mirror/keycloak
1
0
Fork 0
mirror of https://github.com/keycloak/keycloak.git synced 2025-12-16 12:05:49 -06:00
Code Issues Packages Projects Releases Wiki Activity
29,778 Commits 20 Branches 287 Tags
main
Commit Graph

80 Commits

Author SHA1 Message Date
mposolda
bf23259c0f Removing SdJwtFacade 
closes #44525

Signed-off-by: mposolda <mposolda@gmail.com>
 2025-11-27 14:19:27 +01:00
mposolda
cbb823bc0e Make sd-jwt key binding verification work with EdDSA keys 
closes #44369

Signed-off-by: mposolda <mposolda@gmail.com>
 2025-11-26 14:44:29 +01:00
Pascal Knüppel
64d5e1a3d5 [OID4VCI] Redesign SDJwt API and handle keybinding JWT (#44227) 
closes #42091


Signed-off-by: Pascal Knüppel <pascal.knueppel@governikus.de>
Signed-off-by: Captain-P-Goldfish <captain.p.goldfish@gmx.de>
Signed-off-by: mposolda <mposolda@gmail.com>
Co-authored-by: mposolda <mposolda@gmail.com>
 2025-11-24 11:01:19 +01:00
Stian Thorgersen
f6702decc0 JWK Algorithm Key Pair support (#44203) 
Closes #44141

Signed-off-by: stianst <stianst@gmail.com>
 2025-11-17 07:51:08 +01:00
Stian Thorgersen
a2c1055f8d Proposed import order (#43432) 
* Add importOrder to Spotless

Closes #43235

Signed-off-by: stianst <stianst@gmail.com>

* Re-order imports with Spotless

Signed-off-by: stianst <stianst@gmail.com>

---------

Signed-off-by: stianst <stianst@gmail.com>
 2025-11-14 09:34:49 +01:00
mposolda
fa3e964df7 Sd-Jwt unit tests in the crypto/fips1402 module 
closes #44104

Signed-off-by: mposolda <mposolda@gmail.com>
 2025-11-12 15:11:39 +01:00
Tomáš Kyjovský
4c64b7189c Deprecate org.keycloak.common.util.Base64 
Closes #43370

Signed-off-by: Alexander Schwartz <alexander.schwartz@ibm.com>
Signed-off-by: 1867605+tkyjovsk@users.noreply.github.com
Co-authored-by: Pedro Ruivo <1492066+pruivo@users.noreply.github.com>
Co-authored-by: Alexander Schwartz <alexander.schwartz@ibm.com>
 2025-10-30 09:12:14 +01:00
rmartinc
248d6d1feb Upgrade xmlsec to 3.0.4 and remove KeycloakFipsSecurityProvider workaround 
Closes #43263

Signed-off-by: rmartinc <rmartinc@redhat.com>
 2025-10-13 15:38:58 +02:00
stianst
aedd7fe5db Remove unused imports as part of #43233 
Signed-off-by: stianst <stianst@gmail.com>
 2025-10-13 13:32:01 +02:00
rmartinc
94a4e062f7 Add a debug statement when the KeycloakFipsSecurityProvider is created 
Closes #43015

Signed-off-by: rmartinc <rmartinc@redhat.com>
 2025-10-07 16:59:22 +02:00
Steven Hawkins
6b6cefd827 fix: aligning the elytron alt name extraction logic (#41975) 
closes: #40629

Signed-off-by: Steve Hawkins <shawkins@redhat.com>
 2025-09-16 10:11:30 -04:00
Anchels
90d241087d Removed redundant null checks 
Closes #40677

Signed-off-by: Anchels <mishtitov@gmail.com>
 2025-08-14 17:03:27 +02:00
Peter Skopek
651d651c30 Add missing artifact descriptions to allow Maven Central Portal Publisher pass validation process. (#40822) 
Signed-off-by: Peter Skopek <pskopek@redhat.com>
 2025-08-12 16:50:17 +02:00
Björn Eickvonder
c7cc162f6b Support for RSA Key Size of 3072 
Closes #41551

Signed-off-by: Bjoern Eickvonder <bjoern.eickvonder@inform-software.com>
 2025-07-31 13:30:33 +02:00
Rutger Lubbers
5219101aec Configure Argon2's type correctly in Argon2PasswordHashProviderFactory 
Closes #40232

Signed-off-by: Rutger Lubbers <RutgerLubbers@gmail.com>
 2025-06-04 14:13:34 +02:00
Rutger Lubbers
e15ab7d9f9 Update documentation for Argon2 hash-key length to use the correct property 
Closes #40195

Signed-off-by: Rutger Lubbers <RutgerLubbers@gmail.com>
 2025-06-04 08:03:33 +02:00
Michal Hajas
3839f8e3b5 Add metric for password validations (#36049) 
Closes #36048
Signed-off-by: Michal Hajas <mhajas@redhat.com>
Signed-off-by: Alexander Schwartz <aschwart@redhat.com>
Co-authored-by: Alexander Schwartz <aschwart@redhat.com>
 2025-01-07 10:05:47 +01:00
Martin Bartoš
959ce9c483 Provide Tracing SPI 
Closes #34711

Signed-off-by: Martin Bartoš <mabartos@redhat.com>
Co-authored-by: Alexander Schwartz <alexander.schwartz@gmx.net>
 2024-11-28 10:45:31 +01:00
Thomas Darimont
f61937f3d9 Prefer usage of StandardCharsets.UTF_8 over "UTF-8" charset reference 
Fixes #35080

Signed-off-by: Thomas Darimont <thomas.darimont@googlemail.com>
Signed-off-by: Alexander Schwartz <aschwart@redhat.com>
Co-authored-by: Alexander Schwartz <aschwart@redhat.com>
 2024-11-25 10:45:37 +00:00
rmartinc
b0b247f1f1 Passivate imported keys if the associate certificate is expired 
Closes #34973

Signed-off-by: rmartinc <rmartinc@redhat.com>
 2024-11-25 09:40:59 +01:00
Awambeng
cfd187b0ff Introduce SdJwtFacade layer for simplified SD-JWT handling and enhance test coverage (#34915) 
Closes #32955

Signed-off-by: Awambeng Rodrick <awambengrodrick@gmail.com>
 2024-11-15 15:20:10 +01:00
Ingrid Kamga
c4d6979907 Scaffold verification of SD-JWT VP token (#29859) (#33752) 
Closes #29859

Signed-off-by: Ingrid Kamga <Ingrid.Kamga@adorsys.com>
 2024-10-25 14:49:25 +02:00
rmartinc
6d52520730 Load client keys using SubjectPublicKeyInfo and upload jwks type into the jwks attributes for OIDC ones 
Closes #33820

Signed-off-by: rmartinc <rmartinc@redhat.com>
 2024-10-22 14:24:15 +02:00
mposolda
b95d12a968 Add AuthzClientCryptoProvider to authz-client in keycloak main repository 
closes #33831

Signed-off-by: mposolda <mposolda@gmail.com>
 2024-10-15 08:16:14 +02:00
mposolda
dad4477995 Remove keycloak-core and keycloak-crypto-default from SAML galleon feature pack and upgrade them to Java 17 
closes #32586

Signed-off-by: mposolda <mposolda@gmail.com>
 2024-09-03 15:58:57 +02:00
Justin Tay
966a454548 Add ECDH-ES JWE Algorithm Provider, Add generated ECDH key provider (#23928) 
Closes #23596
Closes #23597

Signed-off-by: Justin Tay <49700559+justin-tay@users.noreply.github.com>
 2024-08-08 17:29:35 +02:00
Pascal Knüppel
bf951a5554 Fix certificate creation with cross-keys (#31866) 
fixes #31864

Signed-off-by: Pascal Knüppel <pascal.knueppel@governikus.de>
 2024-08-07 12:41:12 +02:00
Ingrid Kamga
36a141007e Implement advanced verification of SD-JWT in Keycloak (#30966) 
closes #30907

Signed-off-by: Ingrid Kamga <Ingrid.Kamga@adorsys.com>
 2024-08-05 11:50:03 +02:00
Pascal Knüppel
4a15e1c2b0 Support certificate creation for EC keys (#31817) 
fixes #31816

Signed-off-by: Captain-P-Goldfish <captain.p.goldfish@gmx.de>
 2024-08-02 11:52:48 +02:00
rmartinc
096e335a92 Support for vault and AES and HMAC algorithms to JavaKeystoreKeyProvider 
Closes #30880
Closes #29755

Signed-off-by: rmartinc <rmartinc@redhat.com>
 2024-07-11 12:40:45 +02:00
rmartinc
e9c9efc3f4 Upgrade bc-fips to 1.0.2.5 
Closes #26568
Closes #27884

Signed-off-by: rmartinc <rmartinc@redhat.com>
 2024-06-25 11:07:27 +02:00
Andre F de M
0f061a75e2 Issue: 26568 - bcfips version bump and fixes 
* bump BCFIPS to 1.0.2.5
               * fix bc-fips related test error
               * remove unused imports

               Closes: #26568

Signed-off-by: Andre F de M <trixpan@users.noreply.github.com>
 2024-06-25 11:07:27 +02:00
Jon Koops
df18629ffe Use a default Java version from root POM (#29927) 
Signed-off-by: Jon Koops <jonkoops@gmail.com>
 2024-06-21 14:19:31 +02:00
Martin Bartoš
262fc09edc OpenJDK 21 support (#28518) 
* OpenJDK 21 support

Closes #28517

Co-authored-by: Václav Muzikář <vaclav@muzikari.cz>
Signed-off-by: Martin Bartoš <mabartos@redhat.com>

* x509 SAN UPN other name is not handled in JDK 21 (#904)

closes #29968

Signed-off-by: mposolda <mposolda@gmail.com>

---------

Signed-off-by: Martin Bartoš <mabartos@redhat.com>
Signed-off-by: mposolda <mposolda@gmail.com>
Co-authored-by: Václav Muzikář <vaclav@muzikari.cz>
Co-authored-by: Marek Posolda <mposolda@gmail.com>
 2024-06-03 14:17:28 +02:00
Francis Pouatcha
2683c0a7d1 JWSBuilder when used directly with AsymmetricSignatureSignerContext produces non compliant ECDSA signed JWT (#29333) 
closes #29309 

Signed-off-by: Francis Pouatcha <francis.pouatcha@adorsys.com>
 2024-05-27 13:45:42 +02:00
mposolda
d8a7773947 Adding dummyHash to DirectGrant request in case user does not exists. Fix dummyHash for normal login requests 
closes #12298

Signed-off-by: mposolda <mposolda@gmail.com>
 2024-05-13 16:33:29 +02:00
Pedro Ruivo
3e0a185070 Remove deprecated EnvironmentDependentProviderFactory.isSupported method 
Closes #26280

Signed-off-by: Pedro Ruivo <pruivo@redhat.com>
 2024-04-19 16:36:49 +02:00
Justin Tay
d807093f63 Fix OCSP nonce handling 
Closes #26439

Co-authored-by: Ricardo Martin <rmartinc@redhat.com>
Signed-off-by: Justin Tay <49700559+justin-tay@users.noreply.github.com>
 2024-04-18 09:04:46 +02:00
Alexander Schwartz
5b4a69a6e9 Limit the concurrency of password hashing to the number of CPU cores available 
Closes #28477

Signed-off-by: Alexander Schwartz <aschwart@redhat.com>
 2024-04-15 15:05:09 +02:00
Stian Thorgersen
c3a98ae387 Use Argon2 as default password hashing algorithm (#28162) 
Closes #28161

Signed-off-by: stianst <stianst@gmail.com>
 2024-03-22 13:04:14 +00:00
Stian Thorgersen
cae92cbe8c Argon2 password hashing provider (#28031) 
Closes #28030

Signed-off-by: stianst <stianst@gmail.com>
 2024-03-22 07:08:09 +01:00
coursar
4a357223b3 Harmonize behaviour of different CertificateUtilsProvider implementations 
Signed-off-by: coursar <coursar@gmail.com>
 2024-02-28 11:12:41 +01:00
coursar
3b721512c4 x509Certificate AuthorityKeyIdentifierExtension (#27272) 
closes #27271 

Signed-off-by: coursar <coursar@gmail.com>
 2024-02-27 15:59:51 +01:00
Stefan Wiedemann
aa6b102e3d Support EC Key-Imports for the JavaKeystoreKeyProvider #26936 (#27030) 
closes #26936

Signed-off-by: Stefan Wiedemann <wistefan@googlemail.com>
 2024-02-19 17:41:40 +01:00
Steven Hawkins
37acb2fd09 task: upgrading to quarkus 3.7.0.CR1 (#26203) 
there are several downgrades from the quarkus versions, and some
additional logic needed to handle changes with re-creating the
configuration

Signed-off-by: Steve Hawkins <shawkins@redhat.com>
 2024-01-31 18:23:07 +00:00
David Anderson
ceea11d044 Fix various bugs and issues in crypto/elytron (#23102) 
closes #23173
 2023-10-03 09:42:57 +02:00
Thomas Darimont
82269f789a Avoid using deprecated junit APIs in tests 
- Replaced usage of Assert.assertThat with static import
- Replaced static import org.junit.Assert.assertThat with org.hamcrest.MatcherAssert.assertThat

Fixes: #22111
 2023-08-01 11:44:25 +02:00
Václav Muzikář
776bcbcbd4 Update bcpkix and bcprov dependencies (#21543) 
Closes #21360
 2023-07-20 11:57:18 +02:00
mposolda
0ea2891eee Remove support for OpenJDK 11 on the server side 
closes #15014
 2023-07-03 13:12:22 -03:00
mposolda
1cbdf4d17e Fix the issue with LDAP connectionUrl containing multiple hosts 
Closes #17359
 2023-04-16 17:41:22 +02:00