mirror/keycloak
1
0
Fork 0
mirror of https://github.com/keycloak/keycloak.git synced 2025-12-16 20:15:46 -06:00
Code Issues Packages Projects Releases Wiki Activity
29,779 Commits 20 Branches 287 Tags
nightly
Commit Graph

159 Commits

Author SHA1 Message Date
Stian Thorgersen
6bcbd5ab59 Clear classes loaded on the server side for run-on-server when a new execution happens (#44909) 
Closes #44908

Signed-off-by: stianst <stianst@gmail.com>
 2025-12-16 10:25:39 +01:00
Lukas Hanusovsky
e8c6a7b98d [Test Framework] Migrate initial WebAuthn setup + WebAuthnRegisterAndLoginTest. (#44016) 
Signed-off-by: Lukas Hanusovsky <lhanusov@redhat.com>
 2025-12-15 15:01:42 +01:00
Václav Muzikář
da6c4df5ec Support EDB 18 (#44856) 
* Support EDB 18

Closes #44494

Signed-off-by: Václav Muzikář <vmuzikar@redhat.com>

* Update test-framework/db-edb/container/README.md

Co-authored-by: Steven Hawkins <shawkins@redhat.com>
Signed-off-by: Václav Muzikář <vaclav@muzikari.cz>

---------

Signed-off-by: Václav Muzikář <vmuzikar@redhat.com>
Signed-off-by: Václav Muzikář <vaclav@muzikari.cz>
Co-authored-by: Steven Hawkins <shawkins@redhat.com>
 2025-12-15 07:36:26 +01:00
Stian Thorgersen
d25a731ae5 Fix Chrome and Firefox in new test framework on GitHub Actions (#44804) 
Closes #44776

Signed-off-by: stianst <stianst@gmail.com>
 2025-12-10 12:22:47 -03:00
Martin Kanis
5ee4cb5157 Fix for missing object representation in admin event log when deleting user, group, client (#43620) 
* Fix for missing object representation in admin event log when deleting user, group, client

Closes #33009

Signed-off-by: jwozniakowski <wozniakowski@netguardians.ch>

* Fix issues and add role representation when deleting a role

Closes #33009

Signed-off-by: Martin Kanis <mkanis@redhat.com>

---------

Signed-off-by: jwozniakowski <wozniakowski@netguardians.ch>
Signed-off-by: Martin Kanis <mkanis@redhat.com>
Co-authored-by: jwozniakowski <wozniakowski@netguardians.ch>
 2025-12-09 12:32:18 +01:00
Sebastian Schuster
b5178a2bec Added section on recommended isolation level to db guides 
Closes #44611

Signed-off-by: Sebastian Schuster <sebastian.schuster@bosch.com>
Signed-off-by: Alexander Schwartz <alexander.schwartz@ibm.com>
Co-authored-by: Alexander Schwartz <alexander.schwartz@ibm.com>
 2025-12-05 14:48:31 +01:00
rmartinc
ae7e7ba084 New Identity Provider condition for client policies 
Closes #44442

Signed-off-by: rmartinc <rmartinc@redhat.com>
 2025-12-03 08:50:31 +01:00
Giuseppe Graziano
2b4855ff97 Executor for checking claims in JWT assertions (#44537) 
Closes #4443


Signed-off-by: Giuseppe Graziano <g.graziano94@gmail.com>
 2025-12-01 11:07:42 +01:00
stianst
f6676ccd76 Migrate i18n package to new testsuite 
Closes #44520

Signed-off-by: stianst <stianst@gmail.com>
 2025-11-28 08:56:11 -03:00
Stian Thorgersen
33b6065c2a Introduces a ManagedWebDriver to provide a single entry point for utilities around WebDriver 
This will make it easier to discover various utilities without having to find static methods in various classes; and will also provides us with a wrapper around Selenium where we can add any tweaks needed. It is also now possible to construct a page instance without injection using `page().createPage(MyPage.class)`

Closes #44464

Signed-off-by: stianst <stianst@gmail.com>
 2025-11-26 15:20:23 +01:00
mposolda
cbb823bc0e Make sd-jwt key binding verification work with EdDSA keys 
closes #44369

Signed-off-by: mposolda <mposolda@gmail.com>
 2025-11-26 14:44:29 +01:00
rmartinc
d0e4d1f620 Better events for jwt-bearer and check all details in the tests 
CLoses #44137

Signed-off-by: rmartinc <rmartinc@redhat.com>
 2025-11-26 12:09:51 +01:00
rmartinc
ca205272ba Initial integration of the JWT Authorization Grant in client Policies 
Using the downscope executor for testing
Closes #44201

Signed-off-by: rmartinc <rmartinc@redhat.com>
 2025-11-24 19:37:07 +01:00
Stian Thorgersen
2a78bc67d7 Refactoring around federated client authenticator to better handling lookup of IdPs and clients. Also, introducing updates to documentation. (#44325) 
Closes #44253
Closes #42987
Closes #44063

Signed-off-by: stianst <stianst@gmail.com>
Co-authored-by: Alexander Schwartz <alexander.schwartz@gmx.net>
 2025-11-22 12:53:22 +01:00
Stian Thorgersen
271fdfcf0f Restore KeycloakServerConfigBuilder to use single --features and --features-disabled arguments (#44322) 
Signed-off-by: stianst <stianst@gmail.com>
 2025-11-19 20:45:06 +01:00
Stian Thorgersen
c089a3a6fe Add support to use kcw with remote test server 
Closes #44312

Signed-off-by: stianst <stianst@gmail.com>
 2025-11-19 20:43:42 +01:00
Giuseppe Graziano
3e8b2f8ab7 New JWT Authorization Grant Identity provider (#44176) 
Closes #43570

Signed-off-by: Giuseppe Graziano <g.graziano94@gmail.com>
 2025-11-19 09:18:23 +01:00
Stian Thorgersen
c284f9ae66 Rename ApiUtil to AdminApiUtil (#44224) 
Closes #44196

Signed-off-by: stianst <stianst@gmail.com>
 2025-11-17 07:52:04 +01:00
Stian Thorgersen
a2c1055f8d Proposed import order (#43432) 
* Add importOrder to Spotless

Closes #43235

Signed-off-by: stianst <stianst@gmail.com>

* Re-order imports with Spotless

Signed-off-by: stianst <stianst@gmail.com>

---------

Signed-off-by: stianst <stianst@gmail.com>
 2025-11-14 09:34:49 +01:00
stianst
8dce1eff15 Migrate keys package to new test framework 
Closes #44118

Signed-off-by: stianst <stianst@gmail.com>
 2025-11-13 10:19:53 -03:00
Šimon Vacek
6926ef83f9 Test framework support for remote databases (#43609) 
Part of #41940

Signed-off-by: Simon Vacek <simonvacky@email.cz>
 2025-11-11 07:59:33 +01:00
Martin Bartoš
1f9694358f Ability to enable/disable feature via single property (#43542) 
* Ability to enable/disable feature via single property

Closes #43541

Signed-off-by: Martin Bartoš <mabartos@redhat.com>

* Provide support for specifying profile preview

Signed-off-by: Martin Bartoš <mabartos@redhat.com>

* Remove duplication check, use the new WildcardOptionUtil

Signed-off-by: Martin Bartoš <mabartos@redhat.com>

* Create quarkus specific single profile config resolver

Signed-off-by: Martin Bartoš <mabartos@redhat.com>

* Remove the feature profile capability for single feature option

Signed-off-by: Martin Bartoš <mabartos@redhat.com>

---------

Signed-off-by: Martin Bartoš <mabartos@redhat.com>
 2025-11-07 13:35:39 +01:00
Lukas Hanusovsky
768cea1b82 Add FIPS suite to the new tests (#43431) 
* Add FIPS test suite to the new tests

Signed-off-by: Lukas Hanusovsky <lhanusov@redhat.com>

* Tweaks to FIPS suite in new test

Signed-off-by: stianst <stianst@gmail.com>

---------

Signed-off-by: Lukas Hanusovsky <lhanusov@redhat.com>
Signed-off-by: stianst <stianst@gmail.com>
Co-authored-by: stianst <stianst@gmail.com>
 2025-11-06 14:08:19 +01:00
Martin Bartoš
75fcf11a1b Separate HOW_TO_RUN.md file for the new testsuite (#43860) 
Signed-off-by: Martin Bartoš <mabartos@redhat.com>
 2025-11-03 15:41:01 +01:00
Václav Muzikář
9c86eae7ed Initial Client API v2 impl (#43395) 
Closes #43224

Signed-off-by: Václav Muzikář <vmuzikar@redhat.com>
Co-authored-by: Martin Bartoš <mabartos@redhat.com>
Co-authored-by: Peter Zaoral <pzaoral@redhat.com>
Co-authored-by: Steven Hawkins <shawkins@redhat.com>
Co-authored-by: Robin Meese <39960884+robson90@users.noreply.github.com>
 2025-11-03 14:31:54 +01:00
Stian Thorgersen
d0a7225b3d Allow CORS Access-Control-Allow-Headers customization (#43767) 
Closes #12682

Signed-off-by: stianst <stianst@gmail.com>
 2025-11-03 06:39:44 +00:00
rmartinc
f92adda310 Improve JWT Assertion Validation using client validators 
Closes #43642

Signed-off-by: rmartinc <rmartinc@redhat.com>
 2025-10-31 11:58:08 +01:00
Pedro Ruivo
e40c5de050 Session cache affinity 
Closes #42776

Signed-off-by: Pedro Ruivo <1492066+pruivo@users.noreply.github.com>
Signed-off-by: Alexander Schwartz <alexander.schwartz@gmx.net>
Signed-off-by: Alexander Schwartz <alexander.schwartz@ibm.com>
Co-authored-by: Pedro Ruivo <1492066+pruivo@users.noreply.github.com>
Co-authored-by: Alexander Schwartz <alexander.schwartz@gmx.net>
Co-authored-by: Steven Hawkins <shawkins@redhat.com>
Co-authored-by: Alexander Schwartz <alexander.schwartz@ibm.com>
 2025-10-30 21:01:09 +00:00
Stian Thorgersen
be6a3814fb Add CORS support to OIDC dynamic client registration endpoints (#43625) 
Closes #8863

Signed-off-by: stianst <stianst@gmail.com>
 2025-10-30 12:12:08 +01:00
Tomáš Kyjovský
4c64b7189c Deprecate org.keycloak.common.util.Base64 
Closes #43370

Signed-off-by: Alexander Schwartz <alexander.schwartz@ibm.com>
Signed-off-by: 1867605+tkyjovsk@users.noreply.github.com
Co-authored-by: Pedro Ruivo <1492066+pruivo@users.noreply.github.com>
Co-authored-by: Alexander Schwartz <alexander.schwartz@ibm.com>
 2025-10-30 09:12:14 +01:00
Giuseppe Graziano
759e062131 JWT Authorization grant client configuration (#43685) 
closes #43567

Signed-off-by: Giuseppe Graziano <g.graziano94@gmail.com>
 2025-10-29 08:45:51 +01:00
Stian Thorgersen
f6ac64907d SPIFFE should support OIDC JWK endpoint (#43651) 
Closes #43650

Signed-off-by: stianst <stianst@gmail.com>
 2025-10-22 15:19:56 +02:00
stianst
aedd7fe5db Remove unused imports as part of #43233 
Signed-off-by: stianst <stianst@gmail.com>
 2025-10-13 13:32:01 +02:00
vramik
e4dc88de13 [FGAP] Make additional rest endpoints respect permissions 
Closes #40058

Signed-off-by: vramik <vramik@redhat.com>
 2025-10-08 08:47:22 -03:00
Stian Thorgersen
ab7939f33a Add support for spiffe_refresh_hint to Spiffe Identity Provider (#43242) 
Closes #42806

Signed-off-by: stianst <stianst@gmail.com>
 2025-10-07 14:00:46 +02:00
Šimon Vacek
ae7c2d29e8 [Test Framework] Ability to run Keycloak test server with HTTPS (#42616) 
* Ability to run Keycloak test server with HTTPS

Closes: #34486

Signed-off-by: Simon Vacek <simonvacky@email.cz>

# Conflicts:
#	test-framework/core/src/main/java/org/keycloak/testframework/CoreTestFrameworkExtension.java
#	test-framework/core/src/main/java/org/keycloak/testframework/server/KeycloakServerConfigBuilder.java

# Conflicts:
#	test-framework/core/src/main/java/org/keycloak/testframework/CoreTestFrameworkExtension.java

* PR review fixes

Signed-off-by: Simon Vacek <simonvacky@email.cz>

* Split keystore into truststore and keystore

Signed-off-by: Simon Vacek <simonvacky@email.cz>

---------

Signed-off-by: Simon Vacek <simonvacky@email.cz>
 2025-10-06 12:56:51 +02:00
Lukas Hanusovsky
64ffb3a83f [Test Migration] New testsuites: Clusterless, Multisite, VolatileSessions, migrated test: SessionTest 
Closes #35391
Closes #35393
Closes #42619

Signed-off-by: Lukas Hanusovsky <lhanusov@redhat.com>
 2025-10-03 19:23:15 +02:00
Stian Thorgersen
dbd516f8e6 Refactor SimpleHttp to make it injectable and usable outside server (#42936) 
Closes #42902

Signed-off-by: stianst <stianst@gmail.com>
 2025-09-29 08:37:05 +02:00
Václav Muzikář
b65a60e40d Support for EDB 17 (#42341) 
Closes #42742
Closes #42293

Signed-off-by: Václav Muzikář <vmuzikar@redhat.com>
 2025-09-26 16:04:47 +02:00
Pedro Ruivo
47f85631f3 Automatically create external caches for MULTI_SITE deployments 
Closes #32129

Signed-off-by: Pedro Ruivo <1492066+pruivo@users.noreply.github.com>
Co-authored-by: Pedro Ruivo <1492066+pruivo@users.noreply.github.com>
 2025-09-19 18:56:38 +02:00
Stian Thorgersen
37a99154a5 Refactor and improve tests for federated client authentication (#42720) 
Closes #42718

Signed-off-by: stianst <stianst@gmail.com>
 2025-09-18 09:30:01 +00:00
Lukas Hanusovsky
d9b4bd047f [Keycloak Test Framework] Infinispan cache + ClusterlessTestSuite configuration (#42172) 
* [Keycloak Test Framework] Infinispan server + ClusterlessTestSuite and MultisiteTestSuite configuration

Signed-off-by: Lukas Hanusovsky <lhanusov@redhat.com>

* Utilise ClientIntelligence.BASIC to ensure that internal docker IPs
never used by Infinispan client

Signed-off-by: Ryan Emerson <remerson@ibm.com>

* Code refactoring + properties utility

Signed-off-by: Lukas Hanusovsky <lhanusov@redhat.com>

---------

Signed-off-by: Lukas Hanusovsky <lhanusov@redhat.com>
Signed-off-by: Ryan Emerson <remerson@ibm.com>
Co-authored-by: Ryan Emerson <remerson@ibm.com>
 2025-09-17 07:13:11 +00:00
Pedro Igor
58990a5544 Add a policy condition based on user attributes 
Closes #42118

Signed-off-by: Pedro Igor <pigor.craveiro@gmail.com>
 2025-09-09 12:07:59 -03:00
mposolda
5a05d2123e Unbounded login_hint parameter Can Corrupt KC_RESTART Cookie 
closes #40857

Signed-off-by: mposolda <mposolda@gmail.com>
 2025-09-09 11:05:19 +02:00
Lukas Hanusovsky
de50a15a2f Test framework - Fix for wrongly placed custom KeycloakServerConfig (#42422) 
Signed-off-by: Lukas Hanusovsky <lhanusov@redhat.com>
 2025-09-08 11:23:46 +02:00
Steven Hawkins
05c7c625d3 fix: don't show the local access screen if a service account exists (#42218) 
closes: #42201

Signed-off-by: Steve Hawkins <shawkins@redhat.com>
 2025-09-05 18:22:31 +02:00
Stian Thorgersen
320ea5a9a7 Experimental SPIFFE identity provider (#42314) 
Closes #42313

Signed-off-by: stianst <stianst@gmail.com>
 2025-09-04 14:48:18 +02:00
stianst
57242d2497 Experimental federated client authentication 
Closes #42228

Signed-off-by: stianst <stianst@gmail.com>
 2025-09-02 10:02:51 -03:00
Alexander Schwartz
ca1e61047a Adding TiDB dialect for Quarkus 
Closes #41897

Signed-off-by: Alexander Schwartz <aschwart@redhat.com>
Signed-off-by: Dennis Kniep <kniepdennis@gmail.com>
Co-authored-by: Dennis Kniep <kniepdennis@gmail.com>
 2025-08-26 17:44:45 -03:00
Šimon Vacek
42520d8409 Refactor test database config in the new framework (#41320) 
* Refactor test database config in the new framework

Closes #41319

Signed-off-by: Simon Vacek <simonvacky@email.cz>

# Conflicts:
#	tests/base/src/test/java/org/keycloak/tests/db/CaseSensitiveSchemaTest.java
#	tests/base/src/test/java/org/keycloak/tests/db/PreserveSchemaCaseLiquibaseTest.java

* Moved test method to the abstract class

Signed-off-by: Simon Vacek <simonvacky@email.cz>

* Conform to conventions

Signed-off-by: Simon Vacek <simonvacky@email.cz>

* Add lifecycle class to custom DBs to prevent containers with re-use from running after tests

Signed-off-by: Stian Thorgersen <stian@redhat.com>

---------

Signed-off-by: Simon Vacek <simonvacky@email.cz>
Signed-off-by: Stian Thorgersen <stian@redhat.com>
Co-authored-by: Stian Thorgersen <stian@redhat.com>
 2025-08-15 09:29:08 +02:00