keycloak

mirror of https://github.com/keycloak/keycloak.git synced 2026-01-25 16:42:34 +00:00

Author	SHA1	Message	Date
Alexis Rico	c834e7473c	Fix typo in consent scope) * Deprecate `displayTest` Closes #40786 Signed-off-by: Alexis Rico <sferadev@gmail.com> Signed-off-by: Alexander Schwartz <aschwart@redhat.com> Co-authored-by: Alexander Schwartz <aschwart@redhat.com>	2025-07-07 16:38:47 +00:00
Douglas Palmer	a981f6b6d5	Access Token IDs have less than 128 bits of entropy Closes #38663 Signed-off-by: Douglas Palmer <dpalmer@redhat.com>	2025-06-26 16:48:03 +02:00
Douglas Palmer	1183157d86	Key generation for client authentication is always RSA 2048 with a 10-year validity, regardless of the selected algorithm Closes #38620 Signed-off-by: Douglas Palmer <dpalmer@redhat.com>	2025-06-25 08:15:43 +02:00
Pedro Igor	828f9f7916	Mark user as disabled if reaching max login failures and permanent lockout is enabled Closes #40159 Signed-off-by: Pedro Igor <pigor.craveiro@gmail.com>	2025-06-18 08:34:56 +02:00
Steven Hawkins	76bc9fadcb	fix: adding a -- separator for spi options (#40005 ) * fix: adding a -- separator for spi options closes: #39063 Signed-off-by: Steve Hawkins <shawkins@redhat.com> * adding a warning for ambiguous spi options also adding a note about the change Signed-off-by: Steve Hawkins <shawkins@redhat.com> # Conflicts: # docs/documentation/upgrading/topics/changes/changes-26_3_0.adoc * updating docs to the new format Signed-off-by: Steve Hawkins <shawkins@redhat.com> # Conflicts: # docs/guides/high-availability/examples/generated/keycloak-ispn.yaml # docs/guides/high-availability/examples/generated/keycloak.yaml * internally using the new spi options also adding a deprecation notice Signed-off-by: Steve Hawkins <shawkins@redhat.com> * Apply suggestions from code review Co-authored-by: Martin Bartoš <mabartos@redhat.com> Signed-off-by: Steven Hawkins <shawkins@redhat.com> * correcting options output adding + + inlining where needed Signed-off-by: Steve Hawkins <shawkins@redhat.com> * adding test showing the env mapping with __ Signed-off-by: Steve Hawkins <shawkins@redhat.com> --------- Signed-off-by: Steve Hawkins <shawkins@redhat.com> Signed-off-by: Steven Hawkins <shawkins@redhat.com> Co-authored-by: Martin Bartoš <mabartos@redhat.com>	2025-06-13 16:13:53 +02:00
Ricardo Martin	41110823c7	Integrate current auth-username-password-form authenticator with passkeys isConditionalMediationAvailable (#38781 ) Closes #29596 Signed-off-by: rmartinc <rmartinc@redhat.com>	2025-06-05 08:53:00 +02:00
Thomas Darimont	04191e0c7a	Add cpu info to serverinfo Fixes #40208 Signed-off-by: Thomas Darimont <thomas.darimont@googlemail.com>	2025-06-05 00:07:17 +02:00
mposolda	ab7edb0d01	Introduce ExternalToInternalTokenExchangeProvider. Make it working with Google IDP using token-info endpoint instead of user-info endpoint closes #40146 closes #40133 Signed-off-by: mposolda <mposolda@gmail.com>	2025-06-04 10:03:52 +02:00
Erik Jan de Wit	cbd0d18f6a	add description to groups fixes #39172 Signed-off-by: Erik Jan de Wit <erikjan.dewit@gmail.com> Signed-off-by: Alexander Schwartz <aschwart@redhat.com> Co-authored-by: Alexander Schwartz <aschwart@redhat.com>	2025-05-14 06:41:01 -04:00
Tetsuhiro Hiruta	10c0c8fa52	Add OpenAPI annotation to JSON object of ClientPolicycy representations Closes #32600 Signed-off-by: Tetsuhiro Hiruta <tetsuhiro.hiruta.sg@hitachi.com>	2025-04-29 09:41:16 +02:00
mposolda	4e95bde179	Avoid using password policy for configuration of recovery codes warning threshold closes #39214 Signed-off-by: mposolda <mposolda@gmail.com>	2025-04-28 10:06:01 +02:00
Thomas Richner	80475e475b	Fix JWK Subtypes failing when mapping JWK to PublicKey Closes #38542 Signed-off-by: Thomas Richner <thomas.richner@oviva.com>	2025-04-28 09:36:54 +02:00
Pedro Igor	dbb0179a93	Aligning partial evaluation with the outcome from regular evaluations Closes #38626 Signed-off-by: Pedro Igor <pigor.craveiro@gmail.com>	2025-04-03 12:07:30 -03:00
Pedro Igor	61cb0acbc4	Fixing inconsistencies when evaluating permission in the evaluation tab Closes #38498 Signed-off-by: Pedro Igor <pigor.craveiro@gmail.com>	2025-04-01 11:40:27 -03:00
Alexander Schwartz	85737f52b5	Make access Token in user info endpoint bound to the dpop proof Closes #38333 Signed-off-by: Alexander Schwartz <aschwart@redhat.com>	2025-03-31 09:41:57 +02:00
Steven Hawkins	06e0885f46	fix: adds back reporting of non-ip client addresses (#37797 ) closes: #36843 Signed-off-by: Steve Hawkins <shawkins@redhat.com> # Conflicts: # services/src/main/java/org/keycloak/protocol/oidc/tokenexchange/AbstractTokenExchangeProvider.java # services/src/main/java/org/keycloak/protocol/oidc/tokenexchange/StandardTokenExchangeProvider.java	2025-03-27 19:33:20 +00:00
Tero Saarni	c7f0fc7ac3	Support EC in PEM utils This change adds - Support for decoding EC private keys. - Support for decoding certificate bundles. Closes #38490 Signed-off-by: Tero Saarni <tero.saarni@est.tech>	2025-03-27 15:44:05 +01:00
Ricardo Martin	19f9331e88	Re-add messages for recovery codes credential in the account console Closes #38381 Signed-off-by: rmartinc <rmartinc@redhat.com>	2025-03-26 16:05:39 +01:00
Thomas Richner	9920aa248e	fixes incorrect JWK thumprint computation Closes #38394 Signed-off-by: Thomas Richner <thomas.richner@oviva.com>	2025-03-25 20:55:54 +01:00
Pedro Igor	77ef5ff795	Returning the denied scopes and the friendly name for resources Signed-off-by: Pedro Igor <pigor.craveiro@gmail.com>	2025-02-27 14:12:45 -03:00
mposolda	f03f511844	Polishing support for id-token in standard token exchange closes #37113 Signed-off-by: mposolda <mposolda@gmail.com>	2025-02-19 14:44:29 +01:00
Pedro Igor	602df06191	Allows querying credential from user storage providers Closes #35020 Signed-off-by: Pedro Igor <pigor.craveiro@gmail.com>	2025-02-05 07:56:05 -03:00
Arthenice	c20f7e50c7	docs: update JavaDoc for ImportSynchronization The JavaDoc for ImportSynchronization was wrongfully referencing the UserStorageProvider instead of the UserStorageProviderFactory. Closes #36834 Signed-off-by: arthenice <wistful.arthenice@gmail.com>	2025-01-28 12:13:19 +01:00
Stian Thorgersen	fc2b9018f1	Extend REST API for login and admin events to support sync scenarios (#36601 ) Closes #36600 Signed-off-by: stianst <stianst@gmail.com>	2025-01-20 14:32:55 +01:00
Stian Thorgersen	c1c147cb17	Restrict access to environment variables when at the server runtime (#36472 ) Signed-off-by: Pedro Igor <pigor.craveiro@gmail.com> Co-authored-by: Pedro Igor <pigor.craveiro@gmail.com>	2025-01-15 09:36:19 +01:00
vramik	0a632fdefa	[FGAP] Add adminPermissionClientCheck to authorization services REST endpoints Closes #35945 Signed-off-by: vramik <vramik@redhat.com>	2025-01-10 08:56:48 -03:00
Ingrid Kamga	206436fde9	Offload format-specific credential building to dedicated credential builder providers (#32951 ) (#35046 ) Closes #32951 Signed-off-by: Ingrid Kamga <Ingrid.Kamga@adorsys.com>	2024-12-19 12:42:41 +01:00
Pedro Igor	93c1740538	Support for initial CRUD operations when managing admin permissions Signed-off-by: Pedro Igor <pigor.craveiro@gmail.com> Closes #35987	2024-12-18 07:43:13 -03:00
Thomas Darimont	3cdbbc5b15	Add support for Initiating User Registration via prompt=create (#10701 ) (#35903 ) Fixes #10701 Signed-off-by: Thomas Darimont <thomas.darimont@googlemail.com>	2024-12-16 19:54:52 +01:00
vramik	044807f162	[FGAP] Create new internal client which would hold the authorization objects for feature V2 Closes #34565 Signed-off-by: vramik <vramik@redhat.com>	2024-12-05 11:56:13 -03:00
Thomas Darimont	f61937f3d9	Prefer usage of `StandardCharsets.UTF_8` over `"UTF-8"` charset reference Fixes #35080 Signed-off-by: Thomas Darimont <thomas.darimont@googlemail.com> Signed-off-by: Alexander Schwartz <aschwart@redhat.com> Co-authored-by: Alexander Schwartz <aschwart@redhat.com>	2024-11-25 10:45:37 +00:00
vramik	440e81c8b9	Add a realm-level setting to enable FGAP to a realm Closes #34920 Signed-off-by: vramik <vramik@redhat.com>	2024-11-19 09:59:34 -03:00
Awambeng	cfd187b0ff	Introduce SdJwtFacade layer for simplified SD-JWT handling and enhance test coverage (#34915 ) Closes #32955 Signed-off-by: Awambeng Rodrick <awambengrodrick@gmail.com>	2024-11-15 15:20:10 +01:00
rmartinc	c1d4dad4dc	Avoid MRJAR in keycloak-core Closes #34630 Signed-off-by: rmartinc <rmartinc@redhat.com>	2024-11-15 15:16:56 +01:00
vramik	9050172448	[FGAP] First draft of Authorization Schema Closes #34569 Signed-off-by: vramik <vramik@redhat.com>	2024-11-14 07:52:37 -03:00
Pedro Igor	d04f7900f5	added membershipType to members list and membership type filter Signed-off-by: Agnieszka Gancarczyk <agagancarczyk@gmail.com> Co-authored-by: Pedro Igor <pigor.craveiro@gmail.com> Signed-off-by: Pedro Igor <pigor.craveiro@gmail.com> Signed-off-by: Pedro Igor <pigor.craveiro@gmail.com>	2024-11-12 09:13:18 -03:00
Marek Posolda	92d9ac6621	Update KEYCLOAK_SESSION cookie to not have sessionId in plaintext (#34551 ) closes #34026 Signed-off-by: mposolda <mposolda@gmail.com>	2024-11-11 18:47:18 +01:00
rmartinc	e6ffc04cac	Do not calculate thumbprints for certificates if not needed Closes #34776 Signed-off-by: rmartinc <rmartinc@redhat.com>	2024-11-11 10:37:05 +01:00
Pedro Igor	0a05ba49d1	Adding a details map to admin events to store additional contextual data when the event is fired Signed-off-by: Pedro Igor <pigor.craveiro@gmail.com>	2024-11-07 17:19:43 -03:00
Robert Rieser	42fcc64bac	issue-34013: Added a representation that includes an organization and user model, as well as included it in the event body for removing and adding of members to an organization https://github.com/keycloak/keycloak/issues/34013 Signed-off-by: Robert Rieser <Robert.Rieser@degoya.studio>	2024-11-07 17:19:43 -03:00
Thomas Darimont	3315ea718a	Add ability to enable OID4VCI Verifiable Credentials per realm (#34524 ) - Added new realm property verifiableCredentialsEnabled - Updated RealmRepresentation - Guarded route to Oid4VCI page - Add boolean switch to Realm settings page to control Verifiable Credentials enablement - We now only show the Verifiable Credentials page in the nave if the "Verifiable Credentials" realm setting is enabled. Fixes #34524 Signed-off-by: Thomas Darimont <thomas.darimont@googlemail.com>	2024-11-04 14:58:30 +01:00
Ingrid Kamga	c4d6979907	Scaffold verification of SD-JWT VP token (#29859 ) (#33752 ) Closes #29859 Signed-off-by: Ingrid Kamga <Ingrid.Kamga@adorsys.com>	2024-10-25 14:49:25 +02:00
Gilvan Filho	c4005d29f0	add linear strategy to brute force closes #25917 Signed-off-by: Gilvan Filho <gilvan.sfilho@gmail.com>	2024-10-22 10:33:22 -03:00
rmartinc	6d52520730	Load client keys using SubjectPublicKeyInfo and upload jwks type into the jwks attributes for OIDC ones Closes #33820 Signed-off-by: rmartinc <rmartinc@redhat.com>	2024-10-22 14:24:15 +02:00
Pascal Knüppel	41ee68611f	Allow to create EC certificates if new EC-key-provider is created (#31843 ) Closes #31842 Signed-off-by: Pascal Knüppel <pascal.knueppel@governikus.de>	2024-10-17 16:05:59 +02:00
Thomas Darimont	40bdc902f0	Use account-console client for server-side auth check Also generate PKCE verifier and use challenge parameters Signed-off-by: Thomas Darimont <thomas.darimont@googlemail.com>	2024-10-17 07:53:20 -03:00
Thomas Darimont	729417b20a	Use account-console client for server-side auth check - Also generate PKCE verifier and use challenge parameters Signed-off-by: Thomas Darimont <thomas.darimont@googlemail.com>	2024-10-17 07:53:20 -03:00
Ogen Bertrand	304da50efc	Implement SdJwtVP.of(String) with enhanced error handling This update includes validation for missing disclosures, duplicate disclosure digests, and malformed disclosure data, improving overall robustness and error handling during disclosure processing. Closes #33020 Signed-off-by: Ogenbertrand <ogenbertrand@gmail.com>	2024-10-07 16:40:54 +02:00
Maksim Zvankovich	35eba8be8c	Add option to include the organization id in the organization claims Closes #32746 Signed-off-by: Maksim Zvankovich <m.zvankovich@nexovagroup.eu> Co-authored-by: Stefan Guilhen <sguilhen@redhat.com>	2024-10-03 08:11:36 -03:00
vramik	c1653448f3	[Organizations] Allow orgs to define the redirect URL after user registers or accepts invitation link Closes #33201 Signed-off-by: vramik <vramik@redhat.com>	2024-10-02 07:37:48 -03:00

1 2 3 4 5 ...

1069 Commits