mirror/keycloak
1
0
Fork 0
mirror of https://github.com/keycloak/keycloak.git synced 2026-01-30 11:29:27 -06:00
Code Issues Packages Projects Releases Wiki Activity
28,020 Commits 23 Branches 291 Tags
ffaa7c25922dfb4dc1a65e2c457b4400a05106dd
Commit Graph

955 Commits

Author SHA1 Message Date
Pedro Igor
dbb0179a93 Aligning partial evaluation with the outcome from regular evaluations 
Closes #38626

Signed-off-by: Pedro Igor <pigor.craveiro@gmail.com>
 2025-04-03 12:07:30 -03:00
Pedro Igor
61cb0acbc4 Fixing inconsistencies when evaluating permission in the evaluation tab 
Closes #38498

Signed-off-by: Pedro Igor <pigor.craveiro@gmail.com>
 2025-04-01 11:40:27 -03:00
Alexander Schwartz
85737f52b5 Make access Token in user info endpoint bound to the dpop proof 
Closes #38333

Signed-off-by: Alexander Schwartz <aschwart@redhat.com>
 2025-03-31 09:41:57 +02:00
Steven Hawkins
06e0885f46 fix: adds back reporting of non-ip client addresses (#37797) 
closes: #36843

Signed-off-by: Steve Hawkins <shawkins@redhat.com>
# Conflicts:
#	services/src/main/java/org/keycloak/protocol/oidc/tokenexchange/AbstractTokenExchangeProvider.java
#	services/src/main/java/org/keycloak/protocol/oidc/tokenexchange/StandardTokenExchangeProvider.java
 2025-03-27 19:33:20 +00:00
Tero Saarni
c7f0fc7ac3 Support EC in PEM utils 
This change adds

- Support for decoding EC private keys.
- Support for decoding certificate bundles.

Closes #38490

Signed-off-by: Tero Saarni <tero.saarni@est.tech>
 2025-03-27 15:44:05 +01:00
Ricardo Martin
19f9331e88 Re-add messages for recovery codes credential in the account console 
Closes #38381

Signed-off-by: rmartinc <rmartinc@redhat.com>
 2025-03-26 16:05:39 +01:00
Thomas Richner
9920aa248e fixes incorrect JWK thumprint computation 
Closes #38394

Signed-off-by: Thomas Richner <thomas.richner@oviva.com>
 2025-03-25 20:55:54 +01:00
Pedro Igor
77ef5ff795 Returning the denied scopes and the friendly name for resources 
Signed-off-by: Pedro Igor <pigor.craveiro@gmail.com>
 2025-02-27 14:12:45 -03:00
mposolda
f03f511844 Polishing support for id-token in standard token exchange 
closes #37113

Signed-off-by: mposolda <mposolda@gmail.com>
 2025-02-19 14:44:29 +01:00
Pedro Igor
602df06191 Allows querying credential from user storage providers 
Closes #35020

Signed-off-by: Pedro Igor <pigor.craveiro@gmail.com>
 2025-02-05 07:56:05 -03:00
Arthenice
c20f7e50c7 docs: update JavaDoc for ImportSynchronization 
The JavaDoc for ImportSynchronization was wrongfully referencing the
UserStorageProvider instead of the UserStorageProviderFactory.

Closes #36834

Signed-off-by: arthenice <wistful.arthenice@gmail.com>
 2025-01-28 12:13:19 +01:00
Stian Thorgersen
fc2b9018f1 Extend REST API for login and admin events to support sync scenarios (#36601) 
Closes #36600

Signed-off-by: stianst <stianst@gmail.com>
 2025-01-20 14:32:55 +01:00
Stian Thorgersen
c1c147cb17 Restrict access to environment variables when at the server runtime (#36472) 
Signed-off-by: Pedro Igor <pigor.craveiro@gmail.com>
Co-authored-by: Pedro Igor <pigor.craveiro@gmail.com>
 2025-01-15 09:36:19 +01:00
vramik
0a632fdefa [FGAP] Add adminPermissionClientCheck to authorization services REST endpoints 
Closes #35945

Signed-off-by: vramik <vramik@redhat.com>
 2025-01-10 08:56:48 -03:00
Ingrid Kamga
206436fde9 Offload format-specific credential building to dedicated credential builder providers (#32951) (#35046) 
Closes #32951

Signed-off-by: Ingrid Kamga <Ingrid.Kamga@adorsys.com>
 2024-12-19 12:42:41 +01:00
Pedro Igor
93c1740538 Support for initial CRUD operations when managing admin permissions 
Signed-off-by: Pedro Igor <pigor.craveiro@gmail.com>

Closes #35987
 2024-12-18 07:43:13 -03:00
Thomas Darimont
3cdbbc5b15 Add support for Initiating User Registration via prompt=create (#10701) (#35903) 
Fixes #10701

Signed-off-by: Thomas Darimont <thomas.darimont@googlemail.com>
 2024-12-16 19:54:52 +01:00
vramik
044807f162 [FGAP] Create new internal client which would hold the authorization objects for feature V2 
Closes #34565

Signed-off-by: vramik <vramik@redhat.com>
 2024-12-05 11:56:13 -03:00
Thomas Darimont
f61937f3d9 Prefer usage of StandardCharsets.UTF_8 over "UTF-8" charset reference 
Fixes #35080

Signed-off-by: Thomas Darimont <thomas.darimont@googlemail.com>
Signed-off-by: Alexander Schwartz <aschwart@redhat.com>
Co-authored-by: Alexander Schwartz <aschwart@redhat.com>
 2024-11-25 10:45:37 +00:00
vramik
440e81c8b9 Add a realm-level setting to enable FGAP to a realm 
Closes #34920

Signed-off-by: vramik <vramik@redhat.com>
 2024-11-19 09:59:34 -03:00
Awambeng
cfd187b0ff Introduce SdJwtFacade layer for simplified SD-JWT handling and enhance test coverage (#34915) 
Closes #32955

Signed-off-by: Awambeng Rodrick <awambengrodrick@gmail.com>
 2024-11-15 15:20:10 +01:00
rmartinc
c1d4dad4dc Avoid MRJAR in keycloak-core 
Closes #34630

Signed-off-by: rmartinc <rmartinc@redhat.com>
 2024-11-15 15:16:56 +01:00
vramik
9050172448 [FGAP] First draft of Authorization Schema 
Closes #34569

Signed-off-by: vramik <vramik@redhat.com>
 2024-11-14 07:52:37 -03:00
Pedro Igor
d04f7900f5 added membershipType to members list and membership type filter 
Signed-off-by: Agnieszka Gancarczyk <agagancarczyk@gmail.com>
 Co-authored-by: Pedro Igor <pigor.craveiro@gmail.com>
 Signed-off-by: Pedro Igor <pigor.craveiro@gmail.com>

Signed-off-by: Pedro Igor <pigor.craveiro@gmail.com>
 2024-11-12 09:13:18 -03:00
Marek Posolda
92d9ac6621 Update KEYCLOAK_SESSION cookie to not have sessionId in plaintext (#34551) 
closes #34026

Signed-off-by: mposolda <mposolda@gmail.com>
 2024-11-11 18:47:18 +01:00
rmartinc
e6ffc04cac Do not calculate thumbprints for certificates if not needed 
Closes #34776

Signed-off-by: rmartinc <rmartinc@redhat.com>
 2024-11-11 10:37:05 +01:00
Pedro Igor
0a05ba49d1 Adding a details map to admin events to store additional contextual data when the event is fired 
Signed-off-by: Pedro Igor <pigor.craveiro@gmail.com>
 2024-11-07 17:19:43 -03:00
Robert Rieser
42fcc64bac issue-34013: Added a representation that includes an organization and user model, as well as included it in the event body for removing and adding of members to an organization 
https://github.com/keycloak/keycloak/issues/34013

Signed-off-by: Robert Rieser <Robert.Rieser@degoya.studio>
 2024-11-07 17:19:43 -03:00
Thomas Darimont
3315ea718a Add ability to enable OID4VCI Verifiable Credentials per realm (#34524) 
- Added new realm property verifiableCredentialsEnabled
- Updated RealmRepresentation
- Guarded route to Oid4VCI page
- Add boolean switch to Realm settings page to control Verifiable Credentials enablement
- We now only show the Verifiable Credentials page in the nave if the "Verifiable Credentials" realm setting is enabled.

Fixes #34524

Signed-off-by: Thomas Darimont <thomas.darimont@googlemail.com>
 2024-11-04 14:58:30 +01:00
Ingrid Kamga
c4d6979907 Scaffold verification of SD-JWT VP token (#29859) (#33752) 
Closes #29859

Signed-off-by: Ingrid Kamga <Ingrid.Kamga@adorsys.com>
 2024-10-25 14:49:25 +02:00
Gilvan Filho
c4005d29f0 add linear strategy to brute force 
closes #25917

Signed-off-by: Gilvan Filho <gilvan.sfilho@gmail.com>
 2024-10-22 10:33:22 -03:00
rmartinc
6d52520730 Load client keys using SubjectPublicKeyInfo and upload jwks type into the jwks attributes for OIDC ones 
Closes #33820

Signed-off-by: rmartinc <rmartinc@redhat.com>
 2024-10-22 14:24:15 +02:00
Pascal Knüppel
41ee68611f Allow to create EC certificates if new EC-key-provider is created (#31843) 
Closes #31842

Signed-off-by: Pascal Knüppel <pascal.knueppel@governikus.de>
 2024-10-17 16:05:59 +02:00
Thomas Darimont
40bdc902f0 Use account-console client for server-side auth check 
Also generate PKCE verifier and use challenge parameters

Signed-off-by: Thomas Darimont <thomas.darimont@googlemail.com>
 2024-10-17 07:53:20 -03:00
Thomas Darimont
729417b20a Use account-console client for server-side auth check 
- Also generate PKCE verifier and use challenge parameters

Signed-off-by: Thomas Darimont <thomas.darimont@googlemail.com>
 2024-10-17 07:53:20 -03:00
Ogen Bertrand
304da50efc Implement SdJwtVP.of(String) with enhanced error handling 
This update includes validation for missing disclosures, duplicate disclosure digests, and malformed disclosure data, improving overall robustness and error handling during disclosure processing.

Closes #33020

Signed-off-by: Ogenbertrand <ogenbertrand@gmail.com>
 2024-10-07 16:40:54 +02:00
Maksim Zvankovich
35eba8be8c Add option to include the organization id in the organization claims 
Closes #32746

Signed-off-by: Maksim Zvankovich <m.zvankovich@nexovagroup.eu>
Co-authored-by: Stefan Guilhen <sguilhen@redhat.com>
 2024-10-03 08:11:36 -03:00
vramik
c1653448f3 [Organizations] Allow orgs to define the redirect URL after user registers or accepts invitation link 
Closes #33201

Signed-off-by: vramik <vramik@redhat.com>
 2024-10-02 07:37:48 -03:00
rmartinc
c532751ff4 Downgrade Java for client libraries to 8 
Closes #33051

Signed-off-by: rmartinc <rmartinc@redhat.com>
 2024-09-20 17:01:01 +02:00
Pedro Ruivo
f67bec0417 Rename remote-cache Feature 
Renamed to "clusterless"

Closes #32596

Signed-off-by: Pedro Ruivo <pruivo@redhat.com>
 2024-09-13 13:03:13 +02:00
Stefan Guilhen
e7a4635620 Filter out org brokers from the account console 
- org-linked brokers should not be available for login
- prepare the endpoint for search/pagination

Closes #31944

Signed-off-by: Stefan Guilhen <sguilhen@redhat.com>
 2024-09-04 09:00:52 -03:00
mposolda
dad4477995 Remove keycloak-core and keycloak-crypto-default from SAML galleon feature pack and upgrade them to Java 17 
closes #32586

Signed-off-by: mposolda <mposolda@gmail.com>
 2024-09-03 15:58:57 +02:00
keshavprashantdeshpande
058c2717a0 Add setter for frontChannelLogoutSupported and frontChannelLogoutSessionSupported (#32532) 
Closes  #30178

Signed-off-by: keshavprashantdeshpande <vaidehidabir@gmail.com>
 2024-09-02 12:18:01 +00:00
Erik Jan de Wit
776a491989 added organizations table to account (#32311) 
* added organizations table to account

Signed-off-by: Erik Jan de Wit <erikjan.dewit@gmail.com>
Signed-off-by: Pedro Igor <pigor.craveiro@gmail.com>
Co-authored-by: Pedro Igor <pigor.craveiro@gmail.com>
 2024-08-22 15:44:03 -03:00
Pedro Igor
eeae50fb43 Make sure federationLink always map to the storage provider associated with federated users 
Closes #31670

Signed-off-by: Pedro Igor <pigor.craveiro@gmail.com>
 2024-08-20 11:27:22 +02:00
Stefan Guilhen
f82159cf65 Rework logic to fetch IDPs for the login page so that IDPs are fetched from the provider and not filtered in code. 
Closes #32090

Signed-off-by: Stefan Guilhen <sguilhen@redhat.com>
 2024-08-19 09:06:35 -03:00
mposolda
54a538b3ad Update RolePolicyRepresentation fields from 'boolean' to 'Boolean' 
closes #32117

Signed-off-by: mposolda <mposolda@gmail.com>
 2024-08-14 13:11:06 +02:00
rmartinc
2a06e1a6db Add SHAKE256 hash provider for Ed448 
Closes #31931

Signed-off-by: rmartinc <rmartinc@redhat.com>
 2024-08-08 17:36:54 +02:00
Justin Tay
966a454548 Add ECDH-ES JWE Algorithm Provider, Add generated ECDH key provider (#23928) 
Closes #23596
Closes #23597

Signed-off-by: Justin Tay <49700559+justin-tay@users.noreply.github.com>
 2024-08-08 17:29:35 +02:00
Pascal Knüppel
bf951a5554 Fix certificate creation with cross-keys (#31866) 
fixes #31864

Signed-off-by: Pascal Knüppel <pascal.knueppel@governikus.de>
 2024-08-07 12:41:12 +02:00