keycloak

mirror of https://github.com/keycloak/keycloak.git synced 2026-05-25 11:30:27 -05:00

Author	SHA1	Message	Date
Ricardo Martin	630335ff21	Do not allow wildcards in the hostname for Valid Redirect Address Closes #48430 (cherry picked from commit `1cec184455`) Signed-off-by: rmartinc <rmartinc@redhat.com>	2026-05-21 15:41:40 +02:00
Awambeng Rodrick	b99f1b5842	fix(oid4vc): use SecureRandom for nonce and time claim generation - replace non-cryptographic PRNG usage (java.util.Random, Math.random) - use SecureRandom in JwtCNonceHandler for nonce length generation - use SecureRandom in TimeClaimNormalizer for time claim randomization - introduce centralized secure random utility (SecretGenerator) - ensure uniform and unpredictable randomness in security-sensitive flows Closes #47271 Signed-off-by: Awambeng Rodrick <awambengrodrick@gmail.com> Address review comments from @IngridPuppet Signed-off-by: Awambeng Rodrick <awambengrodrick@gmail.com>	2026-03-26 17:44:47 +01:00
rmartinc	b6fe6c2db8	Documentation for brokering API V2 and make it preview Closes #46590 Closes #47259 Signed-off-by: rmartinc <rmartinc@redhat.com>	2026-03-26 11:13:58 +01:00
Stefan Guilhen	1b9f0e7db1	Switch workflows feature to supported Closes #46987 Signed-off-by: kvfi <mail@ouafi.net> Signed-off-by: Stefan Guilhen <sguilhen@redhat.com>	2026-03-25 17:05:32 -03:00
Ingrid Kamga	df92e7aac8	[OID4VCI] Generate pre-authorized codes using the JWT format (#46450 ) Closes #45231 Signed-off-by: Ingrid Kamga <Ingrid.Kamga@adorsys.com> Signed-off-by: Ingrid Kamga <xingridkamga@gmail.com>	2026-03-25 19:35:13 +01:00
Thomas Diesler	53e7bdf1fe	[OID4VCI] Secure-by-Default and Default Disablement of Pre-Authorized… (#47270 ) closes #46396 Signed-off-by: Thomas Diesler <tdiesler@proton.me>	2026-03-20 17:30:29 +01:00
Ricardo Martin	b93695eb90	Add versioning to identity brokering api feature (#47281 ) Closes #47254 Signed-off-by: rmartinc <rmartinc@redhat.com>	2026-03-20 16:55:56 +01:00
Steven Hawkins	e060921858	fix: allowing nested } if matched with { (#47290 ) closes: #47201 Signed-off-by: Steve Hawkins <shawkins@redhat.com>	2026-03-20 11:53:53 +01:00
Stian Thorgersen	ca2bc8bd69	Initial experimental support for Resource Indicators (#46763 ) * Initial experimental support for Resource Indicators Closes #47040 Signed-off-by: stianst <stianst@gmail.com> # Conflicts: # services/src/main/java/org/keycloak/protocol/oidc/endpoints/TokenEndpoint.java # tests/utils-shared/src/main/java/org/keycloak/testsuite/util/oauth/LoginUrlBuilder.java * Rename TokenInterceptor to TokenPostProcessor Signed-off-by: stianst <stianst@gmail.com> --------- Signed-off-by: stianst <stianst@gmail.com>	2026-03-17 08:45:56 +01:00
Stian Thorgersen	607096fd4e	Promote federated client authentication, including OIDC and Kube to fully supported Closes #42634, closes #42635, closes #42826, closes #44412 Signed-off-by: stianst <stianst@gmail.com>	2026-03-17 05:15:13 +01:00
rmartinc	db7d9bfc8c	Promote JWT Authorization Grant feature to supported Closes #45463 Signed-off-by: rmartinc <rmartinc@redhat.com>	2026-03-10 09:13:44 +01:00
Ricardo Martin	2bd386842a	Step up authentication for saml - preview (#44185 ) Closes #10155 Signed-off-by: rmartinc <rmartinc@redhat.com>	2026-02-23 19:57:00 +01:00
Pedro Igor	3e3a7befd1	Initial code for SCIM core and testsuite (#45978 ) Closes #45712 Signed-off-by: Pedro Igor <pigor.craveiro@gmail.com>	2026-02-23 18:22:25 +01:00
Takashi Norimatsu	3892b9b5f1	Persistent CIMD (#45285 ) closes #45284 Signed-off-by: Takashi Norimatsu <takashi.norimatsu.ws@hitachi.com>	2026-02-23 12:47:35 +01:00
Ruchika Jha	f92c27e26d	Make rolling updates for patch releases fully supported and Updated docs, release notes and upgrading guide for zero-downtime patch releases Closes #45381 Closes #45756 Signed-off-by: Ruchika <ruchika.jha1@ibm.com> Signed-off-by: Alexander Schwartz <alexander.schwartz@ibm.com> Co-authored-by: Alexander Schwartz <alexander.schwartz@ibm.com>	2026-02-16 15:11:16 +00:00
Pedro Ruivo	47f245f81e	New key affinity for session ids Closes #46090 Signed-off-by: Pedro Ruivo <1492066+pruivo@users.noreply.github.com> Co-authored-by: Pedro Ruivo <1492066+pruivo@users.noreply.github.com>	2026-02-09 10:46:45 +01:00
rmartinc	e30bb37443	Mark Token Exchange v1 as deprecated but in preview Closes #45791 Signed-off-by: rmartinc <rmartinc@redhat.com>	2026-02-05 09:16:44 +01:00
Thomas Diesler	c08ed20f78	[OID4VCI] Add support for user did as subject id (#45008 ) closes #45006 Signed-off-by: Thomas Diesler <tdiesler@ibm.com>	2026-01-30 17:29:47 +01:00
Steve Hawkins	eff97618ef	fix: moving nonserver defaults out of application.properties closes: #42332 Signed-off-by: Steve Hawkins <shawkins@redhat.com>	2026-01-19 12:11:12 +01:00
Ricardo Martin	1aa1621eaa	Use MIME decoder instead of the default one to replace deprecated Base64 class Closes #45226 Signed-off-by: rmartinc <rmartinc@redhat.com>	2026-01-09 16:38:09 +01:00
Martin Bartoš	548a89c823	[OTel] Micrometer to OpenTelemetry bridge support for metrics (#41716 ) * [OTel] Micrometer to OpenTelemetry bridge support for metrics Closes #41006 Signed-off-by: Martin Bartoš <mabartos@redhat.com> * Review: Docs rewording Signed-off-by: Ryan Emerson <remerson@ibm.com> * Review: Make TELEMETRY Option descriptions consistently use OpenTelemetry to reflect pattern established by telemetry-enabled, telemetry-endpoint etc Signed-off-by: Ryan Emerson <remerson@ibm.com> --------- Signed-off-by: Martin Bartoš <mabartos@redhat.com> Signed-off-by: Ryan Emerson <remerson@ibm.com> Co-authored-by: Ryan Emerson <remerson@ibm.com>	2025-12-17 17:03:56 +01:00
Martin Bartoš	29fdcedbc8	[OTel] Introduce preview support for OpenTelemetry Logs (#41265 ) Closes #41264 Co-authored-by: Ryan Emerson <remerson@redhat.com Signed-off-by: Martin Bartoš <mabartos@redhat.com>	2025-12-15 10:50:30 +01:00
Stefan Guilhen	0fc9650acc	Set Workflows as tech preview Closes #44881 Signed-off-by: Stefan Guilhen <sguilhen@redhat.com>	2025-12-12 13:05:59 -03:00
Giuseppe Graziano	c0c4067bdd	JWT Authorization Grant feature to preview Closes #44492 Signed-off-by: Giuseppe Graziano <g.graziano94@gmail.com>	2025-12-11 10:37:30 +01:00
Martin Bartoš	8def691053	[OTel] Provide general options for telemetry settings (#41705 ) * [OTel] Provide general options for telemetry settings Closes #41263 Co-authored-by: Ryan Emerson <remerson@redhat.com> Signed-off-by: Martin Bartoš <mabartos@redhat.com> * Update docs/guides/observability/telemetry.adoc Co-authored-by: Václav Muzikář <vaclav@muzikari.cz> Signed-off-by: Martin Bartoš <mabartos@redhat.com> * Provide release notes and deprecation note Signed-off-by: Martin Bartoš <mabartos@redhat.com> * Ignore link to the telemetry guide for now Signed-off-by: Martin Bartoš <mabartos@redhat.com> --------- Signed-off-by: Martin Bartoš <mabartos@redhat.com> Co-authored-by: Ryan Emerson <remerson@redhat.com> Co-authored-by: Václav Muzikář <vaclav@muzikari.cz>	2025-12-10 12:03:46 +00:00
vramik	5dbc91e028	Deprecate Fine-Grained Admin Permissions v1 Closes #44121 Signed-off-by: vramik <vramik@redhat.com>	2025-12-08 10:26:27 -03:00
Stefan Guilhen	fe3507b251	Promote workflows to supported state Closes #43492 Signed-off-by: Stefan Guilhen <sguilhen@redhat.com>	2025-12-08 10:06:40 -03:00
mposolda	cbb823bc0e	Make sd-jwt key binding verification work with EdDSA keys closes #44369 Signed-off-by: mposolda <mposolda@gmail.com>	2025-11-26 14:44:29 +01:00
ruchikajha95	570ac40025	Promote MDC Logging Feature to Supported State Closes #41205 Signed-off-by: Ruchika Jha <ruchika@li-0551ffcc-341d-11b2-a85c-a28deda416be.ibm.com> Signed-off-by: Alexander Schwartz <alexander.schwartz@ibm.com> Co-authored-by: Ruchika Jha <ruchika@li-0551ffcc-341d-11b2-a85c-a28deda416be.ibm.com> Co-authored-by: Alexander Schwartz <alexander.schwartz@ibm.com>	2025-11-25 18:53:34 +00:00
Sebastian Łaskawiec	081d8e5a01	Move Kubernetes IdP to preview Closes #42947 Signed-off-by: Sebastian Łaskawiec <sebastian.laskawiec@defenseunicorns.com> Signed-off-by: Alexander Schwartz <alexander.schwartz@ibm.com> Co-authored-by: Alexander Schwartz <alexander.schwartz@ibm.com>	2025-11-22 12:56:09 +01:00
Stian Thorgersen	a2c1055f8d	Proposed import order (#43432 ) * Add importOrder to Spotless Closes #43235 Signed-off-by: stianst <stianst@gmail.com> * Re-order imports with Spotless Signed-off-by: stianst <stianst@gmail.com> --------- Signed-off-by: stianst <stianst@gmail.com>	2025-11-14 09:34:49 +01:00
Stefan Guilhen	da7993896d	Allow ISO-8601 compatible format for the after field in workflow steps - aligns the format with what is used in the JPA connection provider pool max lifetime for time-based configurations Closes #42913 Signed-off-by: Stefan Guilhen <sguilhen@redhat.com>	2025-11-12 18:51:49 -03:00
Pedro Igor	ded372a57f	Adding utility class for working with throwables and updating the cause check to limit the number of iterations on the stacktrace Signed-off-by: Pedro Igor <pigor.craveiro@gmail.com>	2025-11-11 08:48:26 -03:00
Martin Bartoš	1f9694358f	Ability to enable/disable feature via single property (#43542 ) * Ability to enable/disable feature via single property Closes #43541 Signed-off-by: Martin Bartoš <mabartos@redhat.com> * Provide support for specifying profile preview Signed-off-by: Martin Bartoš <mabartos@redhat.com> * Remove duplication check, use the new WildcardOptionUtil Signed-off-by: Martin Bartoš <mabartos@redhat.com> * Create quarkus specific single profile config resolver Signed-off-by: Martin Bartoš <mabartos@redhat.com> * Remove the feature profile capability for single feature option Signed-off-by: Martin Bartoš <mabartos@redhat.com> --------- Signed-off-by: Martin Bartoš <mabartos@redhat.com>	2025-11-07 13:35:39 +01:00
Václav Muzikář	9c86eae7ed	Initial Client API v2 impl (#43395 ) Closes #43224 Signed-off-by: Václav Muzikář <vmuzikar@redhat.com> Co-authored-by: Martin Bartoš <mabartos@redhat.com> Co-authored-by: Peter Zaoral <pzaoral@redhat.com> Co-authored-by: Steven Hawkins <shawkins@redhat.com> Co-authored-by: Robin Meese <39960884+robson90@users.noreply.github.com>	2025-11-03 14:31:54 +01:00
Pedro Ruivo	e40c5de050	Session cache affinity Closes #42776 Signed-off-by: Pedro Ruivo <1492066+pruivo@users.noreply.github.com> Signed-off-by: Alexander Schwartz <alexander.schwartz@gmx.net> Signed-off-by: Alexander Schwartz <alexander.schwartz@ibm.com> Co-authored-by: Pedro Ruivo <1492066+pruivo@users.noreply.github.com> Co-authored-by: Alexander Schwartz <alexander.schwartz@gmx.net> Co-authored-by: Steven Hawkins <shawkins@redhat.com> Co-authored-by: Alexander Schwartz <alexander.schwartz@ibm.com>	2025-10-30 21:01:09 +00:00
Tomáš Kyjovský	4c64b7189c	Deprecate `org.keycloak.common.util.Base64` Closes #43370 Signed-off-by: Alexander Schwartz <alexander.schwartz@ibm.com> Signed-off-by: 1867605+tkyjovsk@users.noreply.github.com Co-authored-by: Pedro Ruivo <1492066+pruivo@users.noreply.github.com> Co-authored-by: Alexander Schwartz <alexander.schwartz@ibm.com>	2025-10-30 09:12:14 +01:00
Giuseppe Graziano	a25a0268de	Experimental feature for JWT Authorization Grant (#43624 ) Closes #43444 Signed-off-by: Giuseppe Graziano <g.graziano94@gmail.com>	2025-10-22 15:34:33 +02:00
Martin Bartoš	37bea126c7	[PERF] Jackson reflection-free serialization/deserialization (#42946 ) * [PERF] Jackson reflection-free serialization/deserialization Closes #42945 Signed-off-by: Martin Bartoš <mabartos@redhat.com> * Update docs/guides/server/configuration-production.adoc Co-authored-by: Alexander Schwartz <alexander.schwartz@gmx.net> Signed-off-by: Martin Bartoš <mabartos@redhat.com> * Docs improvements Signed-off-by: Martin Bartoš <mabartos@redhat.com> * Update docs/guides/server/configuration-production.adoc Co-authored-by: Václav Muzikář <vaclav@muzikari.cz> Signed-off-by: Martin Bartoš <mabartos@redhat.com> * Polish the features template macros Signed-off-by: Martin Bartoš <mabartos@redhat.com> --------- Signed-off-by: Martin Bartoš <mabartos@redhat.com> Co-authored-by: Alexander Schwartz <alexander.schwartz@gmx.net> Co-authored-by: Václav Muzikář <vaclav@muzikari.cz>	2025-10-17 20:24:47 +02:00
stianst	aedd7fe5db	Remove unused imports as part of #43233 Signed-off-by: stianst <stianst@gmail.com>	2025-10-13 13:32:01 +02:00
Pedro Igor	fe8fce859d	Improve the Workflow JSON schema Closes #42697 Signed-off-by: Pedro Igor <pigor.craveiro@gmail.com>	2025-09-24 04:04:44 -03:00
Giuseppe Graziano	e4114e6c74	Promote DPoP feature to supported by default Closes #42032 Signed-off-by: Giuseppe Graziano <g.graziano94@gmail.com>	2025-09-24 08:26:09 +02:00
Peter Skopek	14e4e1aed2	Enable branding without code changes (#34246 ) closes #34244 Signed-off-by: Peter Skopek <pskopek@redhat.com>	2025-09-24 07:25:40 +02:00
Stian Thorgersen	f72482bfd2	Experimental Kube service accounts identity provider Closes #37600 Signed-off-by: stianst <stianst@gmail.com> Signed-off-by: Ryan Emerson <remerson@ibm.com> Co-authored-by: Ryan Emerson <remerson@ibm.com>	2025-09-23 00:11:24 +02:00
Stian Thorgersen	3841fea16d	Promote CLIENT_AUTH_FEDERATED and SPIFFE features to preview (#42753 ) Closes #42722 Signed-off-by: stianst <stianst@gmail.com> Co-authored-by: Ryan Emerson <remerson@ibm.com>	2025-09-19 09:46:37 +00:00
vramik	d0e83cc05e	Rename RLM to Workflows Closes #42512 Signed-off-by: vramik <vramik@redhat.com>	2025-09-16 08:52:50 -03:00
Pedro Ruivo	971016f743	More efficient secure ID generator Closes #42283 Signed-off-by: Pedro Ruivo <1492066+pruivo@users.noreply.github.com> Co-authored-by: Pedro Ruivo <1492066+pruivo@users.noreply.github.com>	2025-09-12 13:52:26 +02:00
Alexander Schwartz	6ea3c8aedf	Session IDs and auth codes should have 128 bits of entropy Closes #42274 Signed-off-by: Alexander Schwartz <aschwart@redhat.com>	2025-09-11 17:05:40 +02:00
Steven Hawkins	0897560513	fix: moves unsupported feature logging (#42380 ) closes: #42334 Signed-off-by: Steve Hawkins <shawkins@redhat.com>	2025-09-05 19:21:20 +02:00
Stian Thorgersen	320ea5a9a7	Experimental SPIFFE identity provider (#42314 ) Closes #42313 Signed-off-by: stianst <stianst@gmail.com>	2025-09-04 14:48:18 +02:00

1 2 3 4 5 ...

458 Commits