mirror/keycloak
1
0
Fork 0
mirror of https://github.com/keycloak/keycloak.git synced 2025-12-16 20:15:46 -06:00
Code Issues Packages Projects Releases Wiki Activity
29,779 Commits 20 Branches 287 Tags
main
Commit Graph

5875 Commits

Author SHA1 Message Date
rmartinc
4476b44482 Use UserSessionUtil.findValidSessionForAccessToken in revocation endpoint 
Closes #43218

Signed-off-by: rmartinc <rmartinc@redhat.com>
 2025-10-07 16:49:08 +02:00
Pedro Igor
54289f0130 Lowercase username and email when fetching values from LDAP object 
Closes #43254

Signed-off-by: Pedro Igor <pigor.craveiro@gmail.com>
 2025-10-07 14:14:50 +00:00
Martin Kanis
a493213ad4 Hide read-only email attribute in update profile context with update … …email enabled (#43024) 
* Hide read-only email attribute in update profile context with update email enabled

Closes #42990

Signed-off-by: Martin Kanis <mkanis@redhat.com>

* Simplifying conditions when checking read/write on email attribute and more tests

Signed-off-by: Pedro Igor <pigor.craveiro@gmail.com>

---------

Signed-off-by: Martin Kanis <mkanis@redhat.com>
Signed-off-by: Pedro Igor <pigor.craveiro@gmail.com>
Co-authored-by: Pedro Igor <pigor.craveiro@gmail.com>
 2025-10-07 12:52:55 +02:00
Lukas Hanusovsky
abcc5d418f Move ConcurrentLoginTest.java to the new testsuite (#43090) 
Part of: #34494

Signed-off-by: Lukas Hanusovsky <lhanusov@redhat.com>
 2025-10-06 15:00:19 +00:00
Pedro Igor
4f55b9b6bd Filter invalid resources and scopes when processing entries from the cache 
Closes #42907

Signed-off-by: Pedro Igor <pigor.craveiro@gmail.com>
 2025-10-03 19:25:57 +02:00
Lukas Hanusovsky
64ffb3a83f [Test Migration] New testsuites: Clusterless, Multisite, VolatileSessions, migrated test: SessionTest 
Closes #35391
Closes #35393
Closes #42619

Signed-off-by: Lukas Hanusovsky <lhanusov@redhat.com>
 2025-10-03 19:23:15 +02:00
Pedro Ruivo
4f24f93b85 Restarting an user session broken for persistent sessions 
Fixes #43161

Signed-off-by: Pedro Ruivo <1492066+pruivo@users.noreply.github.com>
Co-authored-by: Pedro Ruivo <1492066+pruivo@users.noreply.github.com>
 2025-10-02 21:29:04 +02:00
Martin Kanis
6e89bd72a9 Update email page with pending verification email messages prefilled with old email 
Closes #43070

Signed-off-by: Martin Kanis <mkanis@redhat.com>
 2025-09-30 09:19:33 -03:00
rmartinc
e256513ceb Do not remove sid claim when the session is transient only for the client 
Closes #42565

Signed-off-by: rmartinc <rmartinc@redhat.com>
 2025-09-30 12:08:43 +02:00
Pedro Igor
a3db07a8f5 Re-adding max age setting to the update email action (#43036) 
Closes #43035

Signed-off-by: Pedro Igor <pigor.craveiro@gmail.com>
 2025-09-30 05:31:23 +02:00
Pedro Igor
d6da849206 Introducing a EMAL_PENDING user attribute to set the email pending verification 
Signed-off-by: Pedro Igor <pigor.craveiro@gmail.com>
 2025-09-29 12:41:41 -03:00
Martin Kanis
88eea73cdc Introduce pending email verification message for UPDATE_EMAIL 
Closes #42770

Signed-off-by: Martin Kanis <mkanis@redhat.com>
 2025-09-29 12:41:41 -03:00
rmartinc
a44758d4ae Upgrade bc-fips testing and documentation to 2.1.2 
Closes #42958

Signed-off-by: rmartinc <rmartinc@redhat.com>
 2025-09-29 09:04:43 +02:00
Stian Thorgersen
dbd516f8e6 Refactor SimpleHttp to make it injectable and usable outside server (#42936) 
Closes #42902

Signed-off-by: stianst <stianst@gmail.com>
 2025-09-29 08:37:05 +02:00
Pedro Igor
6e851ce80e Only filter default organization related scopes based on dynamic scope format 
Closes #42877

Signed-off-by: Pedro Igor <pigor.craveiro@gmail.com>
 2025-09-26 16:28:12 -03:00
Václav Muzikář
b65a60e40d Support for EDB 17 (#42341) 
Closes #42742
Closes #42293

Signed-off-by: Václav Muzikář <vmuzikar@redhat.com>
 2025-09-26 16:04:47 +02:00
forkimenjeckayang
29bee21683 [OID4VCI] Fix authorization_details generation and credential identifier mapping for conformance tests (#42819) 
Closes: #42818

Signed-off-by: forkimenjeckayang <forkimenjeckayang@gmail.com>
 2025-09-25 13:56:30 +02:00
rmartinc
83994c4a5c Enable validate signature for SAML IdP to true when there are signing keys in the IdP metadata 
Closes #42213

Signed-off-by: rmartinc <rmartinc@redhat.com>
 2025-09-25 10:17:13 +02:00
Pedro Igor
05a8dc006b Do not skip dedicated client mapper when validating dynamic scopes in authorization or token requests 
Closes #42142
Closes #42208

Signed-off-by: Pedro Igor <pigor.craveiro@gmail.com>
 2025-09-25 08:43:56 +02:00
Alexander Schwartz
4389bc2990 Fix duplicate label when using password history 
Closes #42736

Signed-off-by: Alexander Schwartz <alexander.schwartz@gmx.net>
 2025-09-24 11:21:59 +02:00
Lukas Hanusovsky
1088731e4f Moving files to the new test suite 
Signed-off-by: Lukas Hanusovsky <lhanusov@redhat.com>
 2025-09-24 09:48:06 +02:00
Pedro Igor
1948e5baf3 Prevent empty usernames and allow restarting the login 
Closes #42837
Closes #42409

Signed-off-by: Pedro Igor <pigor.craveiro@gmail.com>
 2025-09-24 04:07:03 -03:00
Pedro Igor
41b64c91aa Do not update email if there is no email from the IdP 
Closes #42390

Signed-off-by: Pedro Igor <pigor.craveiro@gmail.com>
 2025-09-24 04:05:05 -03:00
Pedro Igor
54d2451b35 Make user read-only and a proper error message when the user federation provider is not available 
Signed-off-by: Pedro Igor <pigor.craveiro@gmail.com>
 2025-09-24 04:03:13 -03:00
Giuseppe Graziano
e4114e6c74 Promote DPoP feature to supported by default 
Closes #42032

Signed-off-by: Giuseppe Graziano <g.graziano94@gmail.com>
 2025-09-24 08:26:09 +02:00
Lukas Hanusovsky
d478162401 Old Testsuite - admin package cleanup, abstract classes refactor. (#42656) 
Signed-off-by: Lukas Hanusovsky <lhanusov@redhat.com>
 2025-09-23 11:45:50 +02:00
Stefan Wiedemann
83cfd4a3e2 [OID4VCI] filter for asymmetric keys (#42758) 
Closes #42755

Signed-off-by: Stefan Wiedemann <wistefan@googlemail.com>
 2025-09-23 09:37:25 +02:00
Giuseppe Graziano
bb9c9ac1e3 Dpop binding only for refresh token 
Closes #26277

Signed-off-by: Giuseppe Graziano <g.graziano94@gmail.com>
 2025-09-23 08:10:29 +02:00
Martin Kanis
a718c988af The new email is mandatory error for update profile action with enabled update email 
Closes #42737

Signed-off-by: Martin Kanis <mkanis@redhat.com>
 2025-09-22 22:18:28 -03:00
rmartinc
f560ea8f29 Allow EdDSA keys in JWTClientCredentialsProvider 
Closes #42751

Signed-off-by: rmartinc <rmartinc@redhat.com>
 2025-09-22 13:53:19 +02:00
Šimon Vacek
d57be09f1d Fix problem with CredentialRequest#setFormat() (#42820) 
* fix main branch

fixes: #42622

Signed-off-by: Simon Vacek <simonvacky@email.cz>

* remove CredentialRequest#setFormat() from tests

Signed-off-by: Simon Vacek <simonvacky@email.cz>

---------

Signed-off-by: Simon Vacek <simonvacky@email.cz>
 2025-09-22 13:23:56 +02:00
forkimenjeckayang
8ad6427123 [OID4VC]: Update authorization_details for OID4VCI draft-16 compliance (#42622) 
Closes #41586

Signed-off-by: forkimenjeckayang <forkimenjeckayang@gmail.com>
 2025-09-22 10:19:24 +02:00
Awambeng Rodrick
f6627f99b2 chore(oid4vc): Remove format parameter from CredentialRequest 
Closes #42677

Signed-off-by: Awambeng Rodrick <awambengrodrick@gmail.com>
 2025-09-22 10:14:56 +02:00
mposolda
45fa5edbbb Possibility to enforce authorization code binding to DPoP 
closes #42740

Signed-off-by: mposolda <mposolda@gmail.com>
 2025-09-20 10:22:32 +02:00
Pedro Ruivo
47f85631f3 Automatically create external caches for MULTI_SITE deployments 
Closes #32129

Signed-off-by: Pedro Ruivo <1492066+pruivo@users.noreply.github.com>
Co-authored-by: Pedro Ruivo <1492066+pruivo@users.noreply.github.com>
 2025-09-19 18:56:38 +02:00
mposolda
f5c71e3e55 Incorrect scheme in the WWW-Authenticate when Authorization: DPoP used 
closes #42706

Signed-off-by: mposolda <mposolda@gmail.com>
 2025-09-18 12:22:00 +02:00
Stian Thorgersen
37a99154a5 Refactor and improve tests for federated client authentication (#42720) 
Closes #42718

Signed-off-by: stianst <stianst@gmail.com>
 2025-09-18 09:30:01 +00:00
Stian Thorgersen
f9ee040ef0 Add federated subject configuration option to federated-jwt authenticator (#42610) 
Closes #42608

Signed-off-by: stianst <stianst@gmail.com>
 2025-09-17 13:39:50 +02:00
Lukas Hanusovsky
d9b4bd047f [Keycloak Test Framework] Infinispan cache + ClusterlessTestSuite configuration (#42172) 
* [Keycloak Test Framework] Infinispan server + ClusterlessTestSuite and MultisiteTestSuite configuration

Signed-off-by: Lukas Hanusovsky <lhanusov@redhat.com>

* Utilise ClientIntelligence.BASIC to ensure that internal docker IPs
never used by Infinispan client

Signed-off-by: Ryan Emerson <remerson@ibm.com>

* Code refactoring + properties utility

Signed-off-by: Lukas Hanusovsky <lhanusov@redhat.com>

---------

Signed-off-by: Lukas Hanusovsky <lhanusov@redhat.com>
Signed-off-by: Ryan Emerson <remerson@ibm.com>
Co-authored-by: Ryan Emerson <remerson@ibm.com>
 2025-09-17 07:13:11 +00:00
Ricardo Martin
a2acdda535 Automatic download and cache of the SAML client public keys (#41947) 
Closes #17028

Signed-off-by: rmartinc <rmartinc@redhat.com>
 2025-09-16 13:07:33 +02:00
Awambeng
20f9306b78 [OID4VCI] Adjust Credential Issuer Metadata endpoint, return issuer metadata at /.well-known/openid-credential-issuer/realms/{realm} (#42577) 
Closes #41589

Signed-off-by: Awambeng <awambengrodrick@gmail.com>
 2025-09-16 10:24:44 +02:00
rmartinc
8a94bd90f9 redirectToAuthentication if the request uses PAR to not lose the single object after a refresh 
Closes #36716

Signed-off-by: rmartinc <rmartinc@redhat.com>
 2025-09-16 10:14:35 +02:00
Alexander Schwartz
cdea7d79a7 Fix chinese language names 
Closes #42575

Signed-off-by: Alexander Schwartz <aschwart@redhat.com>
 2025-09-15 15:01:08 -03:00
forkimenjeckayang
64e0b450aa [OID4VCI]: Add support for parsing and understanding authorization_details at the Token Endpoint (#40751) 
Closes #39278
Closes #39279


Signed-off-by: forkimenjeckayang <forkimenjeckayang@gmail.com>
Signed-off-by: mposolda <mposolda@gmail.com>
Co-authored-by: mposolda <mposolda@gmail.com>
 2025-09-15 14:02:45 +02:00
rmartinc
605b51905c Do not regenerate the secret key when the size is not explicitly passed 
Closes #42405

Signed-off-by: rmartinc <rmartinc@redhat.com>
 2025-09-15 13:30:35 +02:00
Ogen Bertrand
70b50e93e9 [OID4VCI] Add support for credential_request_encryption in metadat (#42169) 
closes #41594
closes #41593
closes #41592
closes #41582
closes #41595


Signed-off-by: Ogenbertrand <ogenbertrand@gmail.com>
 2025-09-15 09:19:15 +02:00
Martin Kanis
5a02bc1adb Admin UI hides local users when LDAP provider fails 
Closes #42276

Signed-off-by: Martin Kanis <mkanis@redhat.com>
 2025-09-12 10:43:08 -03:00
Stefan Wiedemann
232c91e6b7 Allow configuration of clientId in TargetRoleMapper again (#42377) 
closes #42375


Signed-off-by: Stefan Wiedemann <wistefan@googlemail.com>
 2025-09-12 08:56:53 +02:00
forkimenjeckayang
66677da8f7 [OID4VC]: Update the issuer metadata for signed metadata (#42428) 
Closes #41588

Signed-off-by: forkimenjeckayang <forkimenjeckayang@gmail.com>
 2025-09-12 08:51:56 +02:00
KONSTANTINOS GEORGILAKIS
b6cee86e74 Add openid scope in Allowed Client Scopes options of client registration access policies 
Closes #42339

Signed-off-by: cgeorgilakis-grnet <cgeorgilakis@admin.grnet.gr>
Co-authored-by: cgeorgilakis-grnet <cgeorgilakis@admin.grnet.gr>
 2025-09-11 16:04:31 +02:00