mirror/keycloak
1
0
Fork 0
mirror of https://github.com/keycloak/keycloak.git synced 2026-04-30 04:02:52 -05:00
Code Issues Packages Projects Releases Wiki Activity
28,740 Commits 33 Branches 304 Tags
3243e95c5a2b08a88ea1f0d6355a8d32882ad331
Commit Graph

398 Commits

Author SHA1 Message Date
Björn Eickvonder d62d5030fe Adds log context information for MDC for realm, users, etc. 
Closes #39812

Signed-off-by: Björn Eickvonder <b.eicki@gmx.net>
Signed-off-by: Alexander Schwartz <aschwart@redhat.com>
Signed-off-by: Bjoern Eickvonder <bjoern.eickvonder@inform-software.com>
Co-authored-by: Pedro Ruivo <pruivo@users.noreply.github.com>
Co-authored-by: Alexander Schwartz <aschwart@redhat.com>
 2025-07-16 17:46:46 +02:00
Ryan Emerson 0a745d6aeb Allow Features to declare that they support Rolling upgrades 
Closes #41022

Signed-off-by: Ryan Emerson <remerson@redhat.com>
Signed-off-by: Alexander Schwartz <aschwart@redhat.com>
Co-authored-by: Alexander Schwartz <aschwart@redhat.com>
 2025-07-16 12:10:29 +02:00
Martin Kanis 5a42390341 Make UPDATE_EMAIL a supported feature 
Closes #40227

Signed-off-by: Martin Kanis <mkanis@redhat.com>
 2025-07-09 10:15:48 -03:00
rmartinc 70f0731b21 Make passkeys feature dependent on web_authn 
Closes #40975

Signed-off-by: rmartinc <rmartinc@redhat.com>
 2025-07-08 13:59:43 +02:00
Michal Hajas d944823277 Make rolling-updates-v2 preview feature (#40732) 
Closes #38883
Signed-off-by: Michal Hajas <mhajas@redhat.com>
 2025-06-26 19:28:35 +02:00
Douglas Palmer a981f6b6d5 Access Token IDs have less than 128 bits of entropy 
Closes #38663

Signed-off-by: Douglas Palmer <dpalmer@redhat.com>
 2025-06-26 16:48:03 +02:00
mposolda ab7edb0d01 Introduce ExternalToInternalTokenExchangeProvider. Make it working with Google IDP using token-info endpoint instead of user-info endpoint 
closes #40146
closes #40133

Signed-off-by: mposolda <mposolda@gmail.com>
 2025-06-04 10:03:52 +02:00
Michal Hajas 88f660b235 Add experimental feature rolling-updates:v2 that allows rolling updat… (#39751) 
...e for patch releases
Closes #38882
Signed-off-by: Michal Hajas <mhajas@redhat.com>
 2025-05-27 11:17:42 -03:00
rmartinc 5c28ee4d4c Create client passwords calculating the entropy size for JWT with client secret 
Closes #38621

Signed-off-by: rmartinc <rmartinc@redhat.com>
 2025-05-27 10:23:58 +02:00
Alexander Schwartz a17f551eb2 Log out other sessions including offline sessions on password change 
Closes #38850

Signed-off-by: Alexander Schwartz <aschwart@redhat.com>
 2025-05-06 14:04:13 +02:00
rmartinc 4730dbdd8d Make recovery codes supported 
Closes #38994

Signed-off-by: rmartinc <rmartinc@redhat.com>
 2025-04-29 10:25:46 +02:00
Pedro Igor 1ba8fe16ac Deprecate for removal Instagram Identity Broker (#38998) 
Closes #37967
Closes #36562

Signed-off-by: Pedro Igor <pigor.craveiro@gmail.com>
 2025-04-17 09:07:06 +02:00
Michal Hajas 4dc4de7c12 Remove CACHE-EMBEDDED-REMOTE-STORE experimental feature 
Closes #34160

Signed-off-by: Michal Hajas <mhajas@redhat.com>
 2025-04-16 12:01:55 +00:00
vramik 602258d935 [FGAP] Switch the feature from Experimental to Supported 
Closes #38651

Signed-off-by: vramik <vramik@redhat.com>
 2025-04-08 13:00:47 -03:00
lrozenblyum a0852eaa2e Prevent NPE in CryptoIntegration.setProvider 
Closes #38596

Signed-off-by: Leonid Rozenblyum <lrozenblyum@gmail.com>
 2025-04-03 08:06:00 +00:00
Steven Hawkins 06e0885f46 fix: adds back reporting of non-ip client addresses (#37797) 
closes: #36843

Signed-off-by: Steve Hawkins <shawkins@redhat.com>
# Conflicts:
#	services/src/main/java/org/keycloak/protocol/oidc/tokenexchange/AbstractTokenExchangeProvider.java
#	services/src/main/java/org/keycloak/protocol/oidc/tokenexchange/StandardTokenExchangeProvider.java
 2025-03-27 19:33:20 +00:00
Tero Saarni c7f0fc7ac3 Support EC in PEM utils 
This change adds

- Support for decoding EC private keys.
- Support for decoding certificate bundles.

Closes #38490

Signed-off-by: Tero Saarni <tero.saarni@est.tech>
 2025-03-27 15:44:05 +01:00
Alexander Schwartz c9b88c6bf6 Finalizing release notes and documentation for initial rolling update 
Closes #38168

Signed-off-by: Alexander Schwartz <aschwart@redhat.com>
 2025-03-19 21:34:09 +01:00
rmartinc b0654c455f Remove hierarchicalUri in KeycloakUriBuilder and parse each URI part separately 
Closes #38006

Signed-off-by: rmartinc <rmartinc@redhat.com>
 2025-03-13 18:27:35 +01:00
mposolda 1fc015195f Promote standard token-exchange V2 to supported by default 
closes #37368

Signed-off-by: mposolda <mposolda@gmail.com>
 2025-03-13 18:26:55 +01:00
Sebastian Schuster 45fb21164b Improved uri template regex 
Closes #37834

Signed-off-by: Sebastian Schuster <sebastian.schuster@bosch.io>
 2025-03-05 12:15:31 +01:00
mposolda 73cfd9cc80 Polishing of token-exchange features. Remove TOKEN_EXCHANGE_FEDERATED_V2 and TOKEN_EXCHANGE_SUBJECT_IMPERSONATION_V2 
closes #37367

Signed-off-by: mposolda <mposolda@gmail.com>
 2025-03-03 17:32:17 +01:00
Michal Hajas 8cd97ddb21 Make event metrics supported (#37391) 
* Make event metrics supported

Closes #37389

Signed-off-by: Michal Hajas <mhajas@redhat.com>

* Address comments from reviews

Signed-off-by: Michal Hajas <mhajas@redhat.com>

---------

Signed-off-by: Michal Hajas <mhajas@redhat.com>
 2025-02-19 12:20:15 +01:00
Giuseppe Graziano f2d931ba44 Remove FGAP from standard token exchange v2 
Closes #37108

Signed-off-by: Giuseppe Graziano <g.graziano94@gmail.com>
 2025-02-12 12:47:23 -03:00
Martin Bartoš 491b7861ed [PERF] Determine whether OS is Windows 
Closes #33953

Signed-off-by: Martin Bartoš <mabartos@redhat.com>
 2025-02-10 17:31:26 +01:00
Pedro Ruivo 0f91e67b90 Feature flag: rolling-updates 
Closes #36840

Signed-off-by: Pedro Ruivo <pruivo@redhat.com>
 2025-02-06 17:03:50 +01:00
Marek Posolda ec5a8d161a Token exchange - added experimental token exchange V2 divided into mulitple features (#36407) 
closes #35504

Signed-off-by: mposolda <mposolda@gmail.com>
 2025-01-17 09:12:38 +01:00
Stian Thorgersen c1c147cb17 Restrict access to environment variables when at the server runtime (#36472) 
Signed-off-by: Pedro Igor <pigor.craveiro@gmail.com>
Co-authored-by: Pedro Igor <pigor.craveiro@gmail.com>
 2025-01-15 09:36:19 +01:00
Pedro Igor db986c496e Allow tracing packets sent to and from LDAP for troubleshooting purposes 
Closes #36087

Signed-off-by: Pedro Igor <pigor.craveiro@gmail.com>
 2025-01-07 12:42:23 +01:00
Thomas Darimont 7b62c0d266 Fix content-type for content.json (#35971) 
We now send the content-type `application/json` when JSON resources are requested via the resources endpoint.
Previously, those resources were using content-type `application/octet-stream`.
Also removed the duplicate entry for `text/javascript` content type mapping.

Fixes #35971

Signed-off-by: Thomas Darimont <thomas.darimont@googlemail.com>
 2024-12-17 19:45:24 -03:00
Martin Bartoš 8f2c825835 Enable opentelemetry feature by default (#35756) 
Closes #35753

Signed-off-by: Martin Bartoš <mabartos@redhat.com>
 2024-12-11 16:53:14 +00:00
Pedro Igor 5c901016e7 Removing unnecessary configuration from auth servers 
Closes #35604

Signed-off-by: Pedro Igor <pigor.craveiro@gmail.com>
 2024-12-06 13:36:50 +01:00
Erik Jan de Wit 566e41cc72 color theme tab (#35179) 
* added a way to customize theme colors

fixes: #33233
Signed-off-by: Erik Jan de Wit <erikjan.dewit@gmail.com>

* added preview and grouped vars

Signed-off-by: Erik Jan de Wit <erikjan.dewit@gmail.com>

* added dark mode

Signed-off-by: Erik Jan de Wit <erikjan.dewit@gmail.com>

* fixed label

Signed-off-by: Erik Jan de Wit <erikjan.dewit@gmail.com>

* added empty check

Signed-off-by: Erik Jan de Wit <erikjan.dewit@gmail.com>

* use json string in attributes

Signed-off-by: Erik Jan de Wit <erikjan.dewit@gmail.com>

* removed use of not exported type

Signed-off-by: Erik Jan de Wit <erikjan.dewit@gmail.com>

* output css based on JSON string

Signed-off-by: Erik Jan de Wit <erikjan.dewit@gmail.com>

* added feature flag

Signed-off-by: Erik Jan de Wit <erikjan.dewit@gmail.com>

* added a way to customize theme colors

fixes: #33233
Signed-off-by: Erik Jan de Wit <erikjan.dewit@gmail.com>

* renamed feature to quick theme

Signed-off-by: Erik Jan de Wit <erikjan.dewit@gmail.com>

* fixed merge error

Signed-off-by: Erik Jan de Wit <erikjan.dewit@gmail.com>

* Restore the Cache tab in Realm Settings (#34311)

closes keycloak#17727

Signed-off-by: Christian Janker <christian.janker@gmx.at>
Signed-off-by: Erik Jan de Wit <erikjan.dewit@gmail.com>

* added a way to customize theme colors

fixes: #33233
Signed-off-by: Erik Jan de Wit <erikjan.dewit@gmail.com>

* create a zip file instead

Signed-off-by: Erik Jan de Wit <erikjan.dewit@gmail.com>

* added themes.json to make jar usable

Signed-off-by: Erik Jan de Wit <erikjan.dewit@gmail.com>

* use property instead of attribute

Signed-off-by: Erik Jan de Wit <erikjan.dewit@gmail.com>

* fix the jar file

Signed-off-by: Erik Jan de Wit <erikjan.dewit@gmail.com>

* fixed header for preview and some text

Signed-off-by: Erik Jan de Wit <erikjan.dewit@gmail.com>

---------

Signed-off-by: Erik Jan de Wit <erikjan.dewit@gmail.com>
Signed-off-by: Christian Janker <christian.janker@gmx.at>
Co-authored-by: Christian Ja <christian.janker@gmx.at>
 2024-12-04 19:36:42 +00:00
Stefan Guilhen 3c33a7180e Add initial IPA-Tuura federation (#35467) 
* Add initial federation ipatuura plugin

Closes #35325

Signed-off-by: Justin Stephenson <jstephen@redhat.com>
Signed-off-by: Stefan Guilhen <sguilhen@redhat.com>
Co-authored-by: Stefan Guilhen <sguilhen@redhat.com>
 2024-12-02 14:59:21 -03:00
rmartinc b0b247f1f1 Passivate imported keys if the associate certificate is expired 
Closes #34973

Signed-off-by: rmartinc <rmartinc@redhat.com>
 2024-11-25 09:40:59 +01:00
Steven Hawkins 0eb0281bf2 fix: returning addresses instead of hosts on the ClientConnection (#35247) 
also consolidates checks of whether a host or address is local

closes: #35216
closes: #34671

Signed-off-by: Steve Hawkins <shawkins@redhat.com>
 2024-11-22 20:57:20 +01:00
Steven Hawkins 799ee85b7f fix: refining the usage of distribution tests (#34272) 
* fix: refining distribution tests

allows for the capturing of dry run build values for subsequent commands

closes: #34058

Signed-off-by: Steve Hawkins <shawkins@redhat.com>

* converting a few more tests to dry run and several other cleanups

also splitting the stdout and stderr collection for docker

Signed-off-by: Steve Hawkins <shawkins@redhat.com>

---------

Signed-off-by: Steve Hawkins <shawkins@redhat.com>
 2024-11-15 10:28:45 -05:00
Jan-Hendrik Dolling 80bbb0be10 fix: PEM files distributed as part of SAML adapter configs for mod_auth_mellon export 
Changing return type of ClientResource from String to Response to support different response types. Should not be breaking as this is just a class used internally by Keycloak integration tests.

Closes #34276

Co-authored-by: ccudennec-otto
Co-authored-by: radwa-otto
Co-authored-by: IngoStrauch2020

Signed-off-by: Jan-Hendrik Dolling <jan-hendrik.dolling@otto.de>
 2024-11-15 16:15:51 +01:00
vramik a2ba3c8ace Feature in higher version takes precedence even if it has lower type order 
Closes #34635

Signed-off-by: vramik <vramik@redhat.com>
 2024-11-07 10:55:42 +01:00
vramik b1ff9511d1 Fine grained admin permissions feature V2 
Closes #34563

Signed-off-by: vramik <vramik@redhat.com>
 2024-11-07 10:55:42 +01:00
Ricardo Martin 226daa41c7 Add service account mappers via client scope instead of dedicated scope (#34664) 
Closes #10417

Signed-off-by: rmartinc <rmartinc@redhat.com>


Co-authored-by: andymunro <48995441+andymunro@users.noreply.github.com>
Signed-off-by: Ricardo Martin <rmartinc@redhat.com>
 2024-11-07 08:45:11 +01:00
Bernd Bohmann 7681687e0a Provide missing user event metrics from aerogear/keycloak-metrics-spi to a keycloak micrometer event listener 
inspired by
https://github.com/aerogear/keycloak-metrics-spi
https://github.com/please-openit/keycloak-native-metrics

Closes #33043

Signed-off-by: Bernd Bohmann <bommel@apache.org>
Signed-off-by: Alexander Schwartz <aschwart@redhat.com>
Signed-off-by: Michal Hajas <mhajas@redhat.com>
Co-authored-by: Alexander Schwartz <aschwart@redhat.com>
Co-authored-by: Michal Hajas <mhajas@redhat.com>
 2024-11-04 08:56:24 +01:00
Steven Hawkins b2ccde29bb fix: persist build time spi options (#34157) 
closes: #33902

Signed-off-by: Steve Hawkins <shawkins@redhat.com>
 2024-10-23 16:51:11 +02:00
Steven Hawkins af1a5ea2a8 fix: refining https file type detection (#33703) 
also making common trustore logic align

closes: #33649

Signed-off-by: Steve Hawkins <shawkins@redhat.com>
 2024-10-22 13:05:56 -04:00
mposolda b95d12a968 Add AuthzClientCryptoProvider to authz-client in keycloak main repository 
closes #33831

Signed-off-by: mposolda <mposolda@gmail.com>
 2024-10-15 08:16:14 +02:00
Jon Koops 3930356c21 Treat unencrypted local origins as an insecure context in Safari (#33700) 
Closes #33557

Signed-off-by: Jon Koops <jonkoops@gmail.com>
 2024-10-09 23:38:03 +02:00
Jon Koops aacdf80664 Add shim for Web Crypto API to admin and account console (#33480) 
Closes #33330

Signed-off-by: Jon Koops <jonkoops@gmail.com>
 2024-10-03 10:51:23 +00:00
Erik Jan de Wit e8d8de8936 Use feature versions for admin3, account3, and login2 (#33458) 
Closes #33405

Signed-off-by: stianst <stianst@gmail.com>
 2024-10-03 12:09:36 +02:00
Stefan Guilhen 9b7cf9d584 Ensure componentsByParentAndType in CachedRealm is returned as a concurrent multi-valued map 
Closes #30235

Signed-off-by: Stefan Guilhen <sguilhen@redhat.com>
 2024-10-01 17:39:00 -03:00
Jon Koops 5e2f09f66d Remove statically served Keycloak JS from the server (#33083) 
Closes #32827

Signed-off-by: Jon Koops <jonkoops@gmail.com>
 2024-09-22 19:05:01 +02:00