mirror/keycloak
1
0
Fork 0
mirror of https://github.com/keycloak/keycloak.git synced 2025-12-16 20:15:46 -06:00
Code Issues Packages Projects Releases Wiki Activity
29,736 Commits 20 Branches 287 Tags
1231590a52f0751eddbdca294bf925960474b29b
Commit Graph

1136 Commits

Author SHA1 Message Date
Pascal Knüppel
46e5979b17 [OID4VCI] Handle key_attestation_required in metadata endpoint (#44471) 
fixes #43801


Signed-off-by: Pascal Knüppel <pascal.knueppel@governikus.de>
Signed-off-by: Pascal Knüppel <captain.p.goldfish@gmx.de>
Signed-off-by: Captain-P-Goldfish <captain.p.goldfish@gmx.de>
Co-authored-by: Ingrid Kamga <xingridkamga@gmail.com>
 2025-12-05 16:00:32 +01:00
Stefan Guilhen
b14d00e08f Improve workflow concurrency settings 
- allow restarting based on events
 - allow cancelling based on events

Closes #44645

Signed-off-by: Stefan Guilhen <sguilhen@redhat.com>
 2025-12-05 11:28:18 -03:00
Steve Hawkins
25186278fc fix: consolidating config logic 
closes: #42000

Signed-off-by: Steve Hawkins <shawkins@redhat.com>
 2025-12-04 14:25:56 -03:00
forkimenjeckayang
4dd68c0316 [OID4VCI] Conformance Test Fixes (#44439) 
closes #44659


Signed-off-by: forkimenjeckayang <forkimenjeckayang@gmail.com>
 2025-12-04 09:03:38 +01:00
Stefan Guilhen
65ab7f541d Add API method that fetches the scheduled workflow steps for a resource 
Closes #43660

Signed-off-by: Stefan Guilhen <sguilhen@redhat.com>
 2025-12-03 11:09:55 -03:00
Ricardo Martin
f91363d12d Improve Public Key Management for JWTAuthorizationGrant identity provider 
Closes #44243

Signed-off-by: rmartinc <rmartinc@redhat.com>
 2025-12-03 11:45:34 +01:00
mposolda
9c6a6276e4 Polishing of sd-jwt SDK builder related methods 
closes #44532

Signed-off-by: mposolda <mposolda@gmail.com>
 2025-12-03 11:09:08 +01:00
Pascal Knüppel
9b870d3d8a Fix ClassCastException on mixing AddressMapper with ClaimsMapper (#44457) 
closes #44455


Signed-off-by: Pascal Knüppel <pascal.knueppel@governikus.de>
Signed-off-by: Captain-P-Goldfish <captain.p.goldfish@gmx.de>
 2025-12-01 14:55:44 +01:00
Stefan Guilhen
3e312d91d8 Ensure null values are not serialized when fetching workflows in YAML format 
Closes #44396

Signed-off-by: Stefan Guilhen <sguilhen@redhat.com>
 2025-12-01 10:45:35 -03:00
Giuseppe Graziano
2b4855ff97 Executor for checking claims in JWT assertions (#44537) 
Closes #4443


Signed-off-by: Giuseppe Graziano <g.graziano94@gmail.com>
 2025-12-01 11:07:42 +01:00
Thomas Diesler
54bf9206b2 [OID4VCI] Credential Offer must be created by Issuer not Holder (#44255) 
closes #44116


Signed-off-by: Thomas Diesler <tdiesler@ibm.com>
 2025-11-27 16:07:10 +01:00
mposolda
bf23259c0f Removing SdJwtFacade 
closes #44525

Signed-off-by: mposolda <mposolda@gmail.com>
 2025-11-27 14:19:27 +01:00
Alexis Rico
b0b38176f0 Manage Organization Invites 
Closes #38809

Signed-off-by: Alexis Rico <sferadev@gmail.com>
Signed-off-by: Pedro Igor <pigor.craveiro@gmail.com>
Co-authored-by: Pedro Igor <pigor.craveiro@gmail.com>
 2025-11-27 10:28:52 +01:00
mposolda
cbb823bc0e Make sd-jwt key binding verification work with EdDSA keys 
closes #44369

Signed-off-by: mposolda <mposolda@gmail.com>
 2025-11-26 14:44:29 +01:00
Pascal Knüppel
64d5e1a3d5 [OID4VCI] Redesign SDJwt API and handle keybinding JWT (#44227) 
closes #42091


Signed-off-by: Pascal Knüppel <pascal.knueppel@governikus.de>
Signed-off-by: Captain-P-Goldfish <captain.p.goldfish@gmx.de>
Signed-off-by: mposolda <mposolda@gmail.com>
Co-authored-by: mposolda <mposolda@gmail.com>
 2025-11-24 11:01:19 +01:00
Stian Thorgersen
2a78bc67d7 Refactoring around federated client authenticator to better handling lookup of IdPs and clients. Also, introducing updates to documentation. (#44325) 
Closes #44253
Closes #42987
Closes #44063

Signed-off-by: stianst <stianst@gmail.com>
Co-authored-by: Alexander Schwartz <alexander.schwartz@gmx.net>
 2025-11-22 12:53:22 +01:00
Marek Posolda
a4c583246d Use the unified constants class for sd-jwt/oid4vc standard data and claims (#44153) 
closes #44152

Signed-off-by: mposolda <mposolda@gmail.com>
 2025-11-18 10:41:04 +01:00
Stian Thorgersen
f6702decc0 JWK Algorithm Key Pair support (#44203) 
Closes #44141

Signed-off-by: stianst <stianst@gmail.com>
 2025-11-17 07:51:08 +01:00
Stefan Guilhen
3319e8d9b5 Add optional parameter in WorkflowResource.toRepresentation to allow retrieval of the rep without the ids 
Closes #44183

Signed-off-by: Stefan Guilhen <sguilhen@redhat.com>
 2025-11-14 12:20:40 -03:00
Stian Thorgersen
a2c1055f8d Proposed import order (#43432) 
* Add importOrder to Spotless

Closes #43235

Signed-off-by: stianst <stianst@gmail.com>

* Re-order imports with Spotless

Signed-off-by: stianst <stianst@gmail.com>

---------

Signed-off-by: stianst <stianst@gmail.com>
 2025-11-14 09:34:49 +01:00
Stefan Guilhen
da7993896d Allow ISO-8601 compatible format for the after field in workflow steps 
- aligns the format with what is used in the JPA connection provider pool max lifetime for time-based configurations

Closes #42913

Signed-off-by: Stefan Guilhen <sguilhen@redhat.com>
 2025-11-12 18:51:49 -03:00
Stefan Guilhen
5ff2e22f18 Fix representation so that workflows can be properly disabled/enabled. 
- also removes empty 'with' configurations from the steps when retrieving the workflow.

Closes #44163

Signed-off-by: Stefan Guilhen <sguilhen@redhat.com>
 2025-11-12 18:51:36 -03:00
Ingrid Kamga
ce05241c7f [OID4VCI] Tolerate clock skew in SD-JWT time checks (#43506) 
Closes #43456

Signed-off-by: Ingrid Kamga <Ingrid.Kamga@adorsys.com>
 2025-11-11 09:02:44 +01:00
Stian Thorgersen
d8275fe5df Remove wildcard imports (#44060) 
Closes #44059

Signed-off-by: stianst <stianst@gmail.com>
 2025-11-10 11:46:05 +01:00
Pedro Igor
33f1dda2cf Processing workflow events asynchronously - Part 1 
Closes #42386

Signed-off-by: Pedro Igor <pigor.craveiro@gmail.com>
 2025-11-07 10:57:05 -03:00
Stian Thorgersen
b278dbbb3d Allow identity provider configuration without defaults for user authentication (#43963) 
Closes #43552

Signed-off-by: stianst <stianst@gmail.com>
 2025-11-05 10:13:40 -03:00
Giuseppe Graziano
4b443f04ee JWT Authorization grant idp config (#43841) 
Closes #43568

Signed-off-by: Giuseppe Graziano <g.graziano94@gmail.com>
 2025-11-04 14:46:14 +01:00
vramik
4d912a9c21 Support for YAML payloads for Admin client for creation of workflows 
Closes #43666

Signed-off-by: vramik <vramik@redhat.com>
 2025-11-03 13:09:17 -03:00
Ingrid Kamga
ea06651da5 [OID4VCI] Ensure openid_credential is one of authorization_details_types_supported on the Authorization Server metadata (#43599) 
Closes #43398

Signed-off-by: Ingrid Kamga <Ingrid.Kamga@adorsys.com>
 2025-10-31 11:32:24 +01:00
Stian Thorgersen
be6a3814fb Add CORS support to OIDC dynamic client registration endpoints (#43625) 
Closes #8863

Signed-off-by: stianst <stianst@gmail.com>
 2025-10-30 12:12:08 +01:00
Tomáš Kyjovský
4c64b7189c Deprecate org.keycloak.common.util.Base64 
Closes #43370

Signed-off-by: Alexander Schwartz <alexander.schwartz@ibm.com>
Signed-off-by: 1867605+tkyjovsk@users.noreply.github.com
Co-authored-by: Pedro Ruivo <1492066+pruivo@users.noreply.github.com>
Co-authored-by: Alexander Schwartz <alexander.schwartz@ibm.com>
 2025-10-30 09:12:14 +01:00
Stefan Guilhen
3751bc050d Workflows enhancements 
- Allow specifying a parameter in events to better tie workflows to more specific events (e.g. user-role-added(name-of-role))
 - Make workflows 'if' and 'on' fields use expressions by default
 - Fix condition evaluation inconsistencies by having a single param for each condition
 - Remove need to use double quotes for condition parameters
 - Reference groups by path instead of id in conditions

Closes #43137
Closes #43536
Closes #43537
Closes #43661
Closes #43715

Signed-off-by: Stefan Guilhen <sguilhen@redhat.com>
 2025-10-27 07:20:59 -03:00
Giuseppe Graziano
a25a0268de Experimental feature for JWT Authorization Grant (#43624) 
Closes #43444

Signed-off-by: Giuseppe Graziano <g.graziano94@gmail.com>
 2025-10-22 15:34:33 +02:00
Stefan Guilhen
657105bb41 Improve WorkflowRepresentation.Builder, changing concurrency(true) to concurrency().cancelIfRunning() for better clarity 
Signed-off-by: Stefan Guilhen <sguilhen@redhat.com>
 2025-10-20 10:54:53 -03:00
vramik
4dc398354a Restart workflow basen on concurrency/cancel-if-running option rather than reset-on option 
Closes #42911

Signed-off-by: vramik <vramik@redhat.com>
 2025-10-17 10:06:43 -03:00
Stefan Guilhen
4985fa25c6 Add restart step provider, replacing the recurring config option 
Closes #42910

Signed-off-by: Stefan Guilhen <sguilhen@redhat.com>
 2025-10-16 11:49:14 -03:00
stianst
aedd7fe5db Remove unused imports as part of #43233 
Signed-off-by: stianst <stianst@gmail.com>
 2025-10-13 13:32:01 +02:00
Peter Zaoral
f67dd98dd4 Fix sdjwt tests: make all string-byte conversions explicit (UTF-8) (#43288) 
* this unifies behaviour prior to JDK18 on Windows platform

Closes #43264

Signed-off-by: Peter Zaoral <pepo48@gmail.com>
 2025-10-13 08:37:52 +02:00
rmartinc
5732946388 Add ECDSA as a valid key type that should return EC public key 
Closes #42588

Signed-off-by: rmartinc <rmartinc@redhat.com>
 2025-10-07 19:41:27 +02:00
Stefan Guilhen
7f29c9bb88 Improve workflow logging messages 
- every execution gets its own id that can be used to track all activities related to that particular workflow execution

Closes #42952

Signed-off-by: Stefan Guilhen <sguilhen@redhat.com>
 2025-09-29 23:10:21 -03:00
Stefan Guilhen
ab7daf7fac Add validation to workflow update so that only changes to the name and enabled flag are allowed for now 
Closes #42916

Signed-off-by: Stefan Guilhen <sguilhen@redhat.com>
 2025-09-26 14:51:05 -03:00
vramik
80453bdbfb Allow defining steps in a workflow that can run immediate or scheduled 
Closes #42888

Signed-off-by: vramik <vramik@redhat.com>
 2025-09-25 14:37:22 -03:00
Pedro Igor
fe8fce859d Improve the Workflow JSON schema 
Closes #42697

Signed-off-by: Pedro Igor <pigor.craveiro@gmail.com>
 2025-09-24 04:04:44 -03:00
rmartinc
f560ea8f29 Allow EdDSA keys in JWTClientCredentialsProvider 
Closes #42751

Signed-off-by: rmartinc <rmartinc@redhat.com>
 2025-09-22 13:53:19 +02:00
rmartinc
6ae2c4ae30 Place EdECUtilsImpl.java in the normal source folder 
Closes #42716

Signed-off-by: rmartinc <rmartinc@redhat.com>
 2025-09-22 08:08:19 +02:00
mposolda
f5c71e3e55 Incorrect scheme in the WWW-Authenticate when Authorization: DPoP used 
closes #42706

Signed-off-by: mposolda <mposolda@gmail.com>
 2025-09-18 12:22:00 +02:00
Giuseppe Graziano
fd7f5351ad Client Authenticator configurable per client 
Closes #42044

Signed-off-by: Giuseppe Graziano <g.graziano94@gmail.com>
 2025-09-16 16:54:39 +02:00
vramik
d0e83cc05e Rename RLM to Workflows 
Closes #42512

Signed-off-by: vramik <vramik@redhat.com>
 2025-09-16 08:52:50 -03:00
Ricardo Martin
a2acdda535 Automatic download and cache of the SAML client public keys (#41947) 
Closes #17028

Signed-off-by: rmartinc <rmartinc@redhat.com>
 2025-09-16 13:07:33 +02:00
forkimenjeckayang
64e0b450aa [OID4VCI]: Add support for parsing and understanding authorization_details at the Token Endpoint (#40751) 
Closes #39278
Closes #39279


Signed-off-by: forkimenjeckayang <forkimenjeckayang@gmail.com>
Signed-off-by: mposolda <mposolda@gmail.com>
Co-authored-by: mposolda <mposolda@gmail.com>
 2025-09-15 14:02:45 +02:00