mirror/keycloak
1
0
Fork 0
mirror of https://github.com/keycloak/keycloak.git synced 2025-12-16 20:15:46 -06:00
Code Issues Packages Projects Releases Wiki Activity
26,590 Commits 20 Branches 287 Tags
bfbee097670b8986df4017b9364e8b89bce643ae
Commit Graph

26590 Commits

This Branch
This Branch
All Branches
Author SHA1 Message Date
Steven Hawkins
bfbee09767 fix: disabling CRDTest (#44044) 
closes: #43980

Signed-off-by: Steve Hawkins <shawkins@redhat.com>
 2025-11-07 17:16:41 +00:00
Ricardo Martin
ff09872db0 Use back keycloak-js instead of initiate login in the backend for account 
Closes #40463


(cherry picked from commit 360ff7050c)

Signed-off-by: rmartinc <rmartinc@redhat.com>
 2025-11-03 13:50:11 +01:00
Alexander Schwartz
5995815bcc Fixing tests 
Signed-off-by: Alexander Schwartz <alexander.schwartz@ibm.com>
 2025-10-27 08:39:09 -03:00
Alexander Schwartz
76f2e85b1e Role mapper should check if an update is needed for the role 
Closes #43698

Signed-off-by: Alexander Schwartz <alexander.schwartz@ibm.com>
 2025-10-27 08:39:09 -03:00
Martin Bartoš
2d6feb1788 Upgrade to Quarkus 3.15.7 LTS (#42899) 
Closes #42898

Closes #42491

Closes #42492

Signed-off-by: Martin Bartoš <mabartos@redhat.com>
 2025-10-06 16:15:32 +02:00
Pedro Ruivo
92d9fcfbac Restarting an user session broken for persistent sessions 
Fixes #43161

Signed-off-by: Pedro Ruivo <1492066+pruivo@users.noreply.github.com>
Co-authored-by: Pedro Ruivo <1492066+pruivo@users.noreply.github.com>
 2025-10-03 19:27:57 +02:00
Alexander Schwartz
17f0f969b7 Disable Secure Client-Initiated Renegotiation by default 
The parameter  -Djdk.tls.rejectClientInitiatedRenegotiation=true disables Secure Client-Initiated Renegotiation in Keycloak to resolve a potential DoS vulnerability. Note this is applicable only to TLS 1.2.

Closes #43020

Signed-off-by: Erasure5959 <154384607+Erasure5959@users.noreply.github.com>
Signed-off-by: Alexander Schwartz <alexander.schwartz@ibm.com>
Co-authored-by: Erasure5959 <154384607+erasure5959@users.noreply.github.com>
 2025-10-02 14:47:26 -03:00
Alexander Schwartz
716d0a13fd Avoid invalidating the realm when managing client initial access 
Closes #42922

Signed-off-by: Alexander Schwartz <alexander.schwartz@gmx.net>
 2025-09-26 12:54:55 +02:00
Alexander Schwartz
865853c365 Avoid double submit on opt login form 
Closes #36012

(cherry picked from commit cc4691a3fc)

Signed-off-by: Christian Janker <christian.janker@gmx.at>
Co-authored-by: Christian Ja <christian.janker@gmx.at>
 2025-09-19 11:24:38 -03:00
Alexander Schwartz
63a5aee682 Handle already existing user session in the store 
Closes #40374

Signed-off-by: Alexander Schwartz <aschwart@redhat.com>
 2025-09-11 17:10:06 +02:00
Martin Bartoš
d531377dd8 ExternalLinks are broken in documentation 
Closes #41491

Signed-off-by: Martin Bartoš <mabartos@redhat.com>
 2025-09-11 15:19:30 +02:00
Ricardo Martin
491ec37376 Add User_agent header for documentation links checker 
Closes #42164

Signed-off-by: rmartinc <rmartinc@redhat.com>
Signed-off-by: Alexander Schwartz <aschwart@redhat.com>
Co-authored-by: Alexander Schwartz <aschwart@redhat.com>
(cherry picked from commit 93791f67fb)
 2025-09-11 15:19:30 +02:00
Pedro Ruivo
090f8ffa80 [26.0] ClientSession timestamp not updated in the database 
Closes #42012

Signed-off-by: Pedro Ruivo <1492066+pruivo@users.noreply.github.com>
Co-authored-by: Pedro Ruivo <1492066+pruivo@users.noreply.github.com>
 2025-09-10 20:32:57 +02:00
mposolda
ebdfe4cd3f Unbounded login_hint parameter Can Corrupt KC_RESTART Cookie 
closes #40857

Signed-off-by: mposolda <mposolda@gmail.com>
(cherry picked from commit 5a05d2123e)
 2025-09-09 17:09:40 +02:00
Manuel Schallar
8e8072d57a Use optional realm attribute for request param max size/number (#25007) 
closes #25006

Enable fail-fast toggle for additional request parameter parsing
Enable configuration of an overall size of additional request parameters

Everything is backwardscompatible. No configuration necessary when upgrading.

Signed-off-by: Manuel Schallar <manuel.schallar@prime-sign.com>
Co-authored-by: Manuel Schallar <manuel.schallar@prime-sign.com>
(cherry picked from commit 7e08b095a3)
 2025-09-09 17:09:40 +02:00
Alexander Schwartz
41f3bb57b5 Avoid removing client sessions before the user session times out 
As the client session timeout can be overwritten on a per client level, the realm level timeout can not be used to remove client sessions early.

Closes #35825

Signed-off-by: Alexander Schwartz <aschwart@redhat.com>
 2025-09-08 16:37:55 -03:00
Václav Muzikář
34f4efbd1c Upgrade to Quarkus 3.15.6.2 
Closes #42246

Signed-off-by: Václav Muzikář <vmuzikar@redhat.com>
 2025-08-29 21:07:16 +02:00
Steven Hawkins
b1f3422fe5 Backport 42151 26.0 (#42237) 
* fix: adding docs about Keycloak CR security (#40260) (#40322)

closes: #40188


(cherry picked from commit f8ba9d3429)

Signed-off-by: Steve Hawkins <shawkins@redhat.com>

* fix: expands our warnings/notes around placeholder usage (#42151) (#42233)

addresses CVE-2025-9162

closes: #42046


(cherry picked from commit e891336167)

Signed-off-by: Steve Hawkins <shawkins@redhat.com>

---------

Signed-off-by: Steve Hawkins <shawkins@redhat.com>
 2025-08-29 15:59:24 +02:00
Marek Posolda
bfcc03ca77 fix: avoid double-submission in password change and recovery code screens 
closes #39759

(cherry picked from commit f692add5ae)

Signed-off-by: Jackie Weng <jweng@linz.govt.nz>
Co-authored-by: Jackie Weng <120340761+jackie-linz@users.noreply.github.com>
 2025-08-22 14:42:29 +02:00
Pedro Igor
89b01c9304 Remove authentication session when deleting the account 
Closes #38671

Signed-off-by: Pedro Igor <pigor.craveiro@gmail.com>
(cherry picked from commit 86a1e9d209)
 2025-08-22 08:55:09 -03:00
Martin Bartoš
df3b4235b7 Upgrade to Quarkus 3.15.6.1 (#41367) 
Closes #41366

Signed-off-by: Martin Bartoš <mabartos@redhat.com>
 2025-08-20 09:47:57 +02:00
Ricardo Martin
a04cef816d Upgrade angus mail to 2.0.4 
Closes #41808

Signed-off-by: rmartinc <rmartinc@redhat.com>
(cherry picked from commit facffa36cc)
 2025-08-19 09:52:15 +02:00
rmartinc
dad939bed3 Use Optional instead of getOrDefault for settings in testSMTPConnection 
Closes #41643

Signed-off-by: rmartinc <rmartinc@redhat.com>
(cherry picked from commit a58556d761)
 2025-08-12 11:20:56 +02:00
mposolda
d46f3bc38a Getting error 405 'Method Not Allowed' when calling the 'certs' endpoint with HEAD method 
closes #41537

Signed-off-by: mposolda <mposolda@gmail.com>
(cherry picked from commit 2dab73063d)
(cherry picked from commit 7a9c0d3290c84f215fcf020e2fe22472d897b898)
 2025-08-01 10:45:10 +02:00
Stefan Guilhen
4f26a92d86 use user and client from form when on the events section (#35098) (#40389) 
fixes: #35048


(cherry picked from commit c19c3c80cc)

Signed-off-by: Erik Jan de Wit <erikjan.dewit@gmail.com>
Co-authored-by: Erik Jan de Wit <erikjan.dewit@gmail.com>
 2025-07-23 14:06:08 -04:00
mposolda
f63a870c76 Add option 'Requires short state parameter' to OIDC IDP 
closes #40237

Signed-off-by: mposolda <mposolda@gmail.com>
(cherry picked from commit 274afa88fa)
 2025-07-14 08:43:44 +02:00
Ricardo Martin
a404585f47 Remove /etc/system-fips file before executing fips-mode-setup 
Closes #41038


(cherry picked from commit e631ef4f92)

Signed-off-by: rmartinc <rmartinc@redhat.com>
 2025-07-10 18:23:52 +02:00
Steven Hawkins
6a6e35bddf fix: switching to the registry addon for olm testing 
closes: #40099

(cherry picked from commit eb96b4a59f)
(cherry picked from commit 9e6e9e37c4)

Signed-off-by: Steve Hawkins <shawkins@redhat.com>
 2025-06-28 10:16:32 +02:00
rmartinc
eab83b40d5 Disable email verification when email manually changed by idp review 
Closes #40446

Signed-off-by: rmartinc <rmartinc@redhat.com>
(cherry picked from commit 86f0a7864f)
 2025-06-27 16:26:01 +02:00
Ricardo Martin
718505eadb Copy restored maven repo to home folder in Windows 
Closes #40593

Signed-off-by: rmartinc <rmartinc@redhat.com>
 2025-06-26 20:05:21 +02:00
Alexander Schwartz
689265fa94 Removing the Windows optimization as it is currently unstable 
Closs #40583

Signed-off-by: Alexander Schwartz <aschwart@redhat.com>
 2025-06-26 20:05:21 +02:00
Ricardo Martin
0892ba363a Create the links correctly for the maven repository in windows 
Closes #40339


(cherry picked from commit 6fe14c7044)

Signed-off-by: rmartinc <rmartinc@redhat.com>
 2025-06-10 11:01:13 +00:00
Alexander Schwartz
20dcb4f4f7 added DCL pattern implementation for TransformerUtil 
Closes #40030

Signed-off-by: Anchels <mishtitov@gmail.com>
Signed-off-by: Alexander Schwartz <aschwart@redhat.com>
Co-authored-by: Anchels <42744001+Anchels@users.noreply.github.com>
 2025-06-06 10:06:29 -03:00
Martin Bartoš
8cff835c30 Upgrade to Quarkus 3.15.5 (#39842) 
Closes #39839

Signed-off-by: Martin Bartoš <mabartos@redhat.com>
 2025-05-27 15:01:14 +02:00
Pedro Ruivo
28c215a13b Add example with TCPPING discovery protocol to documentation (#39873) 
Closes #39871

Signed-off-by: Pedro Ruivo <pruivo@redhat.com>
 2025-05-27 10:07:28 +02:00
rmartinc
7ac6096269 Only reuse SMTP authentication data for testing endpoint when the same auth, host, port and user are passed 
Closes #39486

Signed-off-by: rmartinc <rmartinc@redhat.com>
(cherry picked from commit 598154bc58)
 2025-05-22 14:05:56 +02:00
mposolda
0ad29a0844 Fix documentation link to quickstarts to point to 'main' branch instead of 'latest' branch 
closes #39798

Signed-off-by: mposolda <mposolda@gmail.com>
(cherry picked from commit fe2790a09d)
 2025-05-19 10:55:22 +02:00
Alexander Schwartz
20d272304b Lazily process sessions from ISPN to avoid fetching client sessions 
Closes #39638

Signed-off-by: Alexander Schwartz <aschwart@redhat.com>
 2025-05-13 16:54:56 +02:00
Alexander Schwartz
0628eedca1 More eagerly clear references to client sessions from the user session 
Closes #39651

Signed-off-by: Alexander Schwartz <aschwart@redhat.com>
 2025-05-13 16:53:49 +02:00
Alexander Schwartz
21b59abafe Fix list design (#39601) 
Closes #39600

Signed-off-by: Alexander Schwartz <aschwart@redhat.com>
 2025-05-13 11:43:46 +02:00
Ricardo Martin
2c351a3e7e Disable social links after being clicked (#39031) 
Closes #35278

Signed-off-by: rmartinc <rmartinc@redhat.com>
(cherry picked from commit 3969c40f61)
 2025-05-13 09:54:19 +02:00
Pedro Ruivo
1f6851e546 Patch kubernetes stack with port_range=0 
Fixes #39023

Fixes #39454

Signed-off-by: Pedro Ruivo <pruivo@redhat.com>
 2025-05-09 21:46:24 +02:00
rmartinc
a343af90dd Return user session started time when client note is missing for offline 
Closes #39021

Signed-off-by: rmartinc <rmartinc@redhat.com>
(cherry picked from commit 11b032f9cd)
 2025-05-07 11:14:50 +02:00
Michal Hajas
1aa80ab6d1 Fix outdated link to Infinispan docs 
Closes #39225

Signed-off-by: Michal Hajas <mhajas@redhat.com>
 2025-05-05 14:36:01 +02:00
Ricardo Martin
4defcac93f Partial backport of #34980 to upgrade creaper and https initialization for eap8 and wildfly 
Closes #39319

Signed-off-by: rmartinc <rmartinc@redhat.com>
 2025-04-30 12:50:38 +00:00
Miquel Simon
cb76ceb47b Added support for Nexus 3 repositories 
Closes #34136


(cherry picked from commit 602604459d)

Signed-off-by: Miquel Simon <msimonma@redhat.com>
 2025-04-30 12:09:25 +00:00
Stian Thorgersen
35b29bb6d2 Adapt fake_fips for kernel 6.11 (#248) 
Closes #39125

Signed-off-by: rmartinc <rmartinc@redhat.com>
Signed-off-by: Alexander Schwartz <aschwart@redhat.com>
Co-authored-by: Ricardo Martin <rmartinc@redhat.com>
Co-authored-by: Alexander Schwartz <alexander.schwartz@gmx.net>
 2025-04-24 14:10:08 +02:00
mposolda
b329e6e79a Make sure Cancel AIA does not remove required action from user 
Signed-off-by: mposolda <mposolda@gmail.com>
(cherry picked from commit 5e0915854348c9cb95519d5d2d04b41ee97605db)
 2025-04-24 11:44:46 +02:00
Steve Hawkins
f835f49065 fix: remove ANY mode modification of truststores 
also note that ANY should not be used in production

closes: CVE-2025-3501

Add a test for the error (#1)

Signed-off-by: Ricardo Martin <rmartinc@redhat.com>

Update docs/guides/server/keycloak-truststore.adoc

Co-authored-by: Marek Posolda <mposolda@gmail.com>
Signed-off-by: Steven Hawkins <shawkins@redhat.com>
 2025-04-24 11:44:33 +02:00
Venelin Cvetkov
4ae7d60784 Add config param disableTypeClaimCheck in order to validate external tokens without typ claim 
Closes #33332

Signed-off-by: Venelin Cvetkov <venelin.tsvetkov@gmail.com>
(cherry picked from commit d388dc7936)
 2025-04-17 15:11:25 +02:00