Steven Hawkins
aa04ff8781
fix: adding checks around the hostname path ( #43193 )
...
closes : #43166
Signed-off-by: Steve Hawkins <shawkins@redhat.com >
2025-10-14 17:41:25 +02:00
Giuseppe Graziano
bda0e2a67c
Invalidate sessions created with remember me when remember me is disabled for realm
...
Closes #43328
Signed-off-by: Giuseppe Graziano <g.graziano94@gmail.com >
2025-10-14 15:00:41 +00:00
Stian Thorgersen
567a8ab93f
Cleanup changes made to JWTClientValidator after refactoring
...
Closes #43429
Signed-off-by: stianst <stianst@gmail.com >
2025-10-14 16:12:40 +02:00
Stian Thorgersen
5c5905fed3
Fix SPIFFE client authentication when iss claim is included ( #43428 )
...
Closes #43394
Signed-off-by: stianst <stianst@gmail.com >
2025-10-14 13:20:51 +02:00
Václav Muzikář
28749042c7
Fix Spotless checks ( #43418 )
...
Closes #43417
Signed-off-by: Václav Muzikář <vmuzikar@redhat.com >
2025-10-13 20:16:27 +02:00
Peter Zaoral
f87b90339d
Stabilize PlainTextVaultProviderTest by enhancing validation logging ( #42014 )
...
Closes : #39660
Signed-off-by: Peter Zaoral <pzaoral@redhat.com >
2025-10-13 17:03:50 +00:00
rmartinc
248d6d1feb
Upgrade xmlsec to 3.0.4 and remove KeycloakFipsSecurityProvider workaround
...
Closes #43263
Signed-off-by: rmartinc <rmartinc@redhat.com >
2025-10-13 15:38:58 +02:00
Pedro Igor
fa581c8148
Allow passing a context to steps
...
Signed-off-by: Pedro Igor <pigor.craveiro@gmail.com >
2025-10-13 09:53:30 -03:00
Pedro Igor
5b5a83b800
Moving WorkflowsManager and WorkflowStateSpi to server-spi-private module
...
Signed-off-by: Pedro Igor <pigor.craveiro@gmail.com >
2025-10-13 09:53:30 -03:00
Stefan Guilhen
652270302d
Workflows code cleanup
...
Signed-off-by: Stefan Guilhen <sguilhen@redhat.com >
2025-10-13 09:53:30 -03:00
stianst
aedd7fe5db
Remove unused imports as part of #43233
...
Signed-off-by: stianst <stianst@gmail.com >
2025-10-13 13:32:01 +02:00
vramik
815d2d14d4
Check FGAP enabled before proceeding with evaluation
...
Closes #43331
Signed-off-by: vramik <vramik@redhat.com >
2025-10-10 15:44:01 -03:00
rmartinc
a19f4d00fc
Throw and catch UnsupportedOperationException to fix XPathAttributeMapperTest
...
Closes #43262
Signed-off-by: rmartinc <rmartinc@redhat.com >
2025-10-10 09:39:47 +02:00
Giuseppe Graziano
0bfb9079f2
Reject search for not allowed client attributes
...
Closes #42541
Signed-off-by: Giuseppe Graziano <g.graziano94@gmail.com >
2025-10-10 09:37:40 +02:00
mposolda
76d271bf00
openid-connect flow is missing response type on language change
...
closes #41292
Signed-off-by: mposolda <mposolda@gmail.com >
2025-10-10 08:38:32 +02:00
Pedro Igor
faa0ccbb7d
Automatically redirect based on login hint
...
Closes #42715
Signed-off-by: Pedro Igor <pigor.craveiro@gmail.com >
2025-10-08 14:43:32 -03:00
vramik
e4dc88de13
[FGAP] Make additional rest endpoints respect permissions
...
Closes #40058
Signed-off-by: vramik <vramik@redhat.com >
2025-10-08 08:47:22 -03:00
Thomas Darimont
85afd62452
Use correct error response for missing assertions in Signed JWT Validation
...
* Ensure conformance for Signed JWT Validation (#43269 )
This re-adds the explicit client assertion parameter validation to produce the correct error responses required by RFC7523.
See: https://www.rfc-editor.org/rfc/rfc7523.html#section-3.2
The refactoring for the support for Federated JWT Client authentication broke the OIDF conformance tests for https://www.rfc-editor.org/rfc/rfc7523.html .
Fixes #43269
Fixes #43270
Signed-off-by: Thomas Darimont <thomas.darimont@googlemail.com >
* Ensure conformance for Signed JWT Validation (#43269 )
Add additional tests for ClientAuthSignedJWTTest.
Fixes #43269
Signed-off-by: Thomas Darimont <thomas.darimont@googlemail.com >
---------
Signed-off-by: Thomas Darimont <thomas.darimont@googlemail.com >
2025-10-08 11:01:13 +02:00
rmartinc
9f9f5ae97a
Ensure events are fully filled before success is called
...
Closes #42914
Signed-off-by: rmartinc <rmartinc@redhat.com >
2025-10-07 17:06:26 +02:00
rmartinc
4476b44482
Use UserSessionUtil.findValidSessionForAccessToken in revocation endpoint
...
Closes #43218
Signed-off-by: rmartinc <rmartinc@redhat.com >
2025-10-07 16:49:08 +02:00
Stian Thorgersen
ab7939f33a
Add support for spiffe_refresh_hint to Spiffe Identity Provider ( #43242 )
...
Closes #42806
Signed-off-by: stianst <stianst@gmail.com >
2025-10-07 14:00:46 +02:00
Martin Kanis
a493213ad4
Hide read-only email attribute in update profile context with update … …email enabled ( #43024 )
...
* Hide read-only email attribute in update profile context with update email enabled
Closes #42990
Signed-off-by: Martin Kanis <mkanis@redhat.com >
* Simplifying conditions when checking read/write on email attribute and more tests
Signed-off-by: Pedro Igor <pigor.craveiro@gmail.com >
---------
Signed-off-by: Martin Kanis <mkanis@redhat.com >
Signed-off-by: Pedro Igor <pigor.craveiro@gmail.com >
Co-authored-by: Pedro Igor <pigor.craveiro@gmail.com >
2025-10-07 12:52:55 +02:00
sashyo
8dd7437e90
feat(timer-provider): expose scheduled tasks and start time ( #43107 )
...
update to return task name and taskcontext and using keycloak time over instant
fix naming
Signed-off-by: Sasha Le <iamsasha.le@gmail.com >
2025-10-07 07:56:38 +00:00
vramik
03052e79b9
Fix scope interference
...
Closes #40965
Signed-off-by: vramik <vramik@redhat.com >
2025-09-30 09:20:22 -03:00
Martin Kanis
6e89bd72a9
Update email page with pending verification email messages prefilled with old email
...
Closes #43070
Signed-off-by: Martin Kanis <mkanis@redhat.com >
2025-09-30 09:19:33 -03:00
rmartinc
e256513ceb
Do not remove sid claim when the session is transient only for the client
...
Closes #42565
Signed-off-by: rmartinc <rmartinc@redhat.com >
2025-09-30 12:08:43 +02:00
Thomas Darimont
8780bc22b4
Fix NPE in FederatedJWTClientAuthenticator ( #43042 ) ( #43043 )
...
Add additional null guard before the check for supported assertation types.
Fixes #43042
Signed-off-by: Thomas Darimont <thomas.darimont@googlemail.com >
2025-09-30 10:31:33 +02:00
Pedro Igor
a3db07a8f5
Re-adding max age setting to the update email action ( #43036 )
...
Closes #43035
Signed-off-by: Pedro Igor <pigor.craveiro@gmail.com >
2025-09-30 05:31:23 +02:00
Stefan Guilhen
7f29c9bb88
Improve workflow logging messages
...
- every execution gets its own id that can be used to track all activities related to that particular workflow execution
Closes #42952
Signed-off-by: Stefan Guilhen <sguilhen@redhat.com >
2025-09-29 23:10:21 -03:00
Pedro Igor
d6da849206
Introducing a EMAL_PENDING user attribute to set the email pending verification
...
Signed-off-by: Pedro Igor <pigor.craveiro@gmail.com >
2025-09-29 12:41:41 -03:00
Martin Kanis
88eea73cdc
Introduce pending email verification message for UPDATE_EMAIL
...
Closes #42770
Signed-off-by: Martin Kanis <mkanis@redhat.com >
2025-09-29 12:41:41 -03:00
Stian Thorgersen
dbd516f8e6
Refactor SimpleHttp to make it injectable and usable outside server ( #42936 )
...
Closes #42902
Signed-off-by: stianst <stianst@gmail.com >
2025-09-29 08:37:05 +02:00
Pedro Igor
6e851ce80e
Only filter default organization related scopes based on dynamic scope format
...
Closes #42877
Signed-off-by: Pedro Igor <pigor.craveiro@gmail.com >
2025-09-26 16:28:12 -03:00
Stefan Guilhen
ab7daf7fac
Add validation to workflow update so that only changes to the name and enabled flag are allowed for now
...
Closes #42916
Signed-off-by: Stefan Guilhen <sguilhen@redhat.com >
2025-09-26 14:51:05 -03:00
Stefan Guilhen
7e28d13e76
Add workflow condition that uses boolean expressions to combine and negate conditions
...
Closes #42583
Signed-off-by: Stefan Guilhen <sguilhen@redhat.com >
2025-09-26 07:52:12 -03:00
vramik
80453bdbfb
Allow defining steps in a workflow that can run immediate or scheduled
...
Closes #42888
Signed-off-by: vramik <vramik@redhat.com >
2025-09-25 14:37:22 -03:00
forkimenjeckayang
29bee21683
[OID4VCI] Fix authorization_details generation and credential identifier mapping for conformance tests ( #42819 )
...
Closes : #42818
Signed-off-by: forkimenjeckayang <forkimenjeckayang@gmail.com >
2025-09-25 13:56:30 +02:00
Pedro Ruivo
56c1823082
Document Caffeine cache metrics
...
Closes #42705
Signed-off-by: Pedro Ruivo <1492066+pruivo@users.noreply.github.com >
Co-authored-by: Pedro Ruivo <1492066+pruivo@users.noreply.github.com >
2025-09-25 12:55:31 +02:00
Sebastian Łaskawiec
a1c66829db
Kubernetes Signed JWT Authenticator UI ( #42853 )
...
* Kubernetes Signed JWT Authenticator UI
Signed-off-by: Sebastian Łaskawiec <sebastian.laskawiec@defenseunicorns.com >
* Test and lint fix
Signed-off-by: Sebastian Łaskawiec <sebastian.laskawiec@defenseunicorns.com >
* Optimized imports
Signed-off-by: Sebastian Łaskawiec <sebastian.laskawiec@defenseunicorns.com >
---------
Signed-off-by: Sebastian Łaskawiec <sebastian.laskawiec@defenseunicorns.com >
2025-09-25 12:15:00 +02:00
rmartinc
83994c4a5c
Enable validate signature for SAML IdP to true when there are signing keys in the IdP metadata
...
Closes #42213
Signed-off-by: rmartinc <rmartinc@redhat.com >
2025-09-25 10:17:13 +02:00
Pedro Igor
05a8dc006b
Do not skip dedicated client mapper when validating dynamic scopes in authorization or token requests
...
Closes #42142
Closes #42208
Signed-off-by: Pedro Igor <pigor.craveiro@gmail.com >
2025-09-25 08:43:56 +02:00
rmartinc
1d28c0cd35
Expose system-info information in the serverinfo endpoint only for users in the admin realm
...
Closes #42828
Signed-off-by: rmartinc <rmartinc@redhat.com >
2025-09-24 17:21:57 +02:00
vramik
cfec364b17
Add validation of workflow steps also when adding single step to workflow
...
Closes #42833
Signed-off-by: vramik <vramik@redhat.com >
2025-09-24 12:03:05 -03:00
Ruslan Sheremet
5cefc497fd
User session in LOGIN event ( #42866 )
...
closes #42867
Signed-off-by: Ruslan Sheremet <toor.ua@gmail.com >
2025-09-24 16:30:51 +02:00
Alexander Schwartz
4389bc2990
Fix duplicate label when using password history
...
Closes #42736
Signed-off-by: Alexander Schwartz <alexander.schwartz@gmx.net >
2025-09-24 11:21:59 +02:00
Marek Posolda
e09ce9e18d
Documentation update for DPoP ( #42865 )
...
closes #42728
Signed-off-by: mposolda <mposolda@gmail.com >
Signed-off-by: Marek Posolda <mposolda@gmail.com >
Co-authored-by: andymunro <48995441+andymunro@users.noreply.github.com >
2025-09-24 10:00:23 +02:00
Pedro Igor
1948e5baf3
Prevent empty usernames and allow restarting the login
...
Closes #42837
Closes #42409
Signed-off-by: Pedro Igor <pigor.craveiro@gmail.com >
2025-09-24 04:07:03 -03:00
Pedro Igor
fe8fce859d
Improve the Workflow JSON schema
...
Closes #42697
Signed-off-by: Pedro Igor <pigor.craveiro@gmail.com >
2025-09-24 04:04:44 -03:00
Giuseppe Graziano
e4114e6c74
Promote DPoP feature to supported by default
...
Closes #42032
Signed-off-by: Giuseppe Graziano <g.graziano94@gmail.com >
2025-09-24 08:26:09 +02:00
Stefan Wiedemann
83cfd4a3e2
[OID4VCI] filter for asymmetric keys ( #42758 )
...
Closes #42755
Signed-off-by: Stefan Wiedemann <wistefan@googlemail.com >
2025-09-23 09:37:25 +02:00