mirrors/keycloak
1
0
Fork 0
mirror of https://github.com/keycloak/keycloak.git synced 2026-01-25 16:42:34 +00:00
Code Issues Packages Projects Releases Wiki Activity
NaN Commits 24 Branches 291 Tags
main
Commit Graph

333 Commits

Author SHA1 Message Date
Alexander Schwartz
dd0214bc78 Do not use whitelist/blacklist in the UI 
Closes #45539

Signed-off-by: Alexander Schwartz <alexander.schwartz@ibm.com>
 2026-01-20 11:12:23 +01:00
Pedro Igor
c8a41dea99 Reverting format changes, updating docs, and only exposing the method to fetch first-factor credentials 
Signed-off-by: Pedro Igor <pigor.craveiro@gmail.com>
 2026-01-19 08:30:47 -03:00
rmartinc
07b9b9656b Allow client_id as an audience in the JWT Authorization Grant and Client Assertions 
Closes #45178

Signed-off-by: rmartinc <rmartinc@redhat.com>
 2026-01-16 15:48:28 +01:00
Ruchika Jha
e2e11a3b8e Hide Remember Me session settings when Remember Me is disabled in realm settings edit page in UI 
Closes #44973

Signed-off-by: Ruchika <ruchika.jha1@ibm.com>
Signed-off-by: Ruchika Jha <Ruchika.Jha1@ibm.com>
Signed-off-by: Alexander Schwartz <alexander.schwartz@ibm.com>
Co-authored-by: Alexander Schwartz <alexander.schwartz@ibm.com>
 2026-01-15 16:46:50 +00:00
Pedro Igor
ab351170b4 Support aggregated policies during partial evaluation 
Closes #45324

Signed-off-by: Pedro Igor <pigor.craveiro@gmail.com>
 2026-01-15 15:20:52 +01:00
Pedro Igor
37ff64446b Allow hide organization brokers when the user does not map to any organization during login 
Closes #45422

Signed-off-by: Pedro Igor <pigor.craveiro@gmail.com>
 2026-01-15 15:19:43 +01:00
Pedro Igor
cca5ef44fa Updating the documentation 
Signed-off-by: Pedro Igor <pigor.craveiro@gmail.com>
 2026-01-13 16:42:07 -03:00
Giuseppe Graziano
23aad2a942 DPoP Guide (#45274) 
Closes #42747

Signed-off-by: Giuseppe Graziano <g.graziano94@gmail.com>
 2026-01-13 11:01:28 +01:00
Pedro Igor
c33d94da65 Allow admins with any admin role to map roles if the constraints apply 
Closes #44371
Closes #45182

Signed-off-by: Pedro Igor <pigor.craveiro@gmail.com>
 2026-01-12 12:56:30 -03:00
Stan Silvert
eb77c055f5 Clarify documentation. 
Signed-off-by: Stan Silvert <ssilvert@redhat.com>
 2026-01-12 10:36:10 -03:00
mposolda
1273c8db0e DCR endpoint ignores client's requested token_endpoint_auth_method in case it is client_secret_post 
closes #44403

Signed-off-by: mposolda <mposolda@gmail.com>
 2026-01-12 09:54:04 +01:00
Pedro Igor
0d5766f3a8 Allow running scheduled workflows 
Closes #44865

Signed-off-by: Pedro Igor <pigor.craveiro@gmail.com>
 2026-01-05 13:03:47 -03:00
Pedro Igor
3c0b308bb7 Document limitations when updating workflows 
Closes #45134

Signed-off-by: Pedro Igor <pigor.craveiro@gmail.com>
 2026-01-05 14:10:03 +01:00
Stefan Guilhen
43634dd2ed Update docs/documentation/server_admin/topics/workflows/understanding-workflow-definition.adoc 
Co-authored-by: Pedro Igor <pigor.craveiro@gmail.com>
Signed-off-by: Stefan Guilhen <sguilhen@redhat.com>
 2025-12-29 10:29:38 -03:00
Stefan Guilhen
9865791084 Fix wrong provider references in workflows documentation 
Closes #45077

Signed-off-by: Stefan Guilhen <sguilhen@redhat.com>
 2025-12-29 10:29:38 -03:00
Stefan Guilhen
0d09f755f1 Fix wrong event names in workflows documentation (#45002) 
Closes #45001

Signed-off-by: Stefan Guilhen <sguilhen@redhat.com>
 2025-12-19 13:01:20 -05:00
Ricardo Martin
efc75f09b0 Fix link to https://azure.microsoft.com/en-us (#45036) 
Closes #45023

Signed-off-by: rmartinc <rmartinc@redhat.com>
 2025-12-19 12:27:05 +01:00
Pedro Igor
7512a0412b wip - workflows doc (#44685) 
Signed-off-by: Pedro Igor <pigor.craveiro@gmail.com>
Co-authored-by: Stan Silvert <ssilvert@redhat.com>
 2025-12-18 07:52:41 -05:00
Palpable
94ee6d81fb [OID4VCI] Realign naming of attribute configuring algorithms for credential (#44765) 
Closes #44621


Signed-off-by: Vitalisn4 <ngamvitalisyuh@gmail.com>
Signed-off-by: mposolda <mposolda@gmail.com>
Signed-off-by: Ingrid Kamga <Ingrid.Kamga@adorsys.com>
Co-authored-by: Marek Posolda <mposolda@gmail.com>
Co-authored-by: Ingrid Kamga <Ingrid.Kamga@adorsys.com>
 2025-12-16 14:46:17 +01:00
Christian Glasmachers
921b10ee80 Login failure cache: Evict entries after the configured failure reset time 
Closes #44801

Signed-off-by: Alexander Schwartz <alexander.schwartz@ibm.com>
Signed-off-by: Alexander Schwartz <alexander.schwartz@gmx.net>
Signed-off-by: Pedro Ruivo <pruivo@redhat.com>
Co-authored-by: Christian Glasmachers <Christian.Glasmachers-extern@deutschebahn.com>
Co-authored-by: Alexander Schwartz <alexander.schwartz@ibm.com>
Co-authored-by: Alexander Schwartz <alexander.schwartz@gmx.net>
Co-authored-by: Pedro Ruivo <pruivo@users.noreply.github.com>
 2025-12-10 11:20:19 +01:00
rmartinc
c9686cc040 Documentation for JWT Authorization Grant 
Closes #44136

Signed-off-by: rmartinc <rmartinc@redhat.com>
 2025-12-09 12:13:21 +01:00
vramik
5dbc91e028 Deprecate Fine-Grained Admin Permissions v1 
Closes #44121

Signed-off-by: vramik <vramik@redhat.com>
 2025-12-08 10:26:27 -03:00
Alexander Schwartz
2f81a2fb76 Updating and ordering the release notes 
Closes #44706

Signed-off-by: Alexander Schwartz <alexander.schwartz@ibm.com>
 2025-12-08 10:55:33 +01:00
Pascal Knüppel
46e5979b17 [OID4VCI] Handle key_attestation_required in metadata endpoint (#44471) 
fixes #43801


Signed-off-by: Pascal Knüppel <pascal.knueppel@governikus.de>
Signed-off-by: Pascal Knüppel <captain.p.goldfish@gmx.de>
Signed-off-by: Captain-P-Goldfish <captain.p.goldfish@gmx.de>
Co-authored-by: Ingrid Kamga <xingridkamga@gmail.com>
 2025-12-05 16:00:32 +01:00
forkimenjeckayang
4dd68c0316 [OID4VCI] Conformance Test Fixes (#44439) 
closes #44659


Signed-off-by: forkimenjeckayang <forkimenjeckayang@gmail.com>
 2025-12-04 09:03:38 +01:00
Sebastian Łaskawiec
aa789dd023 Logout confirmation 
Signed-off-by: Sebastian Łaskawiec <sebastian.laskawiec@gmail.com>
 2025-11-28 14:24:32 +01:00
Alexis Rico
b0b38176f0 Manage Organization Invites 
Closes #38809

Signed-off-by: Alexis Rico <sferadev@gmail.com>
Signed-off-by: Pedro Igor <pigor.craveiro@gmail.com>
Co-authored-by: Pedro Igor <pigor.craveiro@gmail.com>
 2025-11-27 10:28:52 +01:00
Awambeng
8406cf34fb [OID4VCI]: Realm-Configurable Time-Claim Normalization (Randomize/Round) to Mitigate Correlation (#43834) 
Closes #43399


Signed-off-by: Awambeng <awambengrodrick@gmail.com>
 2025-11-24 11:07:07 +01:00
Sebastian Łaskawiec
081d8e5a01 Move Kubernetes IdP to preview 
Closes #42947

Signed-off-by: Sebastian Łaskawiec <sebastian.laskawiec@defenseunicorns.com>
Signed-off-by: Alexander Schwartz <alexander.schwartz@ibm.com>
Co-authored-by: Alexander Schwartz <alexander.schwartz@ibm.com>
 2025-11-22 12:56:09 +01:00
Stian Thorgersen
2a78bc67d7 Refactoring around federated client authenticator to better handling lookup of IdPs and clients. Also, introducing updates to documentation. (#44325) 
Closes #44253
Closes #42987
Closes #44063

Signed-off-by: stianst <stianst@gmail.com>
Co-authored-by: Alexander Schwartz <alexander.schwartz@gmx.net>
 2025-11-22 12:53:22 +01:00
Pedro Ruivo
13ef89664c More accurate user session expiration logic 
Closes #44204

Signed-off-by: Pedro Ruivo <1492066+pruivo@users.noreply.github.com>
Co-authored-by: Pedro Ruivo <1492066+pruivo@users.noreply.github.com>
 2025-11-19 21:06:17 +01:00
Alexander Schwartz
15a9a36569 Align formatting of referenced RFCs 
Closes #44246

Signed-off-by: Alexander Schwartz <alexander.schwartz@gmx.net>
Co-authored-by: Stian Thorgersen <stian@redhat.com>
 2025-11-17 21:30:13 +01:00
Alexander Schwartz
167249dd6c Updating the specifics around kubernetes service accounts 
Closes #44064

Signed-off-by: Alexander Schwartz <alexander.schwartz@ibm.com>
 2025-11-17 11:23:39 +01:00
Ricardo Martin
20f9bb1570 Fix recaptcha links to the new docs.cloud.google.com site 
Closes #44187

Signed-off-by: rmartinc <rmartinc@redhat.com>
 2025-11-14 09:37:54 +01:00
Chance Coleman
b2317dabdc Add configurable HTTP retry mechanism for OCSP validation (#42535) 
Closes #42401


Signed-off-by: UnicornChance <chance@defenseunicorns.com>
Signed-off-by: Chance Coleman <139784371+chance-coleman@users.noreply.github.com>
 2025-11-13 13:21:13 +01:00
Sebastian Łaskawiec
3288f83dc9 Adding an integration test with Minikube for Kubernetes Service Account Federated Authenticator 
Closes #42983

Signed-off-by: Sebastian Łaskawiec <sebastian.laskawiec@defenseunicorns.com>
Signed-off-by: Alexander Schwartz <alexander.schwartz@ibm.com>
Co-authored-by: Alexander Schwartz <alexander.schwartz@ibm.com>
 2025-11-13 08:52:46 +01:00
Ricardo Martin
de49500393 Client policy to enforce only downscoping in Token Exchange (#44030) 
Closes #43931

Signed-off-by: rmartinc <rmartinc@redhat.com>
 2025-11-12 08:48:42 +01:00
KONSTANTINOS GEORGILAKIS
1c0d4616a5 hide scopes from scopes_supported in discovery endpoint 
Closes #10388

Signed-off-by: cgeorgilakis-grnet <cgeorgilakis@admin.grnet.gr>
Signed-off-by: Alexander Schwartz <alexander.schwartz@ibm.com>
Co-authored-by: Alexander Schwartz <alexander.schwartz@ibm.com>
 2025-11-03 16:26:12 +00:00
蔡秀吉
e84a1d6363 Fix typos and formatting in OIDC auth flows documentation 
Closes #43818

Signed-off-by: thc1006 <84045975+thc1006@users.noreply.github.com>
 2025-11-01 19:14:41 +00:00
Alexander Schwartz
aadffb94fb Fix typo in LDAP edit mode in the docs 
Closes #43720

Signed-off-by: Alexander Schwartz <alexander.schwartz@ibm.com>
 2025-10-27 08:42:44 -03:00
Pedro Igor
6527b139dc Do not lower-case username and email if users are not imported from LDAP 
Closes #43621

Signed-off-by: Pedro Igor <pigor.craveiro@gmail.com>
 2025-10-23 13:02:33 +02:00
Pedro Igor
2b785425fa Allow managing realm admin roles if the the realm-admin role is granted 
Closes #43579
Closes #43578

Signed-off-by: Pedro Igor <pigor.craveiro@gmail.com>
Co-authored-by: Vlasta Ramik <vramik@users.noreply.github.com>
 2025-10-23 08:02:05 -03:00
Stian Thorgersen
f6ac64907d SPIFFE should support OIDC JWK endpoint (#43651) 
Closes #43650

Signed-off-by: stianst <stianst@gmail.com>
 2025-10-22 15:19:56 +02:00
Alexander Schwartz
7b8626ead5 Make intra-document links work in downstream 
Closes #43544

Signed-off-by: Alexander Schwartz <alexander.schwartz@ibm.com>
 2025-10-17 10:52:58 +02:00
Martin Kanis
3f70da04f6 Final review and update for UPDATE_EMAIL documentation 
Closes #42991

Signed-off-by: Martin Kanis <mkanis@redhat.com>
 2025-10-16 09:57:23 -03:00
Giuseppe Graziano
bda0e2a67c Invalidate sessions created with remember me when remember me is disabled for realm 
Closes #43328

Signed-off-by: Giuseppe Graziano <g.graziano94@gmail.com>
 2025-10-14 15:00:41 +00:00
mposolda
c2e49c8c59 'Service accounts roles' should be 'Service account roles' 
closes #43087

Signed-off-by: mposolda <mposolda@gmail.com>
 2025-10-10 11:25:37 +02:00
Martin Kanis
a493213ad4 Hide read-only email attribute in update profile context with update … …email enabled (#43024) 
* Hide read-only email attribute in update profile context with update email enabled

Closes #42990

Signed-off-by: Martin Kanis <mkanis@redhat.com>

* Simplifying conditions when checking read/write on email attribute and more tests

Signed-off-by: Pedro Igor <pigor.craveiro@gmail.com>

---------

Signed-off-by: Martin Kanis <mkanis@redhat.com>
Signed-off-by: Pedro Igor <pigor.craveiro@gmail.com>
Co-authored-by: Pedro Igor <pigor.craveiro@gmail.com>
 2025-10-07 12:52:55 +02:00
Pedro Igor
a3db07a8f5 Re-adding max age setting to the update email action (#43036) 
Closes #43035

Signed-off-by: Pedro Igor <pigor.craveiro@gmail.com>
 2025-09-30 05:31:23 +02:00
Vinod Anandan
f001b9dde1 Trigger Build. 
Signed-off-by: Vinod Anandan <vinod@owasp.org>
 2025-09-25 10:14:15 +02:00