{"database":{"finalize":["--no-run-unnecessary-builds"]}}'
with:
languages: actions
- name: Perform CodeQL Analysis
uses: github/codeql-action/analyze@5d4e8d1aca955e8d8589aabd499c5cae939e33c7 # v4.31.9
with:
wait-for-processing: true
env:
@ -134,9 +164,10 @@ jobs:
- java
- javascript
- typescript
- actions
runs-on: ubuntu-latest
steps:
- uses: actions/checkout@11bd71901bbe5b1630ceea73d27597364c9af683 # v4.2.2
- uses: actions/checkout@08c6903cd8c0fde910a37f88322edcfb5dd907a8 # v5.0.0
- uses: ./.github/actions/status-check
with:
jobs: ${{ toJSON(needs) }}

10
.github/workflows/documentation.yml vendored
View File

@ -35,7 +35,7 @@ jobs:
contents: read
pull-requests: read
steps:
- uses: actions/checkout@11bd71901bbe5b1630ceea73d27597364c9af683 # v4.2.2
- uses: actions/checkout@08c6903cd8c0fde910a37f88322edcfb5dd907a8 # v5.0.0
- id: conditional
uses: ./.github/actions/conditional
@ -48,7 +48,7 @@ jobs:
runs-on: ubuntu-latest
needs: conditional
steps:
- uses: actions/checkout@11bd71901bbe5b1630ceea73d27597364c9af683 # v4.2.2
- uses: actions/checkout@08c6903cd8c0fde910a37f88322edcfb5dd907a8 # v5.0.0
- id: setup-java
name: Setup Java
@ -66,7 +66,7 @@ jobs:
- id: upload-keycloak-documentation
name: Upload Keycloak documentation
uses: actions/upload-artifact@ea165f8d65b6e75b540449e92b4886f43607fa02 # v4.6.2
uses: actions/upload-artifact@330a01c490aca151604b8cf639adc76d48f6c5d4 # v5.0.0
with:
name: keycloak-documentation
path: docs/documentation/dist/target/*.zip
@ -78,7 +78,7 @@ jobs:
runs-on: ubuntu-latest
needs: conditional
steps:
- uses: actions/checkout@11bd71901bbe5b1630ceea73d27597364c9af683 # v4.2.2
- uses: actions/checkout@08c6903cd8c0fde910a37f88322edcfb5dd907a8 # v5.0.0
- id: setup-java
name: Setup Java
@ -102,7 +102,7 @@ jobs:
- build
runs-on: ubuntu-latest
steps:
- uses: actions/checkout@11bd71901bbe5b1630ceea73d27597364c9af683 # v4.2.2
- uses: actions/checkout@08c6903cd8c0fde910a37f88322edcfb5dd907a8 # v5.0.0
- uses: ./.github/actions/status-check
with:
jobs: ${{ toJSON(needs) }}

6
.github/workflows/guides.yml vendored
View File

@ -36,7 +36,7 @@ jobs:
contents: read
pull-requests: read
steps:
- uses: actions/checkout@11bd71901bbe5b1630ceea73d27597364c9af683 # v4.2.2
- uses: actions/checkout@08c6903cd8c0fde910a37f88322edcfb5dd907a8 # v5.0.0
- id: conditional
uses: ./.github/actions/conditional
@ -50,7 +50,7 @@ jobs:
runs-on: ubuntu-latest
needs: conditional
steps:
- uses: actions/checkout@11bd71901bbe5b1630ceea73d27597364c9af683 # v4.2.2
- uses: actions/checkout@08c6903cd8c0fde910a37f88322edcfb5dd907a8 # v5.0.0
- name: Build Keycloak
uses: ./.github/actions/build-keycloak
@ -63,7 +63,7 @@ jobs:
- build
runs-on: ubuntu-latest
steps:
- uses: actions/checkout@11bd71901bbe5b1630ceea73d27597364c9af683 # v4.2.2
- uses: actions/checkout@08c6903cd8c0fde910a37f88322edcfb5dd907a8 # v5.0.0
- uses: ./.github/actions/status-check
with:
jobs: ${{ toJSON(needs) }}

111
.github/workflows/js-ci.yml vendored
View File

@ -11,7 +11,6 @@ on:
env:
MAVEN_ARGS: "-B -nsu -Daether.connector.http.connectionMaxTtl=25"
RETRY_COUNT: 3
concurrency:
# Only cancel jobs for PR updates
@ -35,7 +34,7 @@ jobs:
contents: read
pull-requests: read
steps:
- uses: actions/checkout@11bd71901bbe5b1630ceea73d27597364c9af683 # v4.2.2
- uses: actions/checkout@08c6903cd8c0fde910a37f88322edcfb5dd907a8 # v5.0.0
- id: conditional
uses: ./.github/actions/conditional
@ -48,7 +47,7 @@ jobs:
if: needs.conditional.outputs.js-ci == 'true'
runs-on: ubuntu-latest
steps:
- uses: actions/checkout@11bd71901bbe5b1630ceea73d27597364c9af683 # v4.2.2
- uses: actions/checkout@08c6903cd8c0fde910a37f88322edcfb5dd907a8 # v5.0.0
- name: Build Keycloak
uses: ./.github/actions/build-keycloak
@ -58,7 +57,7 @@ jobs:
mv ./quarkus/dist/target/keycloak-999.0.0-SNAPSHOT.tar.gz ./keycloak-999.0.0-SNAPSHOT.tar.gz
- name: Upload Keycloak dist
uses: actions/upload-artifact@ea165f8d65b6e75b540449e92b4886f43607fa02 # v4.6.2
uses: actions/upload-artifact@330a01c490aca151604b8cf639adc76d48f6c5d4 # v5.0.0
with:
name: keycloak
path: keycloak-999.0.0-SNAPSHOT.tar.gz
@ -71,7 +70,7 @@ jobs:
env:
WORKSPACE: "@keycloak/keycloak-admin-client"
steps:
- uses: actions/checkout@11bd71901bbe5b1630ceea73d27597364c9af683 # v4.2.2
- uses: actions/checkout@08c6903cd8c0fde910a37f88322edcfb5dd907a8 # v5.0.0
- uses: ./.github/actions/pnpm-setup
@ -89,7 +88,7 @@ jobs:
env:
WORKSPACE: "@keycloak/keycloak-ui-shared"
steps:
- uses: actions/checkout@11bd71901bbe5b1630ceea73d27597364c9af683 # v4.2.2
- uses: actions/checkout@08c6903cd8c0fde910a37f88322edcfb5dd907a8 # v5.0.0
- uses: ./.github/actions/pnpm-setup
@ -107,7 +106,7 @@ jobs:
env:
WORKSPACE: "@keycloak/keycloak-account-ui"
steps:
- uses: actions/checkout@11bd71901bbe5b1630ceea73d27597364c9af683 # v4.2.2
- uses: actions/checkout@08c6903cd8c0fde910a37f88322edcfb5dd907a8 # v5.0.0
- uses: ./.github/actions/pnpm-setup
@ -125,7 +124,7 @@ jobs:
env:
WORKSPACE: keycloak-admin-ui
steps:
- uses: actions/checkout@11bd71901bbe5b1630ceea73d27597364c9af683 # v4.2.2
- uses: actions/checkout@08c6903cd8c0fde910a37f88322edcfb5dd907a8 # v5.0.0
- uses: ./.github/actions/pnpm-setup
@ -147,13 +146,20 @@ jobs:
runs-on: ubuntu-latest
env:
WORKSPACE: "@keycloak/keycloak-account-ui"
strategy:
matrix:
browser: [chromium, firefox]
exclude:
# Only test with Firefox on scheduled runs
- browser: ${{ github.event_name != 'workflow_dispatch' && 'firefox' || '' }}
fail-fast: false
steps:
- uses: actions/checkout@11bd71901bbe5b1630ceea73d27597364c9af683 # v4.2.2
- uses: actions/checkout@08c6903cd8c0fde910a37f88322edcfb5dd907a8 # v5.0.0
- uses: ./.github/actions/pnpm-setup
- name: Download Keycloak server
uses: actions/download-artifact@d3f86a106a0bac45b974a628896c90dbdf5c8093 # v4.3.0
uses: actions/download-artifact@018cc2cf5baa6db3ef3c5f8a56943fffe632ef53 # v6.0.0
with:
name: keycloak
@ -173,50 +179,34 @@ jobs:
working-directory: js
- name: Run Playwright tests
run: pnpm --fail-if-no-match --filter ${{ env.WORKSPACE }} test
run: pnpm --fail-if-no-match --filter ${{ env.WORKSPACE }} test -- --project=${{ matrix.browser }}
working-directory: js
- name: Upload Playwright report
uses: actions/upload-artifact@ea165f8d65b6e75b540449e92b4886f43607fa02 # v4.6.2
uses: actions/upload-artifact@330a01c490aca151604b8cf639adc76d48f6c5d4 # v5.0.0
if: always()
with:
name: account-ui-playwright-report
name: account-ui-playwright-report-${{ matrix.browser }}
path: js/apps/account-ui/playwright-report
retention-days: 30
- name: Upload server logs
if: always()
uses: actions/upload-artifact@ea165f8d65b6e75b540449e92b4886f43607fa02 # v4.6.2
uses: actions/upload-artifact@330a01c490aca151604b8cf639adc76d48f6c5d4 # v5.0.0
with:
name: account-ui-server-log
name: account-ui-server-log-${{ matrix.browser }}
path: ~/server.log
generate-test-seed:
name: Generate Test Seed
needs:
- conditional
if: needs.conditional.outputs.js-ci == 'true'
runs-on: ubuntu-latest
outputs:
seed: ${{ steps.generate-random-number.outputs.value }}
steps:
- name: Generate random number
id: generate-random-number
shell: bash
run: |
echo "value=$(shuf -i 1-100 -n 1)" >> $GITHUB_OUTPUT
admin-ui-e2e:
name: Admin UI E2E
needs:
- conditional
- build-keycloak
- generate-test-seed
if: needs.conditional.outputs.js-ci == 'true'
runs-on: ubuntu-latest
env:
WORKSPACE: keycloak-admin-ui
WORKSPACE: "@keycloak/keycloak-admin-ui"
RETRY_COUNT: 3
strategy:
matrix:
browser: [chromium, firefox]
@ -225,16 +215,12 @@ jobs:
- browser: ${{ github.event_name != 'workflow_dispatch' && 'firefox' || '' }}
fail-fast: false
steps:
- uses: actions/checkout@11bd71901bbe5b1630ceea73d27597364c9af683 # v4.2.2
- uses: actions/checkout@08c6903cd8c0fde910a37f88322edcfb5dd907a8 # v5.0.0
- uses: ./.github/actions/pnpm-setup
- name: Compile Admin Client
run: pnpm --fail-if-no-match --filter @keycloak/keycloak-admin-client build
working-directory: js
- name: Download Keycloak server
uses: actions/download-artifact@d3f86a106a0bac45b974a628896c90dbdf5c8093 # v4.3.0
uses: actions/download-artifact@018cc2cf5baa6db3ef3c5f8a56943fffe632ef53 # v6.0.0
with:
name: keycloak
@ -244,7 +230,7 @@ jobs:
- name: Start Keycloak server
run: |
tar xfvz keycloak-999.0.0-SNAPSHOT.tar.gz
keycloak-999.0.0-SNAPSHOT/bin/kc.sh start-dev --features=admin-fine-grained-authz:v2,transient-users &> ~/server.log &
keycloak-999.0.0-SNAPSHOT/bin/kc.sh start-dev --features=admin-fine-grained-authz:v2,transient-users,spiffe,oid4vc-vci,kubernetes-service-accounts,jwt-authorization-grant,workflows &> ~/server.log &
env:
KC_BOOTSTRAP_ADMIN_USERNAME: admin
KC_BOOTSTRAP_ADMIN_PASSWORD: admin
@ -256,11 +242,11 @@ jobs:
working-directory: js
- name: Run Playwright tests
run: pnpm --fail-if-no-match --filter ${{ env.WORKSPACE }} test:integration --project=${{ matrix.browser }}
run: pnpm --fail-if-no-match --filter ${{ env.WORKSPACE }} test:integration -- --project=${{ matrix.browser }}
working-directory: js
- name: Upload Playwright report
uses: actions/upload-artifact@ea165f8d65b6e75b540449e92b4886f43607fa02 # v4.6.2
uses: actions/upload-artifact@330a01c490aca151604b8cf639adc76d48f6c5d4 # v5.0.0
if: always()
with:
name: admin-ui-playwright-report-${{ matrix.browser }}
@ -269,11 +255,47 @@ jobs:
- name: Upload server logs
if: always()
uses: actions/upload-artifact@ea165f8d65b6e75b540449e92b4886f43607fa02 # v4.6.2
uses: actions/upload-artifact@330a01c490aca151604b8cf639adc76d48f6c5d4 # v5.0.0
with:
name: admin-ui-server-log-${{ matrix.browser }}
path: ~/server.log
keycloak-admin-client:
name: Keycloak Admin Client
needs:
- conditional
- build-keycloak
if: needs.conditional.outputs.js-ci == 'true'
runs-on: ubuntu-latest
env:
WORKSPACE: "@keycloak/keycloak-admin-client"
RETRY_COUNT: 3
steps:
- uses: actions/checkout@08c6903cd8c0fde910a37f88322edcfb5dd907a8 # v5.0.0
- name: Download Keycloak server
uses: actions/download-artifact@018cc2cf5baa6db3ef3c5f8a56943fffe632ef53 # v6.0.0
with:
name: keycloak
- name: Setup Java
uses: ./.github/actions/java-setup
- name: Start Keycloak server
run: |
tar xfvz keycloak-999.0.0-SNAPSHOT.tar.gz
keycloak-999.0.0-SNAPSHOT/bin/kc.sh start-dev --http-port 8180 --features transient-users,oid4vc-vci,declarative-ui,quick-theme,spiffe,kubernetes-service-accounts,workflows,client-auth-federated,jwt-authorization-grant &> ~/server.log &
curl --connect-timeout 5 --max-time 10 --retry 10 --retry-all-errors --retry-delay 10 --retry-max-time 120 -s -o /dev/null http://127.0.0.1:8180
env:
KC_BOOTSTRAP_ADMIN_USERNAME: admin
KC_BOOTSTRAP_ADMIN_PASSWORD: admin
- uses: ./.github/actions/pnpm-setup
- name: Run tests
run: pnpm --fail-if-no-match --filter ${{ env.WORKSPACE }} run test
working-directory: js
check:
name: Status Check - Keycloak JavaScript CI
if: always()
@ -286,9 +308,10 @@ jobs:
- account-ui-e2e
- admin-ui
- admin-ui-e2e
- keycloak-admin-client
runs-on: ubuntu-latest
steps:
- uses: actions/checkout@11bd71901bbe5b1630ceea73d27597364c9af683 # v4.2.2
- uses: actions/checkout@08c6903cd8c0fde910a37f88322edcfb5dd907a8 # v5.0.0
- uses: ./.github/actions/status-check
with:
jobs: ${{ toJSON(needs) }}

2
.github/workflows/label.yml vendored
View File

@ -13,7 +13,7 @@ jobs:
permissions:
issues: write # Required to add labels to Issues
steps:
- uses: actions/checkout@11bd71901bbe5b1630ceea73d27597364c9af683 # v4.2.2
- uses: actions/checkout@08c6903cd8c0fde910a37f88322edcfb5dd907a8 # v5.0.0
with:
sparse-checkout: .github/scripts
- name: Add release labels on merge

90
.github/workflows/operator-ci.yml vendored
View File

@ -10,8 +10,8 @@ on:
env:
MAVEN_ARGS: "-B -nsu -Daether.connector.http.connectionMaxTtl=25"
MINIKUBE_VERSION: v1.32.0
KUBERNETES_VERSION: v1.27.10 # OCP 4.14
MINIKUBE_VERSION: v1.37.0
KUBERNETES_VERSION: v1.32.9 # OCP 4.19
MINIKUBE_MEMORY: 4096 # Without explicitly setting memory, minikube uses ~25% of available memory which might be too little on smaller GitHub runners for running the tests
defaults:
@ -37,7 +37,7 @@ jobs:
contents: read
pull-requests: read
steps:
- uses: actions/checkout@11bd71901bbe5b1630ceea73d27597364c9af683 # v4.2.2
- uses: actions/checkout@08c6903cd8c0fde910a37f88322edcfb5dd907a8 # v5.0.0
- id: conditional
uses: ./.github/actions/conditional
@ -50,7 +50,7 @@ jobs:
runs-on: ubuntu-latest
needs: conditional
steps:
- uses: actions/checkout@11bd71901bbe5b1630ceea73d27597364c9af683 # v4.2.2
- uses: actions/checkout@08c6903cd8c0fde910a37f88322edcfb5dd907a8 # v5.0.0
- name: Build Keycloak
uses: ./.github/actions/build-keycloak
@ -63,7 +63,7 @@ jobs:
runs-on: ubuntu-latest
needs: [build]
steps:
- uses: actions/checkout@11bd71901bbe5b1630ceea73d27597364c9af683 # v4.2.2
- uses: actions/checkout@08c6903cd8c0fde910a37f88322edcfb5dd907a8 # v5.0.0
- name: Setup Java
uses: ./.github/actions/java-setup
@ -80,7 +80,7 @@ jobs:
matrix:
suite: [slow, fast]
steps:
- uses: actions/checkout@11bd71901bbe5b1630ceea73d27597364c9af683 # v4.2.2
- uses: actions/checkout@08c6903cd8c0fde910a37f88322edcfb5dd907a8 # v5.0.0
- name: Set version
id: vars
@ -96,11 +96,11 @@ jobs:
kubernetes version: ${{ env.KUBERNETES_VERSION }}
github token: ${{ secrets.GITHUB_TOKEN }}
driver: docker
start args: --addons=ingress --memory=${{ env.MINIKUBE_MEMORY }} --cni cilium --cpus=max
start args: --addons=ingress --memory=${{ env.MINIKUBE_MEMORY }} --cni calico --cpus=max
- name: Download keycloak distribution
id: download-keycloak-dist
uses: actions/download-artifact@d3f86a106a0bac45b974a628896c90dbdf5c8093 # v4.3.0
uses: actions/download-artifact@018cc2cf5baa6db3ef3c5f8a56943fffe632ef53 # v6.0.0
with:
name: keycloak-dist
path: quarkus/container
@ -131,7 +131,7 @@ jobs:
runs-on: ubuntu-latest
needs: [build]
steps:
- uses: actions/checkout@11bd71901bbe5b1630ceea73d27597364c9af683 # v4.2.2
- uses: actions/checkout@08c6903cd8c0fde910a37f88322edcfb5dd907a8 # v5.0.0
- name: Setup Java
uses: ./.github/actions/java-setup
@ -151,6 +151,11 @@ jobs:
source: github
opm: 1.21.0
- name: Install OC
uses: redhat-actions/openshift-tools-installer@144527c7d98999f2652264c048c7a9bd103f8a82 # v1.13.1
with:
oc: 4
- name: Install Yq
run: sudo snap install yq
@ -160,7 +165,7 @@ jobs:
- name: Download keycloak distribution
id: download-keycloak-dist
uses: actions/download-artifact@d3f86a106a0bac45b974a628896c90dbdf5c8093 # v4.3.0
uses: actions/download-artifact@018cc2cf5baa6db3ef3c5f8a56943fffe632ef53 # v6.0.0
with:
name: keycloak-dist
path: quarkus/container
@ -173,25 +178,15 @@ jobs:
REGISTRY=$(minikube ip):5000 ./scripts/olm-testing.sh ${GITHUB_SHA::6}
- name: Deploy an example Keycloak and wait for it to be ready
working-directory: operator
working-directory: operator/scripts
run: |
kubectl apply -f src/test/resources/example-postgres.yaml
./scripts/check-crds-installed.sh
kubectl apply -f src/test/resources/example-db-secret.yaml
kubectl apply -f src/test/resources/example-tls-secret.yaml
kubectl apply -f src/test/resources/example-keycloak.yaml
kubectl apply -f src/test/resources/example-realm.yaml
# Wait for the CRs to be ready
./scripts/check-examples-installed.sh
./check-crd-installed.sh keycloaks
./check-crd-installed.sh keycloakrealmimports
./deploy-examples.sh
- name: Single namespace cleanup
working-directory: operator
run: |
kubectl delete -f src/test/resources/example-postgres.yaml
kubectl delete -f src/test/resources/example-db-secret.yaml
kubectl delete -f src/test/resources/example-tls-secret.yaml
kubectl delete -f src/test/resources/example-keycloak.yaml
kubectl delete -f src/test/resources/example-realm.yaml
working-directory: operator/scripts
run: ./undeploy-examples.sh
- name: Arrange OLM test installation for all namespaces
working-directory: operator
@ -200,16 +195,41 @@ jobs:
kubectl patch operatorgroup og --type json --patch '[{"op":"remove","path":"/spec/targetNamespaces"}]'
- name: Deploy an example Keycloak in a different namespace and wait for it to be ready
working-directory: operator
working-directory: operator/scripts
run: |
kubectl create ns keycloak
kubectl apply -f src/test/resources/example-postgres.yaml -n keycloak
kubectl apply -f src/test/resources/example-db-secret.yaml -n keycloak
kubectl apply -f src/test/resources/example-tls-secret.yaml -n keycloak
kubectl apply -f src/test/resources/example-keycloak.yaml -n keycloak
kubectl apply -f src/test/resources/example-realm.yaml -n keycloak
# Wait for the CRs to be ready
./scripts/check-examples-installed.sh keycloak
./deploy-examples.sh keycloak
./undeploy-examples.sh keycloak
- name: Install ServiceMonitor CRD
working-directory: operator
run: |
kubectl apply -f src/test/resources/service-monitor-crds.yml
./scripts/check-crd-installed.sh servicemonitors
kubectl delete pod -l name=keycloak-operator
- name: Deploy an example Keycloak with ServiceMonitor
working-directory: operator/scripts
run: |
./deploy-examples.sh keycloak
kubectl -n keycloak wait servicemonitor/example-kc --for=jsonpath='{.metadata.name}' --timeout=60s
- name: Debug Custom Resources
if: failure()
run: |
kubectl get keycloaks -A -o yaml
kubectl get keycloakrealmimports -A -o yaml
- name: Gather inspect report
if: failure()
run: oc adm inspect ns
- name: Upload inspect report
if: failure()
uses: actions/upload-artifact@330a01c490aca151604b8cf639adc76d48f6c5d4 # v5.0.0
with:
name: oc-inspect
path: inspect.*
check:
name: Status Check - Keycloak Operator CI
@ -222,7 +242,7 @@ jobs:
- test-olm
runs-on: ubuntu-latest
steps:
- uses: actions/checkout@11bd71901bbe5b1630ceea73d27597364c9af683 # v4.2.2
- uses: actions/checkout@08c6903cd8c0fde910a37f88322edcfb5dd907a8 # v5.0.0
- uses: ./.github/actions/status-check
with:
jobs: ${{ toJSON(needs) }}

2
.github/workflows/quarkus-next.yml vendored
View File

@ -25,7 +25,7 @@ jobs:
permissions:
contents: write # Required to push changes to the repository
steps:
- uses: actions/checkout@11bd71901bbe5b1630ceea73d27597364c9af683 # v4.2.2
- uses: actions/checkout@08c6903cd8c0fde910a37f88322edcfb5dd907a8 # v5.0.0
with:
ref: main
fetch-depth: 0

4
.github/workflows/schedule-nightly.yml vendored
View File

@ -2,7 +2,7 @@ name: Scheduled nightly workflows
on:
schedule:
- cron: '0 0 * * *'
- cron: '0 4 * * *'
workflow_dispatch:
permissions:
@ -19,7 +19,7 @@ jobs:
steps:
- id: latest-release
run: |
branch="release/$(gh api repos/keycloak/keycloak/branches | jq -r '.[].name' | sort -r | awk -F'/' '/[0-9.]+$/ {print $NF; exit}')"
branch="$(gh api --paginate repos/keycloak/keycloak/branches -q '.[].name' | grep '^release/' | sort -r -V | head -n 1)"
echo "branch=$branch"
echo "branch=$branch" >> "$GITHUB_OUTPUT"
env:

8
.github/workflows/snyk-analysis.yml vendored
View File

@ -21,12 +21,12 @@ jobs:
permissions:
security-events: write # Required for SARIF uploads
steps:
- uses: actions/checkout@11bd71901bbe5b1630ceea73d27597364c9af683 # v4.2.2
- uses: actions/checkout@08c6903cd8c0fde910a37f88322edcfb5dd907a8 # v5.0.0
- name: Build Keycloak
uses: ./.github/actions/build-keycloak
- uses: snyk/actions/setup@cdb760004ba9ea4d525f2e043745dfe85bb9077e # master
- uses: snyk/actions/setup@9adf32b1121593767fc3c057af55b55db032dc04 # master
- name: Check for vulnerabilities in Quarkus
run: snyk test --policy-path=${GITHUB_WORKSPACE}/.github/snyk/.snyk --all-projects --prune-repeated-subdependencies --exclude=tests --sarif-file-output=quarkus-report.sarif quarkus/deployment
@ -35,7 +35,7 @@ jobs:
SNYK_TOKEN: ${{ secrets.SNYK_TOKEN }}
- name: Upload Quarkus scanner results to GitHub
uses: github/codeql-action/upload-sarif@ce28f5bb42b7a9f2c824e633a3f6ee835bab6858 # v3.29.0
uses: github/codeql-action/upload-sarif@5d4e8d1aca955e8d8589aabd499c5cae939e33c7 # v4.31.9
continue-on-error: true
with:
sarif_file: quarkus-report.sarif
@ -50,7 +50,7 @@ jobs:
SNYK_TOKEN: ${{ secrets.SNYK_TOKEN }}
- name: Upload Operator scanner results to GitHub
uses: github/codeql-action/upload-sarif@ce28f5bb42b7a9f2c824e633a3f6ee835bab6858 # v3.29.0
uses: github/codeql-action/upload-sarif@5d4e8d1aca955e8d8589aabd499c5cae939e33c7 # v4.31.9
with:
sarif_file: operator-report.sarif
category: snyk-operator-report

62
.github/workflows/stability-base-reruns.yml vendored Normal file
View File

@ -0,0 +1,62 @@
name: Stability - Base Reruns
on:
workflow_dispatch:
inputs:
tests:
type: string
description: Tests to run
required: true
count:
type: number
description: Number of re-runs
default: 50
env:
MAVEN_ARGS: "-B -nsu -Daether.connector.http.connectionMaxTtl=25"
defaults:
run:
shell: bash
permissions:
contents: read
jobs:
build:
name: Build
runs-on: ubuntu-latest
steps:
- uses: actions/checkout@08c6903cd8c0fde910a37f88322edcfb5dd907a8 # v5.0.0
- name: Build Keycloak
uses: ./.github/actions/build-keycloak
base-integration-tests:
name: Base IT
needs: build
runs-on: ubuntu-latest
timeout-minutes: 360
steps:
- uses: actions/checkout@08c6903cd8c0fde910a37f88322edcfb5dd907a8 # v5.0.0
- id: integration-test-setup
name: Integration test setup
uses: ./.github/actions/integration-test-setup
- name: Run base tests
run: |
TESTS="${{ inputs.tests }}"
COUNT=${{ inputs.count }}
echo "Tests: $TESTS, count: $COUNT"
FAILURES=0
for i in $(seq 1 $COUNT); do
echo "========================================================================="
echo Run: $i
echo "========================================================================="
./mvnw test ${{ env.SUREFIRE_RETRY }} -Pauth-server-quarkus -Dtest=$TESTS -pl testsuite/integration-arquillian/tests/base 2>&1 | misc/log/trimmer.sh || FAILURES=$(($FAILURES + 1))
FAILURES=$(($FAILURES + $?))
done
echo "Failures: $FAILURES"
exit $FAILURES

61
.github/workflows/stability-base.yml vendored Normal file
View File

@ -0,0 +1,61 @@
name: Stability - Base
on:
workflow_dispatch:
env:
MAVEN_ARGS: "-B -nsu -Daether.connector.http.connectionMaxTtl=25"
defaults:
run:
shell: bash
permissions:
contents: read
jobs:
build:
name: Build
runs-on: ubuntu-latest
steps:
- uses: actions/checkout@08c6903cd8c0fde910a37f88322edcfb5dd907a8 # v5.0.0
- name: Build Keycloak
uses: ./.github/actions/build-keycloak
base-integration-tests:
name: Base IT
needs: build
runs-on: ubuntu-latest
timeout-minutes: 100
strategy:
matrix:
group: [ 1, 2, 3, 4, 5, 6 ]
fail-fast: false
steps:
- uses: actions/checkout@08c6903cd8c0fde910a37f88322edcfb5dd907a8 # v5.0.0
- id: integration-test-setup
name: Integration test setup
uses: ./.github/actions/integration-test-setup
- name: Run base tests
run: |
TESTS=`testsuite/integration-arquillian/tests/base/testsuites/base-suite.sh ${{ matrix.group }}`
echo "Tests: $TESTS"
./mvnw test ${{ env.SUREFIRE_RETRY }} -Pauth-server-quarkus -Dtest=$TESTS -pl testsuite/integration-arquillian/tests/base 2>&1 | misc/log/trimmer.sh
delete-artifacts:
name: Delete artifacts
needs: base-integration-tests
runs-on: ubuntu-latest
if: always()
env:
GH_TOKEN: ${{ github.token }}
permissions:
actions: write
steps:
- name: Delete artifacts
run:
gh api /repos/${{ github.repository }}/actions/runs/${{ github.run_id }}/artifacts | jq .artifacts[].id | xargs -I {} gh api -X DELETE /repos/${{ github.repository }}/actions/artifacts/{}

57
.github/workflows/stability-clustering.yml vendored Normal file
View File

@ -0,0 +1,57 @@
name: Stability - Clustering
on:
workflow_dispatch:
env:
MAVEN_ARGS: "-B -nsu -Daether.connector.http.connectionMaxTtl=25"
defaults:
run:
shell: bash
permissions:
contents: read
jobs:
build:
name: Build
runs-on: ubuntu-latest
steps:
- uses: actions/checkout@08c6903cd8c0fde910a37f88322edcfb5dd907a8 # v5.0.0
- name: Build Keycloak
uses: ./.github/actions/build-keycloak
clustering-integration-tests:
name: Clustering IT
needs: build
runs-on: ubuntu-latest
timeout-minutes: 35
env:
MAVEN_OPTS: -Xmx1024m
steps:
- uses: actions/checkout@08c6903cd8c0fde910a37f88322edcfb5dd907a8 # v5.0.0
- id: integration-test-setup
name: Integration test setup
uses: ./.github/actions/integration-test-setup
- name: Run cluster tests
run: |
./mvnw test ${{ env.SUREFIRE_RETRY }} -Pauth-server-cluster-quarkus,db-postgres "-Dwebdriver.chrome.driver=$CHROMEWEBDRIVER/chromedriver" -Dsession.cache.owners=2 -Dtest=**.cluster.** -pl testsuite/integration-arquillian/tests/base 2>&1 | misc/log/trimmer.sh
delete-artifacts:
name: Delete artifacts
needs: clustering-integration-tests
runs-on: ubuntu-latest
if: always()
env:
GH_TOKEN: ${{ github.token }}
permissions:
actions: write
steps:
- name: Delete artifacts
run:
gh api /repos/${{ github.repository }}/actions/runs/${{ github.run_id }}/artifacts | jq .artifacts[].id | xargs -I {} gh api -X DELETE /repos/${{ github.repository }}/actions/artifacts/{}

172
.github/workflows/stability-js-ci.yml vendored Normal file
View File

@ -0,0 +1,172 @@
name: Stability - Keycloak JavaScript CI
on:
workflow_dispatch:
env:
MAVEN_ARGS: "-B -nsu -Daether.connector.http.connectionMaxTtl=25"
defaults:
run:
shell: bash
permissions:
contents: read
jobs:
build-keycloak:
name: Build Keycloak
runs-on: ubuntu-latest
steps:
- uses: actions/checkout@08c6903cd8c0fde910a37f88322edcfb5dd907a8 # v5.0.0
- name: Build Keycloak
uses: ./.github/actions/build-keycloak
- name: Prepare archive for upload
run: |
mv ./quarkus/dist/target/keycloak-999.0.0-SNAPSHOT.tar.gz ./keycloak-999.0.0-SNAPSHOT.tar.gz
- name: Upload Keycloak dist
uses: actions/upload-artifact@330a01c490aca151604b8cf639adc76d48f6c5d4 # v5.0.0
with:
name: keycloak
path: keycloak-999.0.0-SNAPSHOT.tar.gz
account-ui-e2e:
name: Account UI E2E
needs:
- build-keycloak
runs-on: ubuntu-latest
env:
WORKSPACE: "@keycloak/keycloak-account-ui"
strategy:
matrix:
browser: [chromium, firefox]
exclude:
# Only test with Firefox on scheduled runs
- browser: ${{ github.event_name != 'workflow_dispatch' && 'firefox' || '' }}
fail-fast: false
steps:
- uses: actions/checkout@08c6903cd8c0fde910a37f88322edcfb5dd907a8 # v5.0.0
- uses: ./.github/actions/pnpm-setup
- name: Download Keycloak server
uses: actions/download-artifact@018cc2cf5baa6db3ef3c5f8a56943fffe632ef53 # v6.0.0
with:
name: keycloak
- name: Setup Java
uses: ./.github/actions/java-setup
- name: Start Keycloak server
run: |
tar xfvz keycloak-999.0.0-SNAPSHOT.tar.gz
keycloak-999.0.0-SNAPSHOT/bin/kc.sh start-dev --features=transient-users,oid4vc-vci &> ~/server.log &
env:
KC_BOOTSTRAP_ADMIN_USERNAME: admin
KC_BOOTSTRAP_ADMIN_PASSWORD: admin
- name: Install Playwright browsers
run: pnpm --fail-if-no-match --filter ${{ env.WORKSPACE }} exec playwright install --with-deps
working-directory: js
- name: Run Playwright tests
run: pnpm --fail-if-no-match --filter ${{ env.WORKSPACE }} test -- --project=${{ matrix.browser }}
working-directory: js
- name: Upload Playwright report
uses: actions/upload-artifact@330a01c490aca151604b8cf639adc76d48f6c5d4 # v5.0.0
if: failure()
with:
name: account-ui-playwright-report-${{ matrix.browser }}
path: js/apps/account-ui/playwright-report
retention-days: 7
- name: Upload server logs
if: failure()
uses: actions/upload-artifact@330a01c490aca151604b8cf639adc76d48f6c5d4 # v5.0.0
with:
name: account-ui-server-log-${{ matrix.browser }}
path: ~/server.log
retention-days: 7
admin-ui-e2e:
name: Admin UI E2E
needs:
- build-keycloak
runs-on: ubuntu-latest
env:
WORKSPACE: "@keycloak/keycloak-admin-ui"
strategy:
matrix:
browser: [chromium, firefox]
exclude:
# Only test with Firefox on scheduled runs
- browser: ${{ github.event_name != 'workflow_dispatch' && 'firefox' || '' }}
fail-fast: false
steps:
- uses: actions/checkout@08c6903cd8c0fde910a37f88322edcfb5dd907a8 # v5.0.0
- uses: ./.github/actions/pnpm-setup
- name: Download Keycloak server
uses: actions/download-artifact@018cc2cf5baa6db3ef3c5f8a56943fffe632ef53 # v6.0.0
with:
name: keycloak
- name: Setup Java
uses: ./.github/actions/java-setup
- name: Start Keycloak server
run: |
tar xfvz keycloak-999.0.0-SNAPSHOT.tar.gz
keycloak-999.0.0-SNAPSHOT/bin/kc.sh start-dev --features=admin-fine-grained-authz:v2,transient-users,spiffe,oid4vc-vci &> ~/server.log &
env:
KC_BOOTSTRAP_ADMIN_USERNAME: admin
KC_BOOTSTRAP_ADMIN_PASSWORD: admin
KC_BOOTSTRAP_ADMIN_CLIENT_ID: temporary-admin-service
KC_BOOTSTRAP_ADMIN_CLIENT_SECRET: temporary-admin-service
- name: Install Playwright browsers
run: pnpm --fail-if-no-match --filter ${{ env.WORKSPACE }} exec playwright install --with-deps
working-directory: js
- name: Run Playwright tests
run: pnpm --fail-if-no-match --filter ${{ env.WORKSPACE }} test:integration -- --project=${{ matrix.browser }}
working-directory: js
- name: Upload Playwright report
uses: actions/upload-artifact@330a01c490aca151604b8cf639adc76d48f6c5d4 # v5.0.0
if: failure()
with:
name: admin-ui-playwright-report-${{ matrix.browser }}
path: js/apps/admin-ui/playwright-report
retention-days: 7
- name: Upload server logs
if: failure()
uses: actions/upload-artifact@330a01c490aca151604b8cf639adc76d48f6c5d4 # v5.0.0
with:
name: admin-ui-server-log-${{ matrix.browser }}
path: ~/server.log
retention-days: 7
delete-artifacts:
name: Delete artifacts
needs:
- account-ui-e2e
- admin-ui-e2e
runs-on: ubuntu-latest
if: always()
env:
GH_TOKEN: ${{ github.token }}
permissions:
actions: write
steps:
- name: Delete artifacts (excluding Playwright reports and server logs)
run: |
gh api /repos/${{ github.repository }}/actions/runs/${{ github.run_id }}/artifacts \
| jq '.artifacts[] | select(.name | test("playwright-report|server-log") | not) | .id' \
| xargs -I {} gh api -X DELETE /repos/${{ github.repository }}/actions/artifacts/{}

6
.github/workflows/trivy-analysis.yml vendored
View File

@ -24,10 +24,10 @@ jobs:
security-events: write # Required for SARIF uploads
steps:
- name: Checkout code
uses: actions/checkout@11bd71901bbe5b1630ceea73d27597364c9af683 # v4.2.2
uses: actions/checkout@08c6903cd8c0fde910a37f88322edcfb5dd907a8 # v5.0.0
- name: Run Trivy vulnerability scanner
uses: aquasecurity/trivy-action@76071ef0d7ec797419534a183b498b4d6366cf37 # 0.31.0
uses: aquasecurity/trivy-action@b6643a29fecd7f34b3597bc6acb0a98b03d33ff8 # 0.33.1
with:
image-ref: quay.io/keycloak/${{ matrix.container }}:nightly
format: sarif
@ -41,7 +41,7 @@ jobs:
TRIVY_JAVA_DB_REPOSITORY: public.ecr.aws/aquasecurity/trivy-java-db
- name: Upload Trivy scan results to GitHub Security tab
uses: github/codeql-action/upload-sarif@ce28f5bb42b7a9f2c824e633a3f6ee835bab6858 # v3.29.0
uses: github/codeql-action/upload-sarif@5d4e8d1aca955e8d8589aabd499c5cae939e33c7 # v4.31.9
with:
sarif_file: trivy-results.sarif
category: ${{ matrix.container }}

1
.github/workflows/weblate.yml vendored
View File

@ -35,4 +35,5 @@ jobs:
- run: |
if [ '${{ secrets.WEBLATE_TOKEN }}' != '' ]; then
curl --fail-with-body -d operation=pull -H "Authorization: Token ${{ secrets.WEBLATE_TOKEN }}" https://hosted.weblate.org/api/projects/keycloak/repository/
curl --fail-with-body -d operation=push -H "Authorization: Token ${{ secrets.WEBLATE_TOKEN }}" https://hosted.weblate.org/api/projects/keycloak/repository/
fi

5
.gitignore vendored
View File

@ -5,6 +5,7 @@
# Intellij
###################
.idea
.run
*.iml
!.idea/icon.png
@ -97,3 +98,7 @@ quarkus/data/*.db
.env
.env.test
# Keycloak state dir as suggested in the docs
# -Dkc.home.dir=.kc
.kc

1
ADOPTERS.md
View File

@ -63,4 +63,5 @@ List of organization names below is based on information collected using Keycloa
* TRT9 - Brasil
* UnitedHealthcare
* Wayfair LLC
* [Xata](https://xata.io)
* ...More individuals

27
CONTRIBUTING.md
View File

@ -110,6 +110,33 @@ git commit --signoff --message "This is the commit message"
This option adds a `Signed-off-by` trailer at the end of the commit log message.
### Spotless
Spotless is used to check and apply code formatting. To check your code locally before sending a PR run:
```
./mvnw spotless:check
```
You can either use your IDE to fix these issues; or Spotless can fix them for you by running:
```
./mvnw spotless:apply
```
A good practice is to create a commit with your changes prior to running `spotless:apply` then you can see and
review what changes Spotless has applied, for example by using a diff tool. Finally, if you are happy with the changes
Spotless has applied you can amend the changes to your commit by running:
```
git add -a
git commit --amend
```
Note: If you get the error `Could not find goal 'verify' in plugin com.diffplug.spotless:spotless-maven-plugin` you are
probably running `mvn spotless:check` instead of `./mvnw spotless:check`. This is most likely a bug in Maven or the
Spotless plugin.
### Commit messages and issue linking
The format for a commit message should look like:

5
MAINTAINERS.md
View File

@ -1,12 +1,11 @@
# Active maintainers
* [Alexander Schwartz](https://github.com/ahus1)
* [Bruno Oliveira da Silva](https://github.com/abstractj)
* [Marek Posolda](https://github.com/mposolda)
* [Michal Hajas](https://github.com/mhajas)
* [Pedro Igor](https://github.com/pedroigor)
* [Sebastian Schuster](https://github.com/sschu)
* [Stan Silvert](https://github.com/ssilvert)
* [Steven Hawkins](https://github.com/shawkins)
* [Stian Thorgersen](https://github.com/stianst) (project lead)
* [Takashi Norimatsu](https://github.com/tnorimat)
* [Thomas Darimont](https://github.com/thomasdarimont)
@ -14,6 +13,8 @@
# Emeritus maintainers
* [Bruno Oliveira da Silva](https://github.com/abstractj)
* [Hynek Mlnařík](https://github.com/hmlnarik)
* [Michal Hajas](https://github.com/mhajas)
* [Pavel Drozd](https://github.com/pdrozd)

2
adapters/pom.xml
View File

@ -24,7 +24,7 @@
<relativePath>../pom.xml</relativePath>
</parent>
<name>Keycloak Adapters</name>
<description/>
<description>Keycloak Adapters Parent</description>
<modelVersion>4.0.0</modelVersion>
<artifactId>keycloak-adapters-pom</artifactId>

2
adapters/saml/core-public/pom.xml
View File

@ -28,7 +28,7 @@
<artifactId>keycloak-saml-adapter-api-public</artifactId>
<name>Keycloak SAML Client Adapter Public API</name>
<description/>
<description>Keycloak SAML Client Adapter Public API</description>
<properties>

3
adapters/saml/core-public/src/main/java/org/keycloak/adapters/saml/SamlAuthenticationError.java
View File

@ -17,11 +17,12 @@
package org.keycloak.adapters.saml;
import java.util.Objects;
import org.keycloak.adapters.spi.AuthenticationError;
import org.keycloak.dom.saml.v2.protocol.StatusCodeType;
import org.keycloak.dom.saml.v2.protocol.StatusResponseType;
import org.keycloak.saml.common.constants.JBossSAMLURIConstants;
import java.util.Objects;
/**
* Object that describes the SAML error that happened.

9
adapters/saml/core-public/src/main/java/org/keycloak/adapters/saml/SamlPrincipal.java
View File

@ -17,10 +17,6 @@
package org.keycloak.adapters.saml;
import org.keycloak.common.util.MultivaluedHashMap;
import org.keycloak.dom.saml.v2.assertion.AssertionType;
import org.keycloak.dom.saml.v2.assertion.NameIDType;
import java.io.Serializable;
import java.net.URI;
import java.security.Principal;
@ -28,6 +24,11 @@ import java.util.Collections;
import java.util.List;
import java.util.Map;
import java.util.Set;
import org.keycloak.common.util.MultivaluedHashMap;
import org.keycloak.dom.saml.v2.assertion.AssertionType;
import org.keycloak.dom.saml.v2.assertion.NameIDType;
import org.w3c.dom.Document;
/**

2
adapters/saml/core/pom.xml
View File

@ -28,7 +28,7 @@
<artifactId>keycloak-saml-adapter-core</artifactId>
<name>Keycloak SAML Client Adapter Core</name>
<description/>
<description>Keycloak SAML Client Adapter Core</description>
<properties>
<timestamp>${maven.build.timestamp}</timestamp>

13
adapters/saml/core/src/main/java/org/keycloak/adapters/cloned/HttpAdapterUtils.java
View File

@ -17,19 +17,20 @@
package org.keycloak.adapters.cloned;
import org.apache.http.HttpEntity;
import org.apache.http.HttpResponse;
import java.io.IOException;
import java.io.InputStream;
import javax.xml.crypto.dsig.keyinfo.KeyInfo;
import org.keycloak.adapters.saml.descriptor.parsers.SamlDescriptorIDPKeysExtractor;
import org.keycloak.common.util.MultivaluedHashMap;
import org.keycloak.saml.common.exceptions.ParsingException;
import org.apache.http.HttpEntity;
import org.apache.http.HttpResponse;
import org.apache.http.HttpStatus;
import org.apache.http.client.HttpClient;
import org.apache.http.client.methods.HttpGet;
import org.apache.http.util.EntityUtils;
import org.keycloak.adapters.saml.descriptor.parsers.SamlDescriptorIDPKeysExtractor;
import org.keycloak.common.util.MultivaluedHashMap;
import org.keycloak.saml.common.exceptions.ParsingException;
/**
* @author <a href="mailto:hmlnarik@redhat.com">Hynek Mlnařík</a>

45
adapters/saml/core/src/main/java/org/keycloak/adapters/cloned/HttpClientBuilder.java
View File

@ -17,9 +17,32 @@
package org.keycloak.adapters.cloned;
import java.io.IOException;
import java.net.URI;
import java.security.KeyStore;
import java.security.SecureRandom;
import java.security.cert.CertificateException;
import java.security.cert.X509Certificate;
import java.util.Collections;
import java.util.Date;
import java.util.List;
import java.util.concurrent.TimeUnit;
import javax.net.ssl.HostnameVerifier;
import javax.net.ssl.SSLContext;
import javax.net.ssl.SSLException;
import javax.net.ssl.SSLSession;
import javax.net.ssl.SSLSocket;
import javax.net.ssl.TrustManager;
import javax.net.ssl.X509TrustManager;
import org.keycloak.common.util.EnvUtil;
import org.keycloak.common.util.KeystoreUtil;
import org.apache.http.HttpHost;
import org.apache.http.client.CookieStore;
import org.apache.http.client.HttpClient;
import org.apache.http.client.params.ClientPNames;
import org.apache.http.client.params.CookiePolicy;
import org.apache.http.conn.ClientConnectionManager;
import org.apache.http.conn.params.ConnRoutePNames;
import org.apache.http.conn.scheme.PlainSocketFactory;
@ -36,28 +59,6 @@ import org.apache.http.impl.conn.SingleClientConnManager;
import org.apache.http.impl.conn.tsccm.ThreadSafeClientConnManager;
import org.apache.http.params.BasicHttpParams;
import org.apache.http.params.HttpConnectionParams;
import org.keycloak.common.util.EnvUtil;
import org.keycloak.common.util.KeystoreUtil;
import javax.net.ssl.HostnameVerifier;
import javax.net.ssl.SSLContext;
import javax.net.ssl.SSLException;
import javax.net.ssl.SSLSession;
import javax.net.ssl.SSLSocket;
import javax.net.ssl.TrustManager;
import javax.net.ssl.X509TrustManager;
import java.io.IOException;
import java.net.URI;
import java.security.KeyStore;
import java.security.SecureRandom;
import java.security.cert.CertificateException;
import java.security.cert.X509Certificate;
import java.util.Collections;
import java.util.Date;
import java.util.List;
import java.util.concurrent.TimeUnit;
import org.apache.http.client.params.ClientPNames;
import org.apache.http.client.params.CookiePolicy;
/**
* Abstraction for creating HttpClients. Allows SSL configuration.

21
adapters/saml/core/src/main/java/org/keycloak/adapters/cloned/SniSSLSocketFactory.java
View File

@ -17,16 +17,6 @@
package org.keycloak.adapters.cloned;
import org.apache.http.HttpHost;
import org.apache.http.conn.scheme.HostNameResolver;
import org.apache.http.conn.ssl.SSLSocketFactory;
import org.apache.http.conn.ssl.TrustStrategy;
import org.apache.http.conn.ssl.X509HostnameVerifier;
import org.apache.http.protocol.HttpContext;
import org.keycloak.common.util.Environment;
import javax.net.ssl.SSLContext;
import javax.net.ssl.SSLSocket;
import java.io.IOException;
import java.lang.reflect.InvocationTargetException;
import java.lang.reflect.Method;
@ -44,6 +34,17 @@ import java.security.UnrecoverableKeyException;
import java.util.concurrent.atomic.AtomicBoolean;
import java.util.logging.Level;
import java.util.logging.Logger;
import javax.net.ssl.SSLContext;
import javax.net.ssl.SSLSocket;
import org.keycloak.common.util.Environment;
import org.apache.http.HttpHost;
import org.apache.http.conn.scheme.HostNameResolver;
import org.apache.http.conn.ssl.SSLSocketFactory;
import org.apache.http.conn.ssl.TrustStrategy;
import org.apache.http.conn.ssl.X509HostnameVerifier;
import org.apache.http.protocol.HttpContext;
/**
* SSLSocketFactory that uses Server Name Indication (SNI) TLS extension.

7
adapters/saml/core/src/main/java/org/keycloak/adapters/saml/AbstractInitiateLogin.java
View File

@ -17,8 +17,10 @@
package org.keycloak.adapters.saml;
import java.io.IOException;
import java.security.KeyPair;
import org.keycloak.adapters.saml.SamlDeployment.IDP.SingleSignOnService;
import org.jboss.logging.Logger;
import org.keycloak.adapters.spi.AuthChallenge;
import org.keycloak.adapters.spi.HttpFacade;
import org.keycloak.saml.BaseSAML2BindingBuilder;
@ -28,8 +30,7 @@ import org.keycloak.saml.common.constants.JBossSAMLURIConstants;
import org.keycloak.saml.common.exceptions.ConfigurationException;
import org.keycloak.saml.common.exceptions.ProcessingException;
import java.io.IOException;
import java.security.KeyPair;
import org.jboss.logging.Logger;
/**
* @author <a href="mailto:bill@burkecentral.com">Bill Burke</a>

11
adapters/saml/core/src/main/java/org/keycloak/adapters/saml/DefaultSamlDeployment.java
View File

@ -17,21 +17,22 @@
package org.keycloak.adapters.saml;
import org.keycloak.common.enums.SslRequired;
import org.keycloak.saml.SignatureAlgorithm;
import java.net.URI;
import java.security.KeyPair;
import java.security.PrivateKey;
import java.security.PublicKey;
import java.util.LinkedList;
import java.util.List;
import java.util.Set;
import org.apache.http.client.HttpClient;
import org.keycloak.adapters.saml.rotation.SamlDescriptorPublicKeyLocator;
import org.keycloak.common.enums.SslRequired;
import org.keycloak.rotation.CompositeKeyLocator;
import org.keycloak.rotation.HardcodedKeyLocator;
import org.keycloak.rotation.KeyLocator;
import java.net.URI;
import org.keycloak.saml.SignatureAlgorithm;
import org.apache.http.client.HttpClient;
/**
* @author <a href="mailto:bill@burkecentral.com">Bill Burke</a>

4
adapters/saml/core/src/main/java/org/keycloak/adapters/saml/PropertiesBasedRoleMapper.java
View File

@ -20,14 +20,14 @@ package org.keycloak.adapters.saml;
import java.io.File;
import java.io.FileInputStream;
import java.io.InputStream;
import java.util.Collections;
import java.util.HashSet;
import java.util.Properties;
import java.util.Set;
import org.jboss.logging.Logger;
import org.keycloak.adapters.saml.config.parsers.ResourceLoader;
import org.jboss.logging.Logger;
/**
* A {@link RoleMappingsProvider} implementation that uses a {@code properties} file to determine the mappings that should be applied
* to the SAML principal and roles. It is always identified by the id {@code properties-based-role-mapper} in {@code keycloak-saml.xml}.

3
adapters/saml/core/src/main/java/org/keycloak/adapters/saml/RoleMappingsProviderUtils.java
View File

@ -22,10 +22,11 @@ import java.util.Map;
import java.util.Properties;
import java.util.ServiceLoader;
import org.jboss.logging.Logger;
import org.keycloak.adapters.saml.config.SP;
import org.keycloak.adapters.saml.config.parsers.ResourceLoader;
import org.jboss.logging.Logger;
/**
* Utility class that allows for the instantiation and configuration of role mappings providers.
*

3
adapters/saml/core/src/main/java/org/keycloak/adapters/saml/SamlAuthenticator.java
View File

@ -17,7 +17,6 @@
package org.keycloak.adapters.saml;
import org.jboss.logging.Logger;
import org.keycloak.adapters.saml.profile.SamlAuthenticationHandler;
import org.keycloak.adapters.saml.profile.ecp.EcpAuthenticationHandler;
import org.keycloak.adapters.saml.profile.webbrowsersso.WebBrowserSsoAuthenticationHandler;
@ -25,6 +24,8 @@ import org.keycloak.adapters.spi.AuthChallenge;
import org.keycloak.adapters.spi.AuthOutcome;
import org.keycloak.adapters.spi.HttpFacade;
import org.jboss.logging.Logger;
/**
* @author <a href="mailto:bill@burkecentral.com">Bill Burke</a>
* @version $Revision: 1 $

11
adapters/saml/core/src/main/java/org/keycloak/adapters/saml/SamlDeployment.java
View File

@ -17,15 +17,16 @@
package org.keycloak.adapters.saml;
import org.keycloak.common.enums.SslRequired;
import org.keycloak.saml.SignatureAlgorithm;
import java.net.URI;
import java.security.KeyPair;
import java.security.PrivateKey;
import java.util.Set;
import org.apache.http.client.HttpClient;
import org.keycloak.common.enums.SslRequired;
import org.keycloak.rotation.KeyLocator;
import java.net.URI;
import org.keycloak.saml.SignatureAlgorithm;
import org.apache.http.client.HttpClient;
/**
* Represents SAML deployment configuration.

6
adapters/saml/core/src/main/java/org/keycloak/adapters/saml/SamlSession.java
View File

@ -17,11 +17,11 @@
package org.keycloak.adapters.saml;
import org.keycloak.adapters.spi.KeycloakAccount;
import javax.xml.datatype.XMLGregorianCalendar;
import java.io.Serializable;
import java.util.Set;
import javax.xml.datatype.XMLGregorianCalendar;
import org.keycloak.adapters.spi.KeycloakAccount;
/**
* @author <a href="mailto:bill@burkecentral.com">Bill Burke</a>

4
adapters/saml/core/src/main/java/org/keycloak/adapters/saml/SamlSessionStore.java
View File

@ -17,10 +17,10 @@
package org.keycloak.adapters.saml;
import org.keycloak.adapters.spi.AdapterSessionStore;
import java.util.List;
import org.keycloak.adapters.spi.AdapterSessionStore;
/**
* @author <a href="mailto:bill@burkecentral.com">Bill Burke</a>
* @version $Revision: 1 $

11
adapters/saml/core/src/main/java/org/keycloak/adapters/saml/SamlUtil.java
View File

@ -17,18 +17,19 @@
package org.keycloak.adapters.saml;
import org.jboss.logging.Logger;
import java.io.IOException;
import javax.xml.datatype.DatatypeConstants;
import javax.xml.datatype.XMLGregorianCalendar;
import org.keycloak.adapters.spi.HttpFacade;
import org.keycloak.saml.BaseSAML2BindingBuilder;
import org.keycloak.saml.common.constants.GeneralConstants;
import org.keycloak.saml.common.exceptions.ConfigurationException;
import org.keycloak.saml.common.exceptions.ProcessingException;
import org.keycloak.saml.processing.core.saml.v2.util.XMLTimeUtil;
import org.w3c.dom.Document;
import javax.xml.datatype.DatatypeConstants;
import javax.xml.datatype.XMLGregorianCalendar;
import java.io.IOException;
import org.jboss.logging.Logger;
import org.w3c.dom.Document;
/**
* @author <a href="mailto:bill@burkecentral.com">Bill Burke</a>

14
adapters/saml/core/src/main/java/org/keycloak/adapters/saml/config/PemUtils.java
View File

@ -20,7 +20,6 @@
package org.keycloak.adapters.saml.config;
import java.io.ByteArrayInputStream;
import java.io.IOException;
import java.io.InputStream;
import java.security.KeyFactory;
import java.security.NoSuchAlgorithmException;
@ -34,12 +33,13 @@ import java.security.cert.X509Certificate;
import java.security.spec.InvalidKeySpecException;
import java.security.spec.PKCS8EncodedKeySpec;
import java.security.spec.X509EncodedKeySpec;
import java.util.Base64;
import org.keycloak.common.crypto.CryptoConstants;
import org.keycloak.common.util.PemException;
import org.bouncycastle.jce.provider.BouncyCastleProvider;
import org.jboss.logging.Logger;
import org.keycloak.common.crypto.CryptoConstants;
import org.keycloak.common.util.Base64;
import org.keycloak.common.util.PemException;
/**
* Fork of the PemUtils from common module to avoid dependency on keycloak-crypto-default
@ -125,9 +125,9 @@ public class PemUtils {
private static byte[] pemToDer(String pem) {
try {
pem = removeBeginEnd(pem);
return Base64.decode(pem);
} catch (IOException ioe) {
throw new PemException(ioe);
return Base64.getMimeDecoder().decode(pem);
} catch (IllegalArgumentException e) {
throw new PemException(e);
}
}

8
adapters/saml/core/src/main/java/org/keycloak/adapters/saml/config/parsers/AbstractKeycloakSamlAdapterV1Parser.java
View File

@ -17,16 +17,16 @@
package org.keycloak.adapters.saml.config.parsers;
import org.keycloak.saml.common.parsers.AbstractStaxParser;
import org.keycloak.saml.common.util.StaxParserUtil;
import org.keycloak.saml.processing.core.parsers.util.QNameEnumLookup;
import java.util.Collections;
import java.util.Set;
import javax.xml.XMLConstants;
import javax.xml.namespace.QName;
import javax.xml.stream.events.StartElement;
import org.keycloak.saml.common.parsers.AbstractStaxParser;
import org.keycloak.saml.common.util.StaxParserUtil;
import org.keycloak.saml.processing.core.parsers.util.QNameEnumLookup;
/**
*
*/

37
adapters/saml/core/src/main/java/org/keycloak/adapters/saml/config/parsers/DeploymentBuilder.java
View File

@ -17,7 +17,24 @@
package org.keycloak.adapters.saml.config.parsers;
import org.jboss.logging.Logger;
import java.io.File;
import java.io.FileInputStream;
import java.io.FileNotFoundException;
import java.io.InputStream;
import java.net.URI;
import java.security.KeyPair;
import java.security.KeyStore;
import java.security.KeyStoreException;
import java.security.PrivateKey;
import java.security.PublicKey;
import java.security.cert.Certificate;
import java.security.cert.CertificateException;
import java.security.cert.X509Certificate;
import java.util.HashSet;
import java.util.Set;
import java.util.concurrent.TimeUnit;
import org.keycloak.adapters.cloned.HttpClientBuilder;
import org.keycloak.adapters.saml.DefaultSamlDeployment;
import org.keycloak.adapters.saml.RoleMappingsProviderUtils;
import org.keycloak.adapters.saml.SamlDeployment;
@ -30,23 +47,7 @@ import org.keycloak.common.enums.SslRequired;
import org.keycloak.saml.SignatureAlgorithm;
import org.keycloak.saml.common.exceptions.ParsingException;
import java.io.File;
import java.io.FileInputStream;
import java.io.FileNotFoundException;
import java.io.InputStream;
import java.security.KeyPair;
import java.security.KeyStore;
import java.security.KeyStoreException;
import java.security.PrivateKey;
import java.security.PublicKey;
import java.security.cert.Certificate;
import java.util.HashSet;
import java.util.Set;
import org.keycloak.adapters.cloned.HttpClientBuilder;
import java.net.URI;
import java.security.cert.CertificateException;
import java.security.cert.X509Certificate;
import java.util.concurrent.TimeUnit;
import org.jboss.logging.Logger;
/**
* @author <a href="mailto:bill@burkecentral.com">Bill Burke</a>

6
adapters/saml/core/src/main/java/org/keycloak/adapters/saml/config/parsers/HttpClientParser.java
View File

@ -17,13 +17,13 @@
package org.keycloak.adapters.saml.config.parsers;
import javax.xml.stream.XMLEventReader;
import javax.xml.stream.events.StartElement;
import org.keycloak.adapters.saml.config.IDP.HttpClientConfig;
import org.keycloak.saml.common.exceptions.ParsingException;
import org.keycloak.saml.common.util.StaxParserUtil;
import javax.xml.stream.XMLEventReader;
import javax.xml.stream.events.StartElement;
/**
* @author <a href="mailto:bill@burkecentral.com">Bill Burke</a>
* @version $Revision: 1 $

8
adapters/saml/core/src/main/java/org/keycloak/adapters/saml/config/parsers/IdpParser.java
View File

@ -17,14 +17,14 @@
package org.keycloak.adapters.saml.config.parsers;
import java.util.concurrent.TimeUnit;
import javax.xml.stream.XMLEventReader;
import javax.xml.stream.events.StartElement;
import org.keycloak.adapters.saml.config.IDP;
import org.keycloak.saml.common.exceptions.ParsingException;
import org.keycloak.saml.common.util.StaxParserUtil;
import javax.xml.stream.XMLEventReader;
import javax.xml.stream.events.StartElement;
import java.util.concurrent.TimeUnit;
/**
* @author <a href="mailto:bill@burkecentral.com">Bill Burke</a>
* @version $Revision: 1 $

6
adapters/saml/core/src/main/java/org/keycloak/adapters/saml/config/parsers/KeyParser.java
View File

@ -17,15 +17,15 @@
package org.keycloak.adapters.saml.config.parsers;
import javax.xml.stream.XMLEventReader;
import javax.xml.stream.events.StartElement;
import org.keycloak.adapters.saml.config.Key;
import org.keycloak.common.util.StringPropertyReplacer;
import org.keycloak.common.util.SystemEnvProperties;
import org.keycloak.saml.common.exceptions.ParsingException;
import org.keycloak.saml.common.util.StaxParserUtil;
import javax.xml.stream.XMLEventReader;
import javax.xml.stream.events.StartElement;
/**
* @author <a href="mailto:bill@burkecentral.com">Bill Burke</a>
* @version $Revision: 1 $

6
adapters/saml/core/src/main/java/org/keycloak/adapters/saml/config/parsers/KeyStoreParser.java
View File

@ -17,14 +17,14 @@
package org.keycloak.adapters.saml.config.parsers;
import javax.xml.stream.XMLEventReader;
import javax.xml.stream.events.StartElement;
import org.keycloak.adapters.saml.config.Key;
import org.keycloak.adapters.saml.config.Key.KeyStoreConfig;
import org.keycloak.saml.common.exceptions.ParsingException;
import org.keycloak.saml.common.util.StaxParserUtil;
import javax.xml.stream.XMLEventReader;
import javax.xml.stream.events.StartElement;
/**
* @author <a href="mailto:bill@burkecentral.com">Bill Burke</a>
* @version $Revision: 1 $

11
adapters/saml/core/src/main/java/org/keycloak/adapters/saml/config/parsers/KeycloakSamlAdapterParser.java
View File

@ -16,11 +16,6 @@
*/
package org.keycloak.adapters.saml.config.parsers;
import org.keycloak.saml.common.ErrorCodes;
import org.keycloak.saml.common.exceptions.ParsingException;
import org.keycloak.saml.common.parsers.AbstractParser;
import org.keycloak.saml.common.parsers.StaxParser;
import org.keycloak.saml.common.util.StaxParserUtil;
import java.util.HashMap;
import java.util.Map;
import javax.xml.namespace.QName;
@ -28,6 +23,12 @@ import javax.xml.stream.XMLEventReader;
import javax.xml.stream.events.StartElement;
import javax.xml.stream.events.XMLEvent;
import org.keycloak.saml.common.ErrorCodes;
import org.keycloak.saml.common.exceptions.ParsingException;
import org.keycloak.saml.common.parsers.AbstractParser;
import org.keycloak.saml.common.parsers.StaxParser;
import org.keycloak.saml.common.util.StaxParserUtil;
/**
*
* @author hmlnarik

6
adapters/saml/core/src/main/java/org/keycloak/adapters/saml/config/parsers/KeycloakSamlAdapterV1Parser.java
View File

@ -17,13 +17,13 @@
package org.keycloak.adapters.saml.config.parsers;
import javax.xml.stream.XMLEventReader;
import javax.xml.stream.events.StartElement;
import org.keycloak.adapters.saml.config.KeycloakSamlAdapter;
import org.keycloak.saml.common.exceptions.ParsingException;
import org.keycloak.saml.common.util.StaxParserUtil;
import javax.xml.stream.XMLEventReader;
import javax.xml.stream.events.StartElement;
/**
* @author <a href="mailto:bill@burkecentral.com">Bill Burke</a>
* @version $Revision: 1 $

3
adapters/saml/core/src/main/java/org/keycloak/adapters/saml/config/parsers/KeycloakSamlAdapterV1QNames.java
View File

@ -16,9 +16,10 @@
*/
package org.keycloak.adapters.saml.config.parsers;
import org.keycloak.saml.processing.core.parsers.util.HasQName;
import javax.xml.namespace.QName;
import org.keycloak.saml.processing.core.parsers.util.HasQName;
/**
*
* @author hmlnarik

8
adapters/saml/core/src/main/java/org/keycloak/adapters/saml/config/parsers/KeysParser.java
View File

@ -17,16 +17,14 @@
package org.keycloak.adapters.saml.config.parsers;
import org.keycloak.adapters.saml.config.Key;
import org.keycloak.adapters.saml.config.SP;
import org.keycloak.saml.common.exceptions.ParsingException;
import org.keycloak.saml.common.util.StaxParserUtil;
import java.util.LinkedList;
import java.util.List;
import javax.xml.stream.XMLEventReader;
import javax.xml.stream.events.StartElement;
import org.keycloak.adapters.saml.config.Key;
import org.keycloak.saml.common.exceptions.ParsingException;
/**
* @author <a href="mailto:bill@burkecentral.com">Bill Burke</a>
* @version $Revision: 1 $

6
adapters/saml/core/src/main/java/org/keycloak/adapters/saml/config/parsers/PrincipalNameMappingParser.java
View File

@ -17,13 +17,13 @@
package org.keycloak.adapters.saml.config.parsers;
import javax.xml.stream.XMLEventReader;
import javax.xml.stream.events.StartElement;
import org.keycloak.adapters.saml.config.SP;
import org.keycloak.saml.common.exceptions.ParsingException;
import org.keycloak.saml.common.util.StaxParserUtil;
import javax.xml.stream.XMLEventReader;
import javax.xml.stream.events.StartElement;
/**
* @author <a href="mailto:bill@burkecentral.com">Bill Burke</a>
* @version $Revision: 1 $

6
adapters/saml/core/src/main/java/org/keycloak/adapters/saml/config/parsers/RoleMappingParser.java
View File

@ -17,14 +17,14 @@
package org.keycloak.adapters.saml.config.parsers;
import org.keycloak.saml.common.exceptions.ParsingException;
import org.keycloak.saml.common.util.StaxParserUtil;
import java.util.HashSet;
import java.util.Set;
import javax.xml.stream.XMLEventReader;
import javax.xml.stream.events.StartElement;
import org.keycloak.saml.common.exceptions.ParsingException;
import org.keycloak.saml.common.util.StaxParserUtil;
/**
* @author <a href="mailto:bill@burkecentral.com">Bill Burke</a>
* @version $Revision: 1 $

1
adapters/saml/core/src/main/java/org/keycloak/adapters/saml/config/parsers/RoleMappingsProviderParser.java
View File

@ -18,7 +18,6 @@
package org.keycloak.adapters.saml.config.parsers;
import java.util.Properties;
import javax.xml.stream.XMLEventReader;
import javax.xml.stream.events.StartElement;

6
adapters/saml/core/src/main/java/org/keycloak/adapters/saml/config/parsers/SingleLogoutServiceParser.java
View File

@ -17,13 +17,13 @@
package org.keycloak.adapters.saml.config.parsers;
import javax.xml.stream.XMLEventReader;
import javax.xml.stream.events.StartElement;
import org.keycloak.adapters.saml.config.IDP;
import org.keycloak.saml.common.exceptions.ParsingException;
import org.keycloak.saml.common.util.StaxParserUtil;
import javax.xml.stream.XMLEventReader;
import javax.xml.stream.events.StartElement;
/**
* @author <a href="mailto:bill@burkecentral.com">Bill Burke</a>
* @version $Revision: 1 $

6
adapters/saml/core/src/main/java/org/keycloak/adapters/saml/config/parsers/SingleSignOnServiceParser.java
View File

@ -17,13 +17,13 @@
package org.keycloak.adapters.saml.config.parsers;
import javax.xml.stream.XMLEventReader;
import javax.xml.stream.events.StartElement;
import org.keycloak.adapters.saml.config.IDP;
import org.keycloak.saml.common.exceptions.ParsingException;
import org.keycloak.saml.common.util.StaxParserUtil;
import javax.xml.stream.XMLEventReader;
import javax.xml.stream.events.StartElement;
/**
* @author <a href="mailto:bill@burkecentral.com">Bill Burke</a>
* @version $Revision: 1 $

6
adapters/saml/core/src/main/java/org/keycloak/adapters/saml/config/parsers/SpParser.java
View File

@ -17,13 +17,13 @@
package org.keycloak.adapters.saml.config.parsers;
import javax.xml.stream.XMLEventReader;
import javax.xml.stream.events.StartElement;
import org.keycloak.adapters.saml.config.SP;
import org.keycloak.saml.common.exceptions.ParsingException;
import org.keycloak.saml.common.util.StaxParserUtil;
import javax.xml.stream.XMLEventReader;
import javax.xml.stream.events.StartElement;
/**
* @author <a href="mailto:bill@burkecentral.com">Bill Burke</a>
* @version $Revision: 1 $

Some files were not shown because too many files have changed in this diff Show More