mirror/keycloak
1
0
Fork 0
mirror of https://github.com/keycloak/keycloak.git synced 2026-02-14 11:19:24 -06:00
Code Issues Packages Projects Releases Wiki Activity
29,362 Commits 23 Branches 294 Tags
bda0e2a67c8cf41d1b3d9010e6dfcddaf79bf59b
Commit Graph

29362 Commits

This Branch
This Branch
All Branches
Author SHA1 Message Date
Giuseppe Graziano
bda0e2a67c Invalidate sessions created with remember me when remember me is disabled for realm 
Closes #43328

Signed-off-by: Giuseppe Graziano <g.graziano94@gmail.com>
 2025-10-14 15:00:41 +00:00
Martin Bartoš
38909da47d [quarkus-next] DatasourcesConfigurationTest fails (#43448) 
Closes #43447

Signed-off-by: Martin Bartoš <mabartos@redhat.com>
 2025-10-14 14:50:33 +00:00
Stian Thorgersen
567a8ab93f Cleanup changes made to JWTClientValidator after refactoring 
Closes #43429

Signed-off-by: stianst <stianst@gmail.com>
 2025-10-14 16:12:40 +02:00
Steven Hawkins
700b86fad8 fix: refining https-protocols documentation (#43420) 
closes: #43164

Signed-off-by: Steve Hawkins <shawkins@redhat.com>
 2025-10-14 08:01:08 -04:00
Stian Thorgersen
5c5905fed3 Fix SPIFFE client authentication when iss claim is included (#43428) 
Closes #43394

Signed-off-by: stianst <stianst@gmail.com>
 2025-10-14 13:20:51 +02:00
Pedro Ruivo
468c063e27 Client session may be lost during session restart 
Fixes #43349

Signed-off-by: Pedro Ruivo <1492066+pruivo@users.noreply.github.com>
Signed-off-by: Alexander Schwartz <alexander.schwartz@ibm.com>
Co-authored-by: Pedro Ruivo <1492066+pruivo@users.noreply.github.com>
Co-authored-by: Alexander Schwartz <alexander.schwartz@ibm.com>
 2025-10-14 11:01:16 +00:00
Steven Hawkins
f66359ce19 fix: updating service account docs 
closes: #17268

Signed-off-by: Steve Hawkins <shawkins@redhat.com>
Signed-off-by: Steven Hawkins <shawkins@redhat.com>
Co-authored-by: Alexander Schwartz <alexander.schwartz@gmx.net>
 2025-10-14 11:02:20 +02:00
Stian Thorgersen
33987e54ff Fix schedule-nightly workflow (#43413) 
Signed-off-by: Stian Thorgersen <stianst@gmail.com>
Signed-off-by: Stian Thorgersen <stian@redhat.com>
 2025-10-14 10:32:25 +02:00
Václav Muzikář
28749042c7 Fix Spotless checks (#43418) 
Closes #43417

Signed-off-by: Václav Muzikář <vmuzikar@redhat.com>
 2025-10-13 20:16:27 +02:00
Peter Zaoral
f87b90339d Stabilize PlainTextVaultProviderTest by enhancing validation logging (#42014) 
Closes: #39660

Signed-off-by: Peter Zaoral <pzaoral@redhat.com>
 2025-10-13 17:03:50 +00:00
rmartinc
248d6d1feb Upgrade xmlsec to 3.0.4 and remove KeycloakFipsSecurityProvider workaround 
Closes #43263

Signed-off-by: rmartinc <rmartinc@redhat.com>
 2025-10-13 15:38:58 +02:00
mposolda
a77c4a6ad2 Minor UI fixes on 'Keys' tab of SAML client 
closes #43304

Signed-off-by: mposolda <mposolda@gmail.com>
 2025-10-13 15:28:06 +02:00
Pedro Igor
fa581c8148 Allow passing a context to steps 
Signed-off-by: Pedro Igor <pigor.craveiro@gmail.com>
 2025-10-13 09:53:30 -03:00
Pedro Igor
5b5a83b800 Moving WorkflowsManager and WorkflowStateSpi to server-spi-private module 
Signed-off-by: Pedro Igor <pigor.craveiro@gmail.com>
 2025-10-13 09:53:30 -03:00
Stefan Guilhen
652270302d Workflows code cleanup 
Signed-off-by: Stefan Guilhen <sguilhen@redhat.com>
 2025-10-13 09:53:30 -03:00
stianst
aedd7fe5db Remove unused imports as part of #43233 
Signed-off-by: stianst <stianst@gmail.com>
 2025-10-13 13:32:01 +02:00
stianst
963682a07c Add Spotless plugin with removeUnusedImports check enabled 
Closes #43233

Signed-off-by: stianst <stianst@gmail.com>
 2025-10-13 13:32:01 +02:00
Robin Meese
ca368706cc Update translation.md docs (#43402) 
Signed-off-by: Robin Meese <39960884+robson90@users.noreply.github.com>
 2025-10-13 13:26:23 +02:00
Alexander Schwartz
10f06e9eb7 JDBC_PING publishes its physical address on startup 
Closes #43357

Signed-off-by: Alexander Schwartz <alexander.schwartz@ibm.com>
 2025-10-13 09:53:30 +01:00
Alexander Schwartz
66b9e801c1 Mark the reading of admin and user events read-only 
This should decrease the memory usage and improve response times

Closes #43365

Signed-off-by: Alexander Schwartz <alexander.schwartz@ibm.com>
 2025-10-13 09:46:38 +02:00
Peter Zaoral
f67dd98dd4 Fix sdjwt tests: make all string-byte conversions explicit (UTF-8) (#43288) 
* this unifies behaviour prior to JDK18 on Windows platform

Closes #43264

Signed-off-by: Peter Zaoral <pepo48@gmail.com>
 2025-10-13 08:37:52 +02:00
burnedoutman
5c132b34da The fix will separate the option description from the link in the Referrer Policy settings 
Closes #43061

Signed-off-by: burnedoutman <97279475+burnedoutman@users.noreply.github.com>
Signed-off-by: Alexander Schwartz <alexander.schwartz@ibm.com>
Co-authored-by: Alexander Schwartz <alexander.schwartz@ibm.com>
 2025-10-10 15:45:50 -04:00
vramik
815d2d14d4 Check FGAP enabled before proceeding with evaluation 
Closes #43331

Signed-off-by: vramik <vramik@redhat.com>
 2025-10-10 15:44:01 -03:00
Jon Koops
5cbba8f984 Automatically dispose of realms created by createTestBed() (#43299) 
Closes #43298

Signed-off-by: Jon Koops <jonkoops@gmail.com>
 2025-10-10 10:22:21 -04:00
Alexander Schwartz
934ac48a54 Rework formatting for release notes 
Closes #43320

Signed-off-by: Alexander Schwartz <alexander.schwartz@ibm.com>
 2025-10-10 07:42:53 -03:00
mposolda
c2e49c8c59 'Service accounts roles' should be 'Service account roles' 
closes #43087

Signed-off-by: mposolda <mposolda@gmail.com>
 2025-10-10 11:25:37 +02:00
rmartinc
a19f4d00fc Throw and catch UnsupportedOperationException to fix XPathAttributeMapperTest 
Closes #43262

Signed-off-by: rmartinc <rmartinc@redhat.com>
 2025-10-10 09:39:47 +02:00
Giuseppe Graziano
0bfb9079f2 Reject search for not allowed client attributes 
Closes #42541

Signed-off-by: Giuseppe Graziano <g.graziano94@gmail.com>
 2025-10-10 09:37:40 +02:00
Weblate (bot)
00f372fa32 Translations update from Hosted Weblate (#43150) 
* Updated translation for Portuguese (Brazil)

Language: pt_BR

Updated translation for Portuguese (Brazil)

Language: pt_BR

Updated translation for Portuguese (Brazil)

Language: pt_BR

Updated translation for Portuguese (Brazil)

Language: pt_BR

Co-authored-by: Hosted Weblate <hosted@weblate.org>
Co-authored-by: Rafael Cunha <rafael.danicunha@gmail.com>
Signed-off-by: Hosted Weblate <hosted@weblate.org>
Signed-off-by: Rafael Cunha <rafael.danicunha@gmail.com>

* Updated translation for Russian

Language: ru

Updated translation for Russian

Language: ru

Updated translation for Russian

Language: ru

Updated translation for Russian

Language: ru

Updated translation for Russian

Language: ru

Updated translation for Russian

Language: ru

Translated using Weblate (Russian)

Translation: Keycloak/Theme base/admin
Translate-URL: https://hosted.weblate.org/projects/keycloak/theme-baseadmin/ru/

Updated translation for Russian

Language: ru

Updated translation for Russian

Language: ru

Co-authored-by: Anton Petrov <petrov9810@gmail.com>
Co-authored-by: Hosted Weblate <hosted@weblate.org>
Signed-off-by: Anton Petrov <petrov9810@gmail.com>
Signed-off-by: Hosted Weblate <hosted@weblate.org>

* Updated translation for French

Language: fr

Co-authored-by: Hosted Weblate <hosted@weblate.org>
Co-authored-by: Sylvain Pichon <service@spichon.fr>
Signed-off-by: Hosted Weblate <hosted@weblate.org>
Signed-off-by: Sylvain Pichon <service@spichon.fr>

* Updated translation for Chinese (Traditional Han script)

Language: zh_Hant

Updated translation for Chinese (Traditional Han script)

Language: zh_Hant

Updated translation for Chinese (Traditional Han script)

Language: zh_Hant

Co-authored-by: Hosted Weblate <hosted@weblate.org>
Co-authored-by: 秉虎 <s96016641@gmail.com>
Co-authored-by: 翁震軒 <benwater12@gmail.com>
Signed-off-by: Hosted Weblate <hosted@weblate.org>
Signed-off-by: 秉虎 <s96016641@gmail.com>
Signed-off-by: 翁震軒 <benwater12@gmail.com>

---------

Signed-off-by: Hosted Weblate <hosted@weblate.org>
Signed-off-by: Rafael Cunha <rafael.danicunha@gmail.com>
Signed-off-by: Anton Petrov <petrov9810@gmail.com>
Signed-off-by: Sylvain Pichon <service@spichon.fr>
Signed-off-by: 秉虎 <s96016641@gmail.com>
Signed-off-by: 翁震軒 <benwater12@gmail.com>
Co-authored-by: Rafael Cunha <rafael.danicunha@gmail.com>
Co-authored-by: Anton Petrov <petrov9810@gmail.com>
Co-authored-by: Sylvain Pichon <service@spichon.fr>
Co-authored-by: 秉虎 <s96016641@gmail.com>
Co-authored-by: 翁震軒 <benwater12@gmail.com>
 2025-10-10 09:32:22 +02:00
mposolda
76d271bf00 openid-connect flow is missing response type on language change 
closes #41292

Signed-off-by: mposolda <mposolda@gmail.com>
 2025-10-10 08:38:32 +02:00
Alexander Schwartz
17fb20c58d Prevent using JTA transaction when initializing JDBC_PING 
Closes #43335

Signed-off-by: Alexander Schwartz <alexander.schwartz@ibm.com>
 2025-10-09 23:09:36 +02:00
Pedro Ruivo
48f1978531 Update docs to include PostgreSQL SSL certificate 
Closes #43311

Signed-off-by: Pedro Ruivo <1492066+pruivo@users.noreply.github.com>
Co-authored-by: Pedro Ruivo <1492066+pruivo@users.noreply.github.com>
 2025-10-09 15:02:53 +02:00
mposolda
0100ac6d6e Security Defenses realm settings lost when switching between Headers and Brute Force Detection tabs 
closes #42676

Signed-off-by: mposolda <mposolda@gmail.com>
 2025-10-09 13:31:27 +02:00
Pedro Igor
faa0ccbb7d Automatically redirect based on login hint 
Closes #42715

Signed-off-by: Pedro Igor <pigor.craveiro@gmail.com>
 2025-10-08 14:43:32 -03:00
Alexander Schwartz
94d428d450 Adding attributes for section links so they work in upstream and downstream 
Closes #43286

Signed-off-by: Alexander Schwartz <alexander.schwartz@ibm.com>
 2025-10-08 11:37:13 -03:00
Steve Hawkins
6f36a02ffe fix: retaining user creation timestamp when importing 
closes: #43195

Signed-off-by: Steve Hawkins <shawkins@redhat.com>
 2025-10-08 11:36:29 -03:00
vramik
e4dc88de13 [FGAP] Make additional rest endpoints respect permissions 
Closes #40058

Signed-off-by: vramik <vramik@redhat.com>
 2025-10-08 08:47:22 -03:00
Thomas Darimont
85afd62452 Use correct error response for missing assertions in Signed JWT Validation 
* Ensure conformance for Signed JWT Validation (#43269)

This re-adds the explicit client assertion parameter validation to produce the correct error responses required by RFC7523.
See: https://www.rfc-editor.org/rfc/rfc7523.html#section-3.2

The refactoring for the support for Federated JWT Client authentication broke the OIDF conformance tests for https://www.rfc-editor.org/rfc/rfc7523.html.

Fixes #43269
Fixes #43270

Signed-off-by: Thomas Darimont <thomas.darimont@googlemail.com>

* Ensure conformance for Signed JWT Validation (#43269)

Add additional tests for ClientAuthSignedJWTTest.

Fixes #43269

Signed-off-by: Thomas Darimont <thomas.darimont@googlemail.com>

---------

Signed-off-by: Thomas Darimont <thomas.darimont@googlemail.com>
 2025-10-08 11:01:13 +02:00
Ryan Emerson
12ae8b7cc9 CI pipeline breaks when there are no tags for a release branch yet 
Closes #43057

Signed-off-by: Ryan Emerson <remerson@ibm.com>
 2025-10-08 09:26:58 +02:00
Steven Hawkins
817c78f0d9 fix: adds error handling for common redirect codes (#43276) 
closes: #31401

Signed-off-by: Steve Hawkins <shawkins@redhat.com>
 2025-10-08 08:55:07 +02:00
Steven Hawkins
a74c178195 fix: making picocli ansi handling match quarkus (#43268) 
closes: #42446

Signed-off-by: Steve Hawkins <shawkins@redhat.com>
 2025-10-08 08:51:09 +02:00
rmartinc
5732946388 Add ECDSA as a valid key type that should return EC public key 
Closes #42588

Signed-off-by: rmartinc <rmartinc@redhat.com>
 2025-10-07 19:41:27 +02:00
rmartinc
9f9f5ae97a Ensure events are fully filled before success is called 
Closes #42914

Signed-off-by: rmartinc <rmartinc@redhat.com>
 2025-10-07 17:06:26 +02:00
Alexander Schwartz
8d79bb082c Show if integer is required 
Closes #43202

Signed-off-by: Alexander Schwartz <alexander.schwartz@ibm.com>
 2025-10-07 12:01:17 -03:00
rmartinc
94a4e062f7 Add a debug statement when the KeycloakFipsSecurityProvider is created 
Closes #43015

Signed-off-by: rmartinc <rmartinc@redhat.com>
 2025-10-07 16:59:22 +02:00
rmartinc
4476b44482 Use UserSessionUtil.findValidSessionForAccessToken in revocation endpoint 
Closes #43218

Signed-off-by: rmartinc <rmartinc@redhat.com>
 2025-10-07 16:49:08 +02:00
Pedro Igor
54289f0130 Lowercase username and email when fetching values from LDAP object 
Closes #43254

Signed-off-by: Pedro Igor <pigor.craveiro@gmail.com>
 2025-10-07 14:14:50 +00:00
Stian Thorgersen
ab7939f33a Add support for spiffe_refresh_hint to Spiffe Identity Provider (#43242) 
Closes #42806

Signed-off-by: stianst <stianst@gmail.com>
 2025-10-07 14:00:46 +02:00
rmartinc
9546fca45e Convert the wizard to create client in progressive to validate every step 
Closes #42971

Signed-off-by: rmartinc <rmartinc@redhat.com>

lala
 2025-10-07 13:01:00 +02:00
Martin Kanis
a493213ad4 Hide read-only email attribute in update profile context with update … …email enabled (#43024) 
* Hide read-only email attribute in update profile context with update email enabled

Closes #42990

Signed-off-by: Martin Kanis <mkanis@redhat.com>

* Simplifying conditions when checking read/write on email attribute and more tests

Signed-off-by: Pedro Igor <pigor.craveiro@gmail.com>

---------

Signed-off-by: Martin Kanis <mkanis@redhat.com>
Signed-off-by: Pedro Igor <pigor.craveiro@gmail.com>
Co-authored-by: Pedro Igor <pigor.craveiro@gmail.com>
 2025-10-07 12:52:55 +02:00