keycloak

mirror of https://github.com/keycloak/keycloak.git synced 2026-05-08 16:09:54 -05:00

Author	SHA1	Message	Date
Pedro Ruivo	eafe08a73a	Create CacheEmbeddedConfigProvider Closes #38497 Signed-off-by: Pedro Ruivo <pruivo@redhat.com> Signed-off-by: Alexander Schwartz <aschwart@redhat.com> Co-authored-by: Alexander Schwartz <aschwart@redhat.com>	2025-04-28 13:00:53 +02:00
mposolda	4e95bde179	Avoid using password policy for configuration of recovery codes warning threshold closes #39214 Signed-off-by: mposolda <mposolda@gmail.com>	2025-04-28 10:06:01 +02:00
Garth	2c06078484	Added ThemeManagerSpi and ported DefaultThemeManagerFactory to use it. Closes #38433. Signed-off-by: Garth <244253+xgp@users.noreply.github.com> Moved ThemeManagerSpi and ThemeManagerFactory to server-spi-private. Marked internal. Added to org.keycloak.provider.Spi file Signed-off-by: Garth <244253+xgp@users.noreply.github.com>	2025-04-25 09:35:10 +02:00
Marek Posolda	025b2ba442	Introducing IdpLinkAction as AIA to replace client-initiated account linking (#38952 ) closes #37269 closes #35446 Signed-off-by: mposolda <mposolda@gmail.com> Co-authored-by: andymunro <48995441+andymunro@users.noreply.github.com> Signed-off-by: Marek Posolda <mposolda@gmail.com>	2025-04-17 13:20:05 +02:00
Pedro Ruivo	636fffe0bc	Create CacheRemoteConfigProvider (#38570 ) Closes #38496 Signed-off-by: Pedro Ruivo <pruivo@redhat.com>	2025-04-16 17:08:43 +02:00
Michal Hajas	4dc4de7c12	Remove CACHE-EMBEDDED-REMOTE-STORE experimental feature Closes #34160 Signed-off-by: Michal Hajas <mhajas@redhat.com>	2025-04-16 12:01:55 +00:00
Vlasta Ramik	367c76417e	Change IDENTITY_PROVIDER_LOGIN and its ERROR to be saved by default (#38825 ) Closes #38824 Signed-off-by: vramik <vramik@redhat.com>	2025-04-14 09:23:44 -03:00
Pedro Igor	e68e43cbc8	Cache resource names associated to policies to improve partial evaluation Closes #38837 Signed-off-by: Pedro Igor <pigor.craveiro@gmail.com>	2025-04-10 19:50:26 +02:00
vramik	fcd4e2bfff	Client 'admin-permissions' doesn't have protocol set. Closes #38765 Signed-off-by: vramik <vramik@redhat.com>	2025-04-09 13:41:14 -03:00
Pedro Igor	ae88d7921f	Improvements to partial evaluation Closes #38732 Signed-off-by: Pedro Igor <pigor.craveiro@gmail.com>	2025-04-09 18:15:28 +02:00
Pedro Igor	be880ae204	Do not cache partial results when FGAP is enabled Closes #38705 Signed-off-by: Pedro Igor <pigor.craveiro@gmail.com>	2025-04-08 08:22:22 +02:00
Pedro Igor	8521b9952a	Export failing if the realm has FGAP enabled Closes #38695 Signed-off-by: Pedro Igor <pigor.craveiro@gmail.com>	2025-04-07 18:47:44 +02:00
Pedro Igor	87430fc181	Add impersonate-members scope to group resource type Closes #38566 Signed-off-by: Pedro Igor <pigor.craveiro@gmail.com>	2025-04-07 14:56:27 +00:00
vramik	6488890585	[FGAP:V2] remove configure scope from Client resource type Closes #38567 Signed-off-by: vramik <vramik@redhat.com>	2025-04-07 07:05:02 -03:00
Stefan Guilhen	c4c3e2eee6	Allow redirection to idp when user email matches any of the org domains Signed-off-by: Stefan Guilhen <sguilhen@redhat.com> Co-authored-by: Martin Panzer <martin.panzer@active-logistics.com> Closes #33804	2025-04-04 11:28:04 -03:00
Pedro Igor	dbb0179a93	Aligning partial evaluation with the outcome from regular evaluations Closes #38626 Signed-off-by: Pedro Igor <pigor.craveiro@gmail.com>	2025-04-03 12:07:30 -03:00
rtufisi	134437a5a7	Create recovery keys in user storage or local (#38446 ) closes #38445 Signed-off-by: rtufisi <rtufisi@phasetwo.io>	2025-04-03 10:09:48 +02:00
Giuseppe Graziano	50fef70f14	Change cookie type for KC_AUTH_SESSION_HASH Closes #38417 Signed-off-by: Giuseppe Graziano <g.graziano94@gmail.com>	2025-04-03 08:45:31 +02:00
rmartinc	a10c8119d4	Define a max expiration window for Signed JWT client authentication Closes #38576 Signed-off-by: rmartinc <rmartinc@redhat.com>	2025-04-02 18:32:54 +02:00
mposolda	a978d8b56b	Better handling of incorrect roleName in KeycloakModelUtils.getRoleFromString closes #38579 Signed-off-by: mposolda <mposolda@gmail.com>	2025-04-02 09:53:58 +02:00
Pedro Igor	61cb0acbc4	Fixing inconsistencies when evaluating permission in the evaluation tab Closes #38498 Signed-off-by: Pedro Igor <pigor.craveiro@gmail.com>	2025-04-01 11:40:27 -03:00
Steven Hawkins	06e0885f46	fix: adds back reporting of non-ip client addresses (#37797 ) closes: #36843 Signed-off-by: Steve Hawkins <shawkins@redhat.com> # Conflicts: # services/src/main/java/org/keycloak/protocol/oidc/tokenexchange/AbstractTokenExchangeProvider.java # services/src/main/java/org/keycloak/protocol/oidc/tokenexchange/StandardTokenExchangeProvider.java	2025-03-27 19:33:20 +00:00
Stefan Guilhen	e694065aed	User UserModel.isFederated() instead of comparing federation link to null Signed-off-by: Stefan Guilhen <sguilhen@redhat.com> Closes #38137	2025-03-27 08:11:14 -03:00
Pedro Igor	78aa8b486f	User not visible when permission with different scope exists Closes #38369 Signed-off-by: Pedro Igor <pigor.craveiro@gmail.com>	2025-03-27 08:01:04 -03:00
Pedro Igor	75651ff5c0	Partial evaluation processing only permissions with scope view Closes #38436 Signed-off-by: Pedro Igor <pigor.craveiro@gmail.com>	2025-03-27 08:01:04 -03:00
Yoshiyuki Tabata	08bac045be	Raising an event when a ClientPolicyException is caught #38366 Signed-off-by: Yoshiyuki Tabata <yoshiyuki.tabata.jy@hitachi.com>	2025-03-27 10:41:21 +01:00
rmartinc	01950fde6f	AgePasswordPolicy should not check password for registration Closes #38331 Signed-off-by: rmartinc <rmartinc@redhat.com>	2025-03-26 18:45:51 +01:00
Giuseppe Graziano	0d5346e8ca	Add broker session id in IDENTITY_PROVIDER_LOGIN event Closes #34720 Signed-off-by: Giuseppe Graziano <g.graziano94@gmail.com>	2025-03-26 16:18:12 +00:00
Ricardo Martin	19f9331e88	Re-add messages for recovery codes credential in the account console Closes #38381 Signed-off-by: rmartinc <rmartinc@redhat.com>	2025-03-26 16:05:39 +01:00
Pedro Igor	26c90f369f	Support for partial evaluation for clients Closes #38393 Signed-off-by: Pedro Igor <pigor.craveiro@gmail.com>	2025-03-25 09:04:12 -03:00
Pedro Igor	1c57035d41	Support partial evaluation for the group resource type Closes #38273 Signed-off-by: Pedro Igor <pigor.craveiro@gmail.com>	2025-03-24 11:49:53 -03:00
vramik	a72d15b857	`PartialEvaluator` ignores `view-` and `manage-` roles Closes #38284 Signed-off-by: vramik <vramik@redhat.com>	2025-03-24 08:30:59 -03:00
Laurids Møller Jepsen	8f7c1871a7	Add client OIDC configuration for setting the header type in access tokens. If this setting is On, the access token header type will be "at+jwt" in compliance with RFC 9068, see https://datatracker.ietf.org/doc/html/rfc9068#section-2.1. If the setting is Off, the access token header type will be "JWT". The setting is Off per default. Closes #36696 Signed-off-by: Laurids Møller Jepsen <laurids.jepsen@cryptomathic.com>	2025-03-24 10:35:41 +01:00
Sebastian Rose	4fb1c41155	Sending Mails via SMTP and XOAUTH2 authentication mechanism Closes #17432 Signed-off-by: Sebastian Rose <sebastian.rose@gmail.com>	2025-03-21 10:12:18 +01:00
Pedro Igor	ed809d7884	Filtering not working when using view-member permission with a permission that denies access to a resource Closes #38304 Signed-off-by: Pedro Igor <pigor.craveiro@gmail.com>	2025-03-20 17:06:51 -03:00
mposolda	45344ef65f	User session lookup optimization and fixes closes #37662 Signed-off-by: mposolda <mposolda@gmail.com>	2025-03-20 12:39:50 +01:00
Alexander Schwartz	c9b88c6bf6	Finalizing release notes and documentation for initial rolling update Closes #38168 Signed-off-by: Alexander Schwartz <aschwart@redhat.com>	2025-03-19 21:34:09 +01:00
Pedro Igor	a4000575a4	Initial support for partial evaluation Closes #38085 Signed-off-by: Pedro Igor <pigor.craveiro@gmail.com>	2025-03-19 13:30:52 -03:00
Pedro Ruivo	46bbe073fb	SPI for compatibility metadata Closes #36786 Signed-off-by: Pedro Ruivo <pruivo@redhat.com> Signed-off-by: Alexander Schwartz <aschwart@redhat.com> Co-authored-by: Alexander Schwartz <aschwart@redhat.com>	2025-03-17 16:48:24 +00:00
vramik	91b0b0cb79	Fix javadoc for `KeycloakModelUtils.findUserByNameOrEmail` Closes #37922 Signed-off-by: vramik <vramik@redhat.com>	2025-03-14 09:32:15 -03:00
Pedro Igor	70114e249a	Fix showing resource display name when listing permissions Closes #38027 Signed-off-by: Pedro Igor <pigor.craveiro@gmail.com>	2025-03-13 13:05:15 -03:00
vramik	872a691757	Remove permissions and resources when their corresponding objects are deleted Closes #37242 Signed-off-by: vramik <vramik@redhat.com>	2025-03-11 14:58:03 -03:00
Jakob Overrein	aec62803c7	Allow users, roles, and groups, to be created in a specified DN relative to the parent DN The new field introduced will prefix the parent DN as a relative path and allow created items to be placed in a subtree instead of the parent DN. Closes #28569 Signed-off-by: Jakob Overrein <jakob.overrein@basefarm-orange.com>	2025-03-10 16:13:36 -03:00
Giuseppe Graziano	0b3cfde860	Support revocation for standard token exchange Closes #37120	2025-03-10 15:02:09 +01:00
Alexey Markevich	44956e10d0	Not email password policy provider: case insensitive comparison Closes #34989 Signed-off-by: Alexey Markevich <buhhunyx@gmail.com>	2025-03-06 14:51:40 +00:00
Martin Kanis	f41ee2fdc6	Add Role resource type and its scopes to authorization schema Closes #35565 Signed-off-by: Martin Kanis <mkanis@redhat.com>	2025-03-06 09:09:35 -03:00
rmartinc	4f161001ce	Improve events handling for TE Closes #37693 Signed-off-by: rmartinc <rmartinc@redhat.com>	2025-03-05 08:35:02 +01:00
mposolda	73cfd9cc80	Polishing of token-exchange features. Remove TOKEN_EXCHANGE_FEDERATED_V2 and TOKEN_EXCHANGE_SUBJECT_IMPERSONATION_V2 closes #37367 Signed-off-by: mposolda <mposolda@gmail.com>	2025-03-03 17:32:17 +01:00
Pedro Igor	77ef5ff795	Returning the denied scopes and the friendly name for resources Signed-off-by: Pedro Igor <pigor.craveiro@gmail.com>	2025-02-27 14:12:45 -03:00
Martin Bartoš	2379dd8202	Suppress info message about mapper config synchronizer (#37625 ) Closes #37624 Signed-off-by: Martin Bartoš <mabartos@redhat.com>	2025-02-27 10:34:00 +01:00

1 2 3 4 5 ...

1199 Commits