mirror/keycloak
1
0
Fork 0
mirror of https://github.com/keycloak/keycloak.git synced 2025-12-16 20:15:46 -06:00
Code Issues Packages Projects Releases Wiki Activity
29,779 Commits 20 Branches 287 Tags
main
Commit Graph

5875 Commits

Author SHA1 Message Date
Alexander Schwartz
6a202146b4 Handle already existing user session in the store 
Closes #40374

Signed-off-by: Alexander Schwartz <aschwart@redhat.com>
 2025-09-11 14:58:53 +02:00
Stian Thorgersen
51465f52a3 Get client by client attribute 
Closes #42543

Signed-off-by: stianst <stianst@gmail.com>
 2025-09-11 12:07:13 +00:00
Stian Thorgersen
1e5d52975e Refactor JWTValidator to allow use both for self-signed and federated client assertions (#42472) 
Closes: #42463

Signed-off-by: stianst <stianst@gmail.com>
 2025-09-10 08:11:18 +02:00
mposolda
5a05d2123e Unbounded login_hint parameter Can Corrupt KC_RESTART Cookie 
closes #40857

Signed-off-by: mposolda <mposolda@gmail.com>
 2025-09-09 11:05:19 +02:00
Ogen Bertrand
d13c953fe4 [OID4VCI] Implement multiple credential issuance (#42167) 
closes #39277


Signed-off-by: Ingrid Kamga <Ingrid.Kamga@adorsys.com>
Co-authored-by: Ingrid Kamga <Ingrid.Kamga@adorsys.com>
 2025-09-09 09:49:03 +02:00
Pedro Igor
0074704e76 Fixing UI to allow linking brokers ot orgs without a domain 
Closes #42408

Signed-off-by: Pedro Igor <pigor.craveiro@gmail.com>
 2025-09-08 17:46:46 +00:00
Takashi Norimatsu
d740c0f3db FAPI 2.0 Security Profile Final - Add FAPI 2.0 Final security profile as default profile of client policies 
closes #41120

Signed-off-by: Takashi Norimatsu <takashi.norimatsu.ws@hitachi.com>
 2025-09-08 17:23:53 +02:00
Ingrid Kamga
8fafd4c209 Understand key attestations as additional information to jwt proofs or as per new attestation proof type (for Key binding) 
Signed-off-by: Ingrid Kamga <Ingrid.Kamga@adorsys.com>
 2025-09-08 17:18:37 +02:00
Steven Hawkins
05c7c625d3 fix: don't show the local access screen if a service account exists (#42218) 
closes: #42201

Signed-off-by: Steve Hawkins <shawkins@redhat.com>
 2025-09-05 18:22:31 +02:00
Marek Posolda
6a27a4c336 EdDSA support for DPoP (#42362) 
closes #42286

Signed-off-by: mposolda <mposolda@gmail.com>
 2025-09-05 12:54:43 +02:00
Johannes Knutsen
973e9ad176 Add a global filter which throws bad request if a query parameter value has a control character 
Closes #41117

Signed-off-by: Johannes Knutsen <johannes@kodet.no>
 2025-09-04 10:19:51 -03:00
Awambeng
f9cb8dfe3d [OID4VCI]: Add DPoP nonce header support to OID4VCI nonce endpoint (#41999) 
Closes #41580

Signed-off-by: Awambeng Rodrick <awambengrodrick@gmail.com>
 2025-09-04 14:52:10 +02:00
forkimenjeckayang
d5feb76f1f Restructure credential_configurations_supported parsing to handle credential_metadata with display and claims && Update Credential Issuer Metadata structure (#42001) 
Closes #41587
Closes #41597

Signed-off-by: forkimenjeckayang <forkimenjeckayang@gmail.com>
 2025-09-04 14:48:56 +02:00
Awambeng
3cd2141698 Add invalid_nonce error support for OID4VCI (#41977) 
Closes #39292

Signed-off-by: Awambeng Rodrick <awambengrodrick@gmail.com>
 2025-09-04 13:15:29 +02:00
Takashi Norimatsu
ea63cdc97a Compliant with RFC8414, return server metadata at /.well-known/oauth-authorization-server/realms/{realm} 
closes #40923

Signed-off-by: Takashi Norimatsu <takashi.norimatsu.ws@hitachi.com>
 2025-09-03 19:14:37 +02:00
forkimenjeckayang
a74076e8ab Enforce batch_size ≥ 2 validation for batch_credential_issuance (#42003) 
Closes #41590

Signed-off-by: forkimenjeckayang <forkimenjeckayang@gmail.com>
 2025-09-03 17:15:55 +02:00
Awambeng Rodrick
dc6afee14e Update OID4VCI error handling for draft 16 specification 
- Replace unsupported_credential_type and unsupported_credential_format with unknown_credential_configuration
- Add new unknown_credential_identifier error type as per OID4VCI draft 16
- Update error handling logic to differentiate between credential configuration and identifier errors
- Add comprehensive test coverage for new error types

Closes #41591

Signed-off-by: Awambeng Rodrick <awambengrodrick@gmail.com>

Refactor error handling in OID4VCIssuerEndpoint

Signed-off-by: Awambeng Rodrick <awambengrodrick@gmail.com>

Resolve comments on PR

Signed-off-by: Awambeng Rodrick <awambengrodrick@gmail.com>

fix failing test

Signed-off-by: Awambeng Rodrick <awambengrodrick@gmail.com>
 2025-09-03 16:53:22 +02:00
forkimenjeckayang
fc73537ba7 Rename ldp_vp to di_vp and restructure proofs object for Draft 16 compliance (#41982) 
Closes #41576
Closes #41577
Closes #41581

Signed-off-by: forkimenjeckayang <forkimenjeckayang@gmail.com>
 2025-09-03 16:33:43 +02:00
mposolda
624d236ced DPoP verification support for admin/account REST API endpoints. Java admin-client DPoP support 
closes #33942

Signed-off-by: mposolda <mposolda@gmail.com>
 2025-09-02 14:29:30 +02:00
Giuseppe Graziano
6dc9d0d439 Check manage-account-links role for client initiated account linking 
Closes #41914

Signed-off-by: Giuseppe Graziano <g.graziano94@gmail.com>
 2025-09-01 11:25:49 +02:00
Alexis Rico
224ccbb79d Make organization domains optional 
Closes #31285

Signed-off-by: Alexis Rico <sferadev@gmail.com>
 2025-08-27 18:11:15 -03:00
Niko Köbler
236d2f9f62 Add configuration option to automatically add recovery codes action after otp configuration 
closes #41836

Signed-off-by: Niko Köbler <niko@n-k.de>
Signed-off-by: Alexander Schwartz <aschwart@redhat.com>
Co-authored-by: Alexander Schwartz <aschwart@redhat.com>
 2025-08-27 17:56:59 +02:00
Alexander Schwartz
ca1e61047a Adding TiDB dialect for Quarkus 
Closes #41897

Signed-off-by: Alexander Schwartz <aschwart@redhat.com>
Signed-off-by: Dennis Kniep <kniepdennis@gmail.com>
Co-authored-by: Dennis Kniep <kniepdennis@gmail.com>
 2025-08-26 17:44:45 -03:00
Ricardo Martin
360ff7050c Use back keycloak-js instead of initiate login in the backend for account (#42035) 
Closes #40463

Signed-off-by: rmartinc <rmartinc@redhat.com>
 2025-08-26 16:29:46 +02:00
laureat-natzka
edbe28147e Pass IDP config values to themes (#40373) 
Signed-off-by: Laureat Grepi <laureat@Laureat-MacBook-Pro.local>
Co-authored-by: Laureat Grepi <laureat@Laureat-MacBook-Pro.local>
 2025-08-25 17:50:06 +00:00
Ricardo Martin
46e990b7a7 Check for non-ascii local part on emails depending on SMTP configuration 
Closes #41994

Signed-off-by: rmartinc <rmartinc@redhat.com>
 2025-08-21 08:16:47 +00:00
Alexander Schwartz
09f863bf9d Don't validate duplicate credential label on update if label is unchanged 
Closes #41945

Signed-off-by: Alexander Schwartz <alexander.schwartz@gmx.net>
 2025-08-20 08:06:06 +02:00
Pedro Igor
c7fedb77e3 Skip processing HEAD requests for action tokens 
Closes #41834

Signed-off-by: Pedro Igor <pigor.craveiro@gmail.com>
 2025-08-19 17:26:03 -03:00
rmartinc
0ff7d551dd Check null for new keySize and validity parameters when generating certificates 
Closes #41906

Signed-off-by: rmartinc <rmartinc@redhat.com>
 2025-08-19 21:53:24 +02:00
Pedro Igor
b97aad0938 URL encode forwarded parameters 
Closes #41755

Signed-off-by: Pedro Igor <pigor.craveiro@gmail.com>
 2025-08-19 11:44:12 +02:00
Sebastian Łaskawiec
988bf9cb0b WelcomeResource do not create temporary admins (#41416) 
Signed-off-by: Sebastian Łaskawiec <sebastian.laskawiec@defenseunicorns.com>
 2025-08-18 17:31:26 +02:00
Martin Kanis
aa5fadb863 Flaky test: org.keycloak.testsuite.federation.ldap.LDAPReadOnlyTest#testReadOnlyUserGetsPermanentlyLocked 
Closes #41882

Signed-off-by: Martin Kanis <mkanis@redhat.com>
 2025-08-15 15:51:25 -03:00
Moshie Samuel
6958f57f0a add configurable cooldown for email resend in VerifyEmail 
Closes #41331

Signed-off-by: Moshie Samuel <moshie.samuel@gmail.com>
Signed-off-by: moshiem <moshiem@hardcorebiometric.com>
Signed-off-by: Alexander Schwartz <aschwart@redhat.com>
Co-authored-by: moshiem <moshiem@hardcorebiometric.com>
Co-authored-by: Alexander Schwartz <aschwart@redhat.com>
 2025-08-15 07:31:00 +02:00
Akbar Husain
06f80416fb Replace keySet with entrySet 
Closes #40064

Signed-off-by: akbarhusainpatel <apatel@intermiles.com>
Co-authored-by: akbarhusainpatel <apatel@intermiles.com>
 2025-08-14 17:31:15 +02:00
Pedro Igor
3bf46e5421 "linked-accounts" endpoint displays all Identity providers 
Closes #19732

Signed-off-by: Réda Housni Alaoui <reda-alaoui@hey.com>
Co-authored-by: Réda Housni Alaoui <reda-alaoui@hey.com>
 2025-08-14 15:21:03 +02:00
Pedro Igor
3136ec25e6 memberOf attribute empty or values with a DN that does not match the role base DN fetches all roles 
Closes #41842

Signed-off-by: Pedro Igor <pigor.craveiro@gmail.com>
 2025-08-14 11:15:52 +02:00
Dennis Kniep
d74a10d87a Add TiDB as supported db 
Closes #41455

Signed-off-by: Dennis Kniep <kniepdennis@gmail.com>
Signed-off-by: Alexander Schwartz <aschwart@redhat.com>
Co-authored-by: Alexander Schwartz <aschwart@redhat.com>
 2025-08-14 07:27:21 +00:00
Pedro Igor
9c631abb0d Remove unnecessary jandex dependency declaration 
Signed-off-by: Pedro Igor <pigor.craveiro@gmail.com>
 2025-08-13 10:30:41 -03:00
Lukas Hanusovsky
5b3b36e300 Move RealmRolesTest.java to the new testsuite (#41404) 
Part of: #34494

Signed-off-by: Lukas Hanusovsky <lhanusov@redhat.com>
 2025-08-13 12:56:23 +02:00
Réda Housni Alaoui
a99149b83a Login[v2]: "Update email" screen is not polished 
Signed-off-by: Réda Housni Alaoui <reda-alaoui@hey.com>
 2025-08-12 07:45:46 -03:00
rmartinc
acf39b34c3 Make passkeys feature supported 
Closes #41556

Signed-off-by: rmartinc <rmartinc@redhat.com>
 2025-08-12 11:18:57 +02:00
Takashi Norimatsu
52a47a63f4 RejectImplicitGrantExecutor does not return an error when a PAR request includes Implicit or Hybrid response type 
closes #41609

Signed-off-by: Takashi Norimatsu <takashi.norimatsu.ws@hitachi.com>
 2025-08-11 17:00:53 +02:00
Lukas Hanusovsky
f12ab6b189 Move RealmTest.java to the new testsuite (#41326) 
Part of: #34494

Signed-off-by: Lukas Hanusovsky <lhanusov@redhat.com>
 2025-08-11 16:24:27 +02:00
Martin Kanis
6a77072098 Skip update email required action if email attribute is not writable 
Closes #41035

Signed-off-by: Martin Kanis <mkanis@redhat.com>
 2025-08-11 08:51:16 -03:00
Pedro Igor
84fc9bb3e5 Allow forwarding parameters set as a client note in the authentication session 
Closes #41670

Signed-off-by: Pedro Igor <pigor.craveiro@gmail.com>
 2025-08-06 14:57:47 -03:00
Pedro Igor
ac632d609e Do not allow setting default values for root attributes 
Signed-off-by: Pedro Igor <pigor.craveiro@gmail.com>
 2025-08-06 13:59:54 -03:00
huyenvu2101
5436f9781c Allow setting default value for userprofile attribute 
Closes #36160

Signed-off-by: huyenvu2101 <vhuyen2101@gmail.com>
 2025-08-06 13:59:54 -03:00
Steven Hawkins
c231574d4c fix: ensuring the ordering of the providers (#41685) 
closes: #41653

Signed-off-by: Steve Hawkins <shawkins@redhat.com>
 2025-08-06 10:06:56 +02:00
Pedro Igor
6014a0e1a2 Fixing test 
Signed-off-by: Pedro Igor <pigor.craveiro@gmail.com>
 2025-08-05 14:14:49 -03:00
Alexander Böhm
9cdbd1cc35 added a non-null check to check whether the to be exported realm exists (#40655) 
* added non-null check for the exported realm like already used in SingleFileExportProvider to have a proper error message in case the realm does not exist

Closes #39122

Signed-off-by: Alexander Böhm <boehm.alexanderb@gmail.com>

* added tests based upon review conversation

Closes #39122

Signed-off-by: Alexander Böhm <boehm.alexanderb@gmail.com>

* updating tests for non existent realm name

Signed-off-by: Steve Hawkins <shawkins@redhat.com>

---------

Signed-off-by: Alexander Böhm <boehm.alexanderb@gmail.com>
Signed-off-by: Steve Hawkins <shawkins@redhat.com>
Co-authored-by: Steve Hawkins <shawkins@redhat.com>
 2025-08-04 08:42:55 -04:00