mirror/keycloak
1
0
Fork 0
mirror of https://github.com/keycloak/keycloak.git synced 2026-01-30 19:39:14 -06:00
Code Issues Packages Projects Releases Wiki Activity
30,054 Commits 23 Branches 291 Tags
main
Commit Graph

30054 Commits

This Branch
This Branch
All Branches
Author SHA1 Message Date
Pedro Igor
13cf35ded3 Only realm admins can manage workflows 
Closes #45875

Signed-off-by: Pedro Igor <pigor.craveiro@gmail.com>
 2026-01-30 21:18:06 +01:00
Pedro Igor
2dab08d5ed Make sure disabled organizations are not available from selection 
Closes #45874

Signed-off-by: Pedro Igor <pigor.craveiro@gmail.com>
 2026-01-30 21:17:35 +01:00
NAMAN JAIN
c652adff78 Add format-specific credential metadata contribution for OID4VC 
Introduce a CredentialBuilder hook that allows credential formats to
contribute format-specific metadata to the OID4VC issuer well-known
configuration. The issuer delegates metadata shaping to the
corresponding CredentialBuilder implementation.

Refactor metadata contribution to work directly with
SupportedCredentialConfiguration and CredentialScopeModel, improving
type-safety and avoiding unnecessary serialization.

Add integration tests to verify that SD-JWT credentials expose `vct`
without `credential_definition`, and JWT_VC credentials expose
`credential_definition` without `vct`.

Closes #45485

Signed-off-by: NAMAN JAIN <naman.049259@tmu.ac.in>
 2026-01-30 19:39:07 +01:00
Thomas Diesler
c08ed20f78 [OID4VCI] Add support for user did as subject id (#45008) 
closes #45006


Signed-off-by: Thomas Diesler <tdiesler@ibm.com>
 2026-01-30 17:29:47 +01:00
Martin Kanis
0433b0017d Organization Groups Import/Export 
Closes #45507

Signed-off-by: Martin Kanis <mkanis@redhat.com>
 2026-01-30 12:11:03 -03:00
Martin Bartoš
1f8744e57e Upgrade minikube for CI tests (#45893) 
Closes #45892

Signed-off-by: Martin Bartoš <mabartos@redhat.com>
 2026-01-30 11:30:21 +00:00
dependabot[bot]
4e3016a45f Bump lodash-es from 4.17.22 to 4.17.23 in /js (#45664) 
Bumps [lodash-es](https://github.com/lodash/lodash) from 4.17.22 to 4.17.23.
- [Release notes](https://github.com/lodash/lodash/releases)
- [Commits](https://github.com/lodash/lodash/commits/4.17.23)

---
updated-dependencies:
- dependency-name: lodash-es
  dependency-version: 4.17.23
  dependency-type: direct:production
...

Signed-off-by: dependabot[bot] <support@github.com>
Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com>
nightly 		2026-01-29 15:33:00 -05:00
mposolda
7b36fa174b Duplicate processing of authorization_details from AuthorizationDetailsProcessorManager 
closes #45859

Signed-off-by: mposolda <mposolda@gmail.com>
 2026-01-29 17:24:03 +01:00
Pedro Ruivo
02066f4985 Bugfix Refactor SessionsResource 
Closes #45727

Signed-off-by: Pedro Ruivo <1492066+pruivo@users.noreply.github.com>
Co-authored-by: Pedro Ruivo <1492066+pruivo@users.noreply.github.com>
 2026-01-29 14:51:50 +01:00
Stan Silvert
df27734f72 Playwright tests for user workflows tab. (#45771) 
Closes #45619

Signed-off-by: Stan Silvert <ssilvert@redhat.com>
 2026-01-29 08:17:00 -05:00
Peter Zaoral
615b54e7e6 mixed-cluster-compatibility-tests fail due to incorrectly masked content (#45821) 
Closes: #45745

Signed-off-by: Peter Zaoral <pepo48@gmail.com>
 2026-01-29 13:49:46 +01:00
Pedro Igor
0023c0a881 Removing netbeans project directory (#45858) 
Signed-off-by: Pedro Igor <pigor.craveiro@gmail.com>
 2026-01-29 13:36:04 +01:00
Pedro Ruivo
bae3963d25 Refactor SessionsResource for better memory usage and performance 
Closes #45727

Signed-off-by: Pedro Ruivo <1492066+pruivo@users.noreply.github.com>
Signed-off-by: Alexander Schwartz <alexander.schwartz@ibm.com>
Co-authored-by: Pedro Ruivo <1492066+pruivo@users.noreply.github.com>
Co-authored-by: Alexander Schwartz <alexander.schwartz@ibm.com>
 2026-01-29 11:38:54 +01:00
Tero Saarni
47b91b995d Add revert button to client credentials form 
Signed-off-by: Tero Saarni <tero.saarni@est.tech>
 2026-01-28 18:36:36 +01:00
Tero Saarni
cb4c533464 Add support for looking up client secrets via Vault SPI (#39650) 
Fixes #13102


Signed-off-by: Tero Saarni <tero.saarni@est.tech>
 2026-01-28 16:45:30 +01:00
Martin Bartoš
9563eb276c Remove unstable ImportDistTest.testImportLargeUserCount test on CPU-constrainted agents (#45834) 
Closes #45831

Signed-off-by: Martin Bartoš <mabartos@redhat.com>
 2026-01-28 16:38:49 +01:00
Giuseppe Graziano
0bc95be9cc Remove ignored-links after 26.5.0 
Closes #44810

Signed-off-by: Giuseppe Graziano <g.graziano94@gmail.com>
 2026-01-28 15:08:08 +00:00
Awambeng
d14e1d56a0 [OID4VCI] Fix OID4VCI credential requests to restrict Default client scopes (#45011) 
Closes #44737


Signed-off-by: Awambeng Rodrick <awambengrodrick@gmail.com>
 2026-01-28 15:50:02 +01:00
Eren Kan
5ad68321f6 Fix SearchDropdown clear button and URI search in Authorization tabs (#45407) 
- Add defaultValues to useForm for proper form reset
- Call reset(defaultValues) in Clear button handler
- Fix form field name from 'uris' to 'uri' to match API parameter
- Add missing 'reset' dependency to useEffect

Closes #45406

Signed-off-by: erenkan <eren@keymate.io>
 2026-01-28 09:01:04 -05:00
Stefan Guilhen
b0f93232e9 Prevent NPE when evaluating policies and policy is deleted 
Closes #45561

Signed-off-by: Stefan Guilhen <sguilhen@redhat.com>
 2026-01-28 10:51:16 -03:00
Pedro Igor
26a33409c5 Covering hiding username/email when brute force is enabled during identity-first login 
Closes #45685

Signed-off-by: Pedro Igor <pigor.craveiro@gmail.com>
 2026-01-28 08:29:46 -03:00
Ruchika Jha
aecd677e12 Add documentation for running UI test cases locally using playwright 
Closes #45343

Signed-off-by: Ruchika <ruchika.jha1@ibm.com>
Signed-off-by: Alexander Schwartz <alexander.schwartz@ibm.com>
Co-authored-by: Alexander Schwartz <alexander.schwartz@ibm.com>
 2026-01-28 12:29:13 +01:00
Pedro Igor
b9243a7270 Only enable JS policies if the scripts feature is enabled 
Closes #44132

Signed-off-by: Pedro Igor <pigor.craveiro@gmail.com>
 2026-01-28 12:28:32 +01:00
Martin Kanis
d73b1f926f Update email AIA: Back to Application URL invokes OIDC callback with missing parameters 
Closes #44488

Signed-off-by: Martin Kanis <mkanis@redhat.com>
 2026-01-28 08:24:57 -03:00
Alexander Schwartz
0ddb355d3d Optimize deletion of composite roles 
Closes #45065

Signed-off-by: Alexander Schwartz <alexander.schwartz@ibm.com>
 2026-01-28 08:05:16 -03:00
forkimenjeckayang
f2f185b367 [OID4VCI] Add OID4VCI request/response support to OAuthClient utility (#45784) 
closes: #44671


Signed-off-by: forkimenjeckayang <forkimenjeckayang@gmail.com>
 2026-01-28 11:54:42 +01:00
NAMAN JAIN
5e3c0b6b28 Fix realm context handling for StoreSyncEvent processing 
Signed-off-by: NAMAN JAIN <naman.049259@tmu.ac.in>

Fix realm context handling for StoreSyncEvent processing

Ensure the correct realm is resolved and set when handling StoreSyncEvent
inside transactional jobs. Restore the original session realm context to
avoid leakage and make StoreSyncEvent constructors public so events can be
safely published after transaction commit from RealmManager.

Closes #44574
 2026-01-28 11:40:45 +01:00
Giuseppe Graziano
adbbb81299 Remove admin console public config endpoint 
Closes #45728

Signed-off-by: Giuseppe Graziano <g.graziano94@gmail.com>
 2026-01-28 10:43:20 +01:00
Erik Jan de Wit
ffc19d997e added ability to refresh token when within time (#45789) 
fixes: #44379

Signed-off-by: Erik Jan de Wit <erikjan.dewit@gmail.com>
 2026-01-28 08:17:36 +01:00
Stefan Guilhen
bc0e2ff10b Move init/postInit/close to WorkflowConditionProviderFactory, cleanup implementations 
Closes #45767

Signed-off-by: Stefan Guilhen <sguilhen@redhat.com>
 2026-01-27 15:06:01 -03:00
Stefan Guilhen
c13a1772f8 Adds ability to migrate scheduled workflow resources from one step to another step in the same or different workflow 
Closes #45174

Signed-off-by: Stefan Guilhen <sguilhen@redhat.com>
 2026-01-27 13:46:18 -03:00
Steven Hawkins
38b5466093 fix: aligns our dev http-host default behavior with that of quarkus (#45691) 
closes: #42876

Signed-off-by: Steve Hawkins <shawkins@redhat.com>
Signed-off-by: Steven Hawkins <shawkins@redhat.com>
 2026-01-27 16:51:47 +01:00
Václav Muzikář
ed513486d1 Add operationId to OpenAPI spec for Client v2 (#45752) 
Closes #45573

Signed-off-by: Václav Muzikář <vmuzikar@ibm.com>
 2026-01-27 15:26:37 +01:00
Pedro Ruivo
5cb13268ee Remove fatal log messages from ConsistentHash 
Fixes #45780

Signed-off-by: Pedro Ruivo <1492066+pruivo@users.noreply.github.com>
Co-authored-by: Pedro Ruivo <1492066+pruivo@users.noreply.github.com>
 2026-01-27 12:52:22 +00:00
Giuseppe Graziano
6744f46841 Max expiration for Google IDToken 
Closes #45725

Signed-off-by: Giuseppe Graziano <g.graziano94@gmail.com>
 2026-01-27 13:18:51 +01:00
Fabian Bieler
6550d1b808 Login[v2]: Improve a11y for authenticator selector 
Clickable elements should be focusable and have interactive semantics.
See: https://developer.mozilla.org/en-US/docs/Web/Accessibility/Guides/Understanding_WCAG/Keyboard?utm_source=devtools&utm_medium=a11y-panel-checks-keyboard#Interactive_elements_must_be_focusable

Closes #45227

Signed-off-by: Fabian Bieler <fabian.bieler@scoop-software.de>
 2026-01-27 13:08:44 +01:00
Martin Bartoš
eac504cce5 OTEL: Ability to specify headers for exporters 
Closes #45220

Co-authored-by: Ryan Emerson <remerson@ibm.com>
Signed-off-by: Martin Bartoš <mabartos@redhat.com>
 2026-01-27 10:36:18 +00:00
Peter Zaoral
d2be206a9f Run new test framework db tests on Azure (#45735) 
* Run new test framework db tests on Azure

Closes: #45658

Signed-off-by: Peter Zaoral <pepo48@gmail.com>

* Run new test framework db tests on Azure

Closes: #45658

Signed-off-by: Peter Zaoral <pepo48@gmail.com>

---------

Signed-off-by: Peter Zaoral <pepo48@gmail.com>
 2026-01-27 08:11:37 +00:00
Weblate (bot)
521c826003 Translations update from Hosted Weblate (#45532) 
* Updated translation for Turkish

Language: tr

Updated translation for Turkish

Language: tr

Translated using Weblate (Turkish)

Translation: Keycloak/Admin backend
Translate-URL: https://hosted.weblate.org/projects/keycloak/theme-baseadmin/tr/

Updated translation for Turkish

Language: tr

Update translation files

Updated by "Cleanup translation files" hook in Weblate.

Updated translation for Turkish

Language: tr

Updated translation for Turkish

Language: tr

Updated translation for Turkish

Language: tr

Co-authored-by: Alpertunga <a_ertin@msn.com>
Co-authored-by: Arif EROL <arif.erol16@gmail.com>
Co-authored-by: Hosted Weblate <hosted@weblate.org>
Signed-off-by: Alpertunga <a_ertin@msn.com>
Signed-off-by: Arif EROL <arif.erol16@gmail.com>
Signed-off-by: Hosted Weblate <hosted@weblate.org>

* Update translation files

Updated by "Cleanup translation files" hook in Weblate.

Co-authored-by: Hosted Weblate <hosted@weblate.org>
Signed-off-by: Hosted Weblate <hosted@weblate.org>

* Updated translation for German

Language: de

Update translation files

Updated by "Cleanup translation files" hook in Weblate.

Updated translation for German

Language: de

Co-authored-by: Ettore Atalan <atalanttore@googlemail.com>
Co-authored-by: Hosted Weblate <hosted@weblate.org>
Co-authored-by: Martin Schmidt <martin.schmidt@qualityminds.de>
Signed-off-by: Ettore Atalan <atalanttore@googlemail.com>
Signed-off-by: Hosted Weblate <hosted@weblate.org>
Signed-off-by: Martin Schmidt <martin.schmidt@qualityminds.de>

* Update translation files

Updated by "Cleanup translation files" hook in Weblate.

Co-authored-by: Hosted Weblate <hosted@weblate.org>
Signed-off-by: Hosted Weblate <hosted@weblate.org>

* Update translation files

Updated by "Cleanup translation files" hook in Weblate.

Co-authored-by: Hosted Weblate <hosted@weblate.org>
Signed-off-by: Hosted Weblate <hosted@weblate.org>

* Update translation files

Updated by "Cleanup translation files" hook in Weblate.

Co-authored-by: Hosted Weblate <hosted@weblate.org>
Signed-off-by: Hosted Weblate <hosted@weblate.org>

* Update translation files

Updated by "Cleanup translation files" hook in Weblate.

Updated translation for French

Language: fr

Updated translation for French

Language: fr

Translated using Weblate (French)

Translation: Keycloak/Admin backend
Translate-URL: https://hosted.weblate.org/projects/keycloak/theme-baseadmin/fr/

Updated translation for French

Language: fr

Updated translation for French

Language: fr

Translated using Weblate (French)

Translation: Keycloak/Admin backend
Translate-URL: https://hosted.weblate.org/projects/keycloak/theme-baseadmin/fr/

Updated translation for French

Language: fr

Updated translation for French

Language: fr

Updated translation for French

Language: fr

Co-authored-by: Alexander Schwartz <alexander.schwartz@gmx.net>
Co-authored-by: Hosted Weblate <hosted@weblate.org>
Co-authored-by: Sylvain Pichon <service@spichon.fr>
Signed-off-by: Alexander Schwartz <alexander.schwartz@gmx.net>
Signed-off-by: Hosted Weblate <hosted@weblate.org>
Signed-off-by: Sylvain Pichon <service@spichon.fr>

* Update translation files

Updated by "Cleanup translation files" hook in Weblate.

Co-authored-by: Hosted Weblate <hosted@weblate.org>
Signed-off-by: Hosted Weblate <hosted@weblate.org>

* Updated translation for Chinese (Traditional Han script)

Language: zh_Hant

Updated translation for Chinese (Traditional Han script)

Language: zh_Hant

Updated translation for Chinese (Traditional Han script)

Language: zh_Hant

Updated translation for Chinese (Traditional Han script)

Language: zh_Hant

Translated using Weblate (Chinese (Traditional Han script))

Translation: Keycloak/Admin backend
Translate-URL: https://hosted.weblate.org/projects/keycloak/theme-baseadmin/zh_Hant/

Updated translation for Chinese (Traditional Han script)

Language: zh_Hant

Update translation files

Updated by "Cleanup translation files" hook in Weblate.

Co-authored-by: Hosted Weblate <hosted@weblate.org>
Co-authored-by: 秉虎 <s96016641@gmail.com>
Signed-off-by: Hosted Weblate <hosted@weblate.org>
Signed-off-by: 秉虎 <s96016641@gmail.com>

* Update translation files

Updated by "Cleanup translation files" hook in Weblate.

Co-authored-by: Hosted Weblate <hosted@weblate.org>
Signed-off-by: Hosted Weblate <hosted@weblate.org>

---------

Signed-off-by: Alpertunga <a_ertin@msn.com>
Signed-off-by: Arif EROL <arif.erol16@gmail.com>
Signed-off-by: Hosted Weblate <hosted@weblate.org>
Signed-off-by: Ettore Atalan <atalanttore@googlemail.com>
Signed-off-by: Martin Schmidt <martin.schmidt@qualityminds.de>
Signed-off-by: Alexander Schwartz <alexander.schwartz@gmx.net>
Signed-off-by: Sylvain Pichon <service@spichon.fr>
Signed-off-by: 秉虎 <s96016641@gmail.com>
Co-authored-by: Alpertunga <a_ertin@msn.com>
Co-authored-by: Arif EROL <arif.erol16@gmail.com>
Co-authored-by: Ettore Atalan <atalanttore@googlemail.com>
Co-authored-by: Martin Schmidt <martin.schmidt@qualityminds.de>
Co-authored-by: Alexander Schwartz <alexander.schwartz@gmx.net>
Co-authored-by: Sylvain Pichon <service@spichon.fr>
Co-authored-by: 秉虎 <s96016641@gmail.com>
 2026-01-26 21:45:24 +01:00
Stian Thorgersen
c51e1af941 Test framework doesn't stop running Keycloak instance if reuse is turned off 
Closes #45750

Signed-off-by: Stian Thorgersen <st@li-fbf8e8cc-23c4-11b2-a85c-be35f7de969a.ibm.com>
Co-authored-by: Stian Thorgersen <st@li-fbf8e8cc-23c4-11b2-a85c-be35f7de969a.ibm.com>
 2026-01-26 18:50:17 +01:00
Steven Hawkins
77704a91b6 fix: adding support for xforwarded prefix (#45699) 
closes: #35298

Signed-off-by: Steve Hawkins <shawkins@redhat.com>
 2026-01-26 18:14:54 +01:00
mposolda
e414050524 Remove AuthorizationDetailsResponse and make AuthorizationDetailsJSONRepresentation as base of RAR processors 
closes #45706

Signed-off-by: mposolda <mposolda@gmail.com>
 2026-01-26 17:21:45 +01:00
Tomáš Kyjovský
b247ef12cd Fix indentation in sample Keycloak CR YAML in Operator rolling updates doc 
Closes #45755 

Signed-off-by: Tomas Kyjovsky <tkyjovsk@ibm.com>
 2026-01-26 16:52:27 +01:00
mposolda
76c4263db9 Polishing based on PR review. Fix flaky tests 
closes #44961

Signed-off-by: mposolda <mposolda@gmail.com>
 2026-01-26 08:45:41 +01:00
mposolda
416a6017c2 Make authorizationDetails processing more generic and not tightly coupled to OID4VCI. Fixes 
closes #44961

Signed-off-by: mposolda <mposolda@gmail.com>
 2026-01-26 08:45:41 +01:00
forkimenjeckayang
17a2678438 Resolve bug: Authorization_details added to token-response even when should not be 
closes #44961

Signed-off-by: forkimenjeckayang <forkimenjeckayang@gmail.com>
 2026-01-26 08:45:41 +01:00
Martin Bartoš
d03bba598c Improve client creation with PKCE in admin console (#44365) 
Closes #44364

Signed-off-by: Martin Bartoš <mabartos@redhat.com>
 2026-01-23 17:30:58 +01:00
Pedro Ruivo
2f4f36eabc Add realm id column to offline_client_session table 
Closes #44424

Signed-off-by: Pedro Ruivo <1492066+pruivo@users.noreply.github.com>
Co-authored-by: Pedro Ruivo <1492066+pruivo@users.noreply.github.com>
 2026-01-23 16:28:34 +01:00
Pedro Ruivo
fcdc03a2f6 Fix mixed-cluster-compatibility-tests version matrix 
Fixes #45708

Signed-off-by: Pedro Ruivo <1492066+pruivo@users.noreply.github.com>
Co-authored-by: Pedro Ruivo <1492066+pruivo@users.noreply.github.com>
 2026-01-23 15:07:48 +00:00
Alexander Schwartz
ea29c25f20 Additional restrictions when to issue a redirect to the caller on rolling updates 
Closes #45574

Signed-off-by: Alexander Schwartz <alexander.schwartz@ibm.com>
Signed-off-by: Alexander Schwartz <alexander.schwartz@gmx.net>
Co-authored-by: Pedro Ruivo <pruivo@users.noreply.github.com>
 2026-01-23 07:33:41 -03:00