mirror/keycloak
1
0
Fork 0
mirror of https://github.com/keycloak/keycloak.git synced 2025-12-30 03:19:54 -06:00
Code Issues Packages Projects Releases Wiki Activity
29,382 Commits 20 Branches 287 Tags
6d93df8cadf5b4a64a5e90ad23dbbcaeb841f6f5
Commit Graph

7632 Commits

Author SHA1 Message Date
mposolda
a2cc51aed7 Possible overflow in brute force computation 
closes #30939

Signed-off-by: mposolda <mposolda@gmail.com>
 2025-10-16 12:36:14 +02:00
Giuseppe Graziano
bda0e2a67c Invalidate sessions created with remember me when remember me is disabled for realm 
Closes #43328

Signed-off-by: Giuseppe Graziano <g.graziano94@gmail.com>
 2025-10-14 15:00:41 +00:00
Pedro Ruivo
468c063e27 Client session may be lost during session restart 
Fixes #43349

Signed-off-by: Pedro Ruivo <1492066+pruivo@users.noreply.github.com>
Signed-off-by: Alexander Schwartz <alexander.schwartz@ibm.com>
Co-authored-by: Pedro Ruivo <1492066+pruivo@users.noreply.github.com>
Co-authored-by: Alexander Schwartz <alexander.schwartz@ibm.com>
 2025-10-14 11:01:16 +00:00
rmartinc
248d6d1feb Upgrade xmlsec to 3.0.4 and remove KeycloakFipsSecurityProvider workaround 
Closes #43263

Signed-off-by: rmartinc <rmartinc@redhat.com>
 2025-10-13 15:38:58 +02:00
stianst
aedd7fe5db Remove unused imports as part of #43233 
Signed-off-by: stianst <stianst@gmail.com>
 2025-10-13 13:32:01 +02:00
mposolda
76d271bf00 openid-connect flow is missing response type on language change 
closes #41292

Signed-off-by: mposolda <mposolda@gmail.com>
 2025-10-10 08:38:32 +02:00
Pedro Igor
faa0ccbb7d Automatically redirect based on login hint 
Closes #42715

Signed-off-by: Pedro Igor <pigor.craveiro@gmail.com>
 2025-10-08 14:43:32 -03:00
Steve Hawkins
6f36a02ffe fix: retaining user creation timestamp when importing 
closes: #43195

Signed-off-by: Steve Hawkins <shawkins@redhat.com>
 2025-10-08 11:36:29 -03:00
Thomas Darimont
85afd62452 Use correct error response for missing assertions in Signed JWT Validation 
* Ensure conformance for Signed JWT Validation (#43269)

This re-adds the explicit client assertion parameter validation to produce the correct error responses required by RFC7523.
See: https://www.rfc-editor.org/rfc/rfc7523.html#section-3.2

The refactoring for the support for Federated JWT Client authentication broke the OIDF conformance tests for https://www.rfc-editor.org/rfc/rfc7523.html.

Fixes #43269
Fixes #43270

Signed-off-by: Thomas Darimont <thomas.darimont@googlemail.com>

* Ensure conformance for Signed JWT Validation (#43269)

Add additional tests for ClientAuthSignedJWTTest.

Fixes #43269

Signed-off-by: Thomas Darimont <thomas.darimont@googlemail.com>

---------

Signed-off-by: Thomas Darimont <thomas.darimont@googlemail.com>
 2025-10-08 11:01:13 +02:00
rmartinc
5732946388 Add ECDSA as a valid key type that should return EC public key 
Closes #42588

Signed-off-by: rmartinc <rmartinc@redhat.com>
 2025-10-07 19:41:27 +02:00
rmartinc
9f9f5ae97a Ensure events are fully filled before success is called 
Closes #42914

Signed-off-by: rmartinc <rmartinc@redhat.com>
 2025-10-07 17:06:26 +02:00
rmartinc
94a4e062f7 Add a debug statement when the KeycloakFipsSecurityProvider is created 
Closes #43015

Signed-off-by: rmartinc <rmartinc@redhat.com>
 2025-10-07 16:59:22 +02:00
rmartinc
4476b44482 Use UserSessionUtil.findValidSessionForAccessToken in revocation endpoint 
Closes #43218

Signed-off-by: rmartinc <rmartinc@redhat.com>
 2025-10-07 16:49:08 +02:00
Pedro Igor
54289f0130 Lowercase username and email when fetching values from LDAP object 
Closes #43254

Signed-off-by: Pedro Igor <pigor.craveiro@gmail.com>
 2025-10-07 14:14:50 +00:00
Martin Kanis
a493213ad4 Hide read-only email attribute in update profile context with update … …email enabled (#43024) 
* Hide read-only email attribute in update profile context with update email enabled

Closes #42990

Signed-off-by: Martin Kanis <mkanis@redhat.com>

* Simplifying conditions when checking read/write on email attribute and more tests

Signed-off-by: Pedro Igor <pigor.craveiro@gmail.com>

---------

Signed-off-by: Martin Kanis <mkanis@redhat.com>
Signed-off-by: Pedro Igor <pigor.craveiro@gmail.com>
Co-authored-by: Pedro Igor <pigor.craveiro@gmail.com>
 2025-10-07 12:52:55 +02:00
Lukas Hanusovsky
abcc5d418f Move ConcurrentLoginTest.java to the new testsuite (#43090) 
Part of: #34494

Signed-off-by: Lukas Hanusovsky <lhanusov@redhat.com>
 2025-10-06 15:00:19 +00:00
Pedro Igor
4f55b9b6bd Filter invalid resources and scopes when processing entries from the cache 
Closes #42907

Signed-off-by: Pedro Igor <pigor.craveiro@gmail.com>
 2025-10-03 19:25:57 +02:00
Lukas Hanusovsky
64ffb3a83f [Test Migration] New testsuites: Clusterless, Multisite, VolatileSessions, migrated test: SessionTest 
Closes #35391
Closes #35393
Closes #42619

Signed-off-by: Lukas Hanusovsky <lhanusov@redhat.com>
 2025-10-03 19:23:15 +02:00
Pedro Ruivo
4f24f93b85 Restarting an user session broken for persistent sessions 
Fixes #43161

Signed-off-by: Pedro Ruivo <1492066+pruivo@users.noreply.github.com>
Co-authored-by: Pedro Ruivo <1492066+pruivo@users.noreply.github.com>
 2025-10-02 21:29:04 +02:00
Martin Kanis
6e89bd72a9 Update email page with pending verification email messages prefilled with old email 
Closes #43070

Signed-off-by: Martin Kanis <mkanis@redhat.com>
 2025-09-30 09:19:33 -03:00
rmartinc
e256513ceb Do not remove sid claim when the session is transient only for the client 
Closes #42565

Signed-off-by: rmartinc <rmartinc@redhat.com>
 2025-09-30 12:08:43 +02:00
Pedro Igor
a3db07a8f5 Re-adding max age setting to the update email action (#43036) 
Closes #43035

Signed-off-by: Pedro Igor <pigor.craveiro@gmail.com>
 2025-09-30 05:31:23 +02:00
Pedro Igor
d6da849206 Introducing a EMAL_PENDING user attribute to set the email pending verification 
Signed-off-by: Pedro Igor <pigor.craveiro@gmail.com>
 2025-09-29 12:41:41 -03:00
Martin Kanis
88eea73cdc Introduce pending email verification message for UPDATE_EMAIL 
Closes #42770

Signed-off-by: Martin Kanis <mkanis@redhat.com>
 2025-09-29 12:41:41 -03:00
rmartinc
a44758d4ae Upgrade bc-fips testing and documentation to 2.1.2 
Closes #42958

Signed-off-by: rmartinc <rmartinc@redhat.com>
 2025-09-29 09:04:43 +02:00
Stian Thorgersen
dbd516f8e6 Refactor SimpleHttp to make it injectable and usable outside server (#42936) 
Closes #42902

Signed-off-by: stianst <stianst@gmail.com>
 2025-09-29 08:37:05 +02:00
Pedro Igor
6e851ce80e Only filter default organization related scopes based on dynamic scope format 
Closes #42877

Signed-off-by: Pedro Igor <pigor.craveiro@gmail.com>
 2025-09-26 16:28:12 -03:00
Václav Muzikář
b65a60e40d Support for EDB 17 (#42341) 
Closes #42742
Closes #42293

Signed-off-by: Václav Muzikář <vmuzikar@redhat.com>
 2025-09-26 16:04:47 +02:00
forkimenjeckayang
29bee21683 [OID4VCI] Fix authorization_details generation and credential identifier mapping for conformance tests (#42819) 
Closes: #42818

Signed-off-by: forkimenjeckayang <forkimenjeckayang@gmail.com>
 2025-09-25 13:56:30 +02:00
rmartinc
83994c4a5c Enable validate signature for SAML IdP to true when there are signing keys in the IdP metadata 
Closes #42213

Signed-off-by: rmartinc <rmartinc@redhat.com>
 2025-09-25 10:17:13 +02:00
Pedro Igor
05a8dc006b Do not skip dedicated client mapper when validating dynamic scopes in authorization or token requests 
Closes #42142
Closes #42208

Signed-off-by: Pedro Igor <pigor.craveiro@gmail.com>
 2025-09-25 08:43:56 +02:00
Alexander Schwartz
4389bc2990 Fix duplicate label when using password history 
Closes #42736

Signed-off-by: Alexander Schwartz <alexander.schwartz@gmx.net>
 2025-09-24 11:21:59 +02:00
Lukas Hanusovsky
1088731e4f Moving files to the new test suite 
Signed-off-by: Lukas Hanusovsky <lhanusov@redhat.com>
 2025-09-24 09:48:06 +02:00
Pedro Igor
1948e5baf3 Prevent empty usernames and allow restarting the login 
Closes #42837
Closes #42409

Signed-off-by: Pedro Igor <pigor.craveiro@gmail.com>
 2025-09-24 04:07:03 -03:00
Pedro Igor
41b64c91aa Do not update email if there is no email from the IdP 
Closes #42390

Signed-off-by: Pedro Igor <pigor.craveiro@gmail.com>
 2025-09-24 04:05:05 -03:00
Pedro Igor
54d2451b35 Make user read-only and a proper error message when the user federation provider is not available 
Signed-off-by: Pedro Igor <pigor.craveiro@gmail.com>
 2025-09-24 04:03:13 -03:00
Giuseppe Graziano
e4114e6c74 Promote DPoP feature to supported by default 
Closes #42032

Signed-off-by: Giuseppe Graziano <g.graziano94@gmail.com>
 2025-09-24 08:26:09 +02:00
Lukas Hanusovsky
d478162401 Old Testsuite - admin package cleanup, abstract classes refactor. (#42656) 
Signed-off-by: Lukas Hanusovsky <lhanusov@redhat.com>
 2025-09-23 11:45:50 +02:00
Stefan Wiedemann
83cfd4a3e2 [OID4VCI] filter for asymmetric keys (#42758) 
Closes #42755

Signed-off-by: Stefan Wiedemann <wistefan@googlemail.com>
 2025-09-23 09:37:25 +02:00
Giuseppe Graziano
bb9c9ac1e3 Dpop binding only for refresh token 
Closes #26277

Signed-off-by: Giuseppe Graziano <g.graziano94@gmail.com>
 2025-09-23 08:10:29 +02:00
Martin Kanis
a718c988af The new email is mandatory error for update profile action with enabled update email 
Closes #42737

Signed-off-by: Martin Kanis <mkanis@redhat.com>
 2025-09-22 22:18:28 -03:00
rmartinc
f560ea8f29 Allow EdDSA keys in JWTClientCredentialsProvider 
Closes #42751

Signed-off-by: rmartinc <rmartinc@redhat.com>
 2025-09-22 13:53:19 +02:00
Šimon Vacek
d57be09f1d Fix problem with CredentialRequest#setFormat() (#42820) 
* fix main branch

fixes: #42622

Signed-off-by: Simon Vacek <simonvacky@email.cz>

* remove CredentialRequest#setFormat() from tests

Signed-off-by: Simon Vacek <simonvacky@email.cz>

---------

Signed-off-by: Simon Vacek <simonvacky@email.cz>
 2025-09-22 13:23:56 +02:00
forkimenjeckayang
8ad6427123 [OID4VC]: Update authorization_details for OID4VCI draft-16 compliance (#42622) 
Closes #41586

Signed-off-by: forkimenjeckayang <forkimenjeckayang@gmail.com>
 2025-09-22 10:19:24 +02:00
Awambeng Rodrick
f6627f99b2 chore(oid4vc): Remove format parameter from CredentialRequest 
Closes #42677

Signed-off-by: Awambeng Rodrick <awambengrodrick@gmail.com>
 2025-09-22 10:14:56 +02:00
mposolda
45fa5edbbb Possibility to enforce authorization code binding to DPoP 
closes #42740

Signed-off-by: mposolda <mposolda@gmail.com>
 2025-09-20 10:22:32 +02:00
Pedro Ruivo
47f85631f3 Automatically create external caches for MULTI_SITE deployments 
Closes #32129

Signed-off-by: Pedro Ruivo <1492066+pruivo@users.noreply.github.com>
Co-authored-by: Pedro Ruivo <1492066+pruivo@users.noreply.github.com>
 2025-09-19 18:56:38 +02:00
mposolda
f5c71e3e55 Incorrect scheme in the WWW-Authenticate when Authorization: DPoP used 
closes #42706

Signed-off-by: mposolda <mposolda@gmail.com>
 2025-09-18 12:22:00 +02:00
Stian Thorgersen
37a99154a5 Refactor and improve tests for federated client authentication (#42720) 
Closes #42718

Signed-off-by: stianst <stianst@gmail.com>
 2025-09-18 09:30:01 +00:00
Stian Thorgersen
f9ee040ef0 Add federated subject configuration option to federated-jwt authenticator (#42610) 
Closes #42608

Signed-off-by: stianst <stianst@gmail.com>
 2025-09-17 13:39:50 +02:00