keycloak

mirror of https://github.com/keycloak/keycloak.git synced 2026-02-18 18:37:54 -05:00

Author	SHA1	Message	Date
Thomas Diesler	d2150a19d5	[OID4VCI] Make natural_person configuration available in all formats Signed-off-by: Thomas Diesler <tdiesler@ibm.com>	2026-02-13 15:30:55 +01:00
Thomas Diesler	80839bfc44	-- make ctors package protected Signed-off-by: Thomas Diesler <tdiesler@ibm.com>	2026-02-13 15:29:04 +01:00
Thomas Diesler	4341b8a314	[OID4VCI] Revisit and fix OAuthClient.preAuthorizedCodeGrantRequest() Signed-off-by: Thomas Diesler <tdiesler@ibm.com>	2026-02-13 15:29:04 +01:00
Thomas Diesler	44e7cf2da9	[OID4VCI] Simplify OID4VCAuthorizationDetail handling Signed-off-by: Thomas Diesler <tdiesler@ibm.com>	2026-02-12 17:09:07 +01:00
rmartinc	bd703eb767	Upgrade santuario to 3.0.6 to fix SANTUARIO-617 Closes #45680 Signed-off-by: rmartinc <rmartinc@redhat.com>	2026-02-12 15:57:50 +01:00
vramik	5a4685909e	Ability to add attributes to organization groups Closes #46263 Signed-off-by: vramik <vramik@redhat.com>	2026-02-12 10:43:18 -03:00
Thomas Diesler	5659fa9ac7	[OID4VCI] Revisit and fix OAuthClient.credentialRequest() Signed-off-by: Thomas Diesler <tdiesler@ibm.com>	2026-02-11 12:05:06 +01:00
Thomas Diesler	de0ae92ebe	[OID4VCI] Wrong typ value for SD-JWT VC Signed-off-by: Thomas Diesler <tdiesler@ibm.com>	2026-02-11 08:28:07 +01:00
Václav Muzikář	d45dfeb44a	Java 25 support (#45872 ) Closes #45905 Signed-off-by: Václav Muzikář <vmuzikar@ibm.com>	2026-02-10 23:35:35 +00:00
Pedro Igor	295945773e	Make sure updates do not allow updating the resource associated with the uma policy (#46154 ) Closes #46147 Signed-off-by: Pedro Igor <pigor.craveiro@gmail.com>	2026-02-10 16:42:27 +00:00
Pedro Igor	8fc9a98026	Make sure registration tokens are verified before processing registration (#46155 ) Closes #46145 Signed-off-by: Pedro Igor <pigor.craveiro@gmail.com>	2026-02-10 14:02:03 +01:00
Thomas Diesler	64dee82f9f	[OID4VCI] Revisit and fix OAuthClient.credentialOfferRequest() Signed-off-by: Thomas Diesler <tdiesler@ibm.com>	2026-02-10 13:15:45 +01:00
Marie Daly	7d6108d4b9	Redirect Wildcard changes and more https checks to secure-client-executor (#46082 ) Closes #45587 Signed-off-by: Marie Daly <marie.daly1@ibm.com>	2026-02-10 13:00:06 +01:00
vramik	0669a7eb14	Organization group path handling Closes #46025 Signed-off-by: vramik <vramik@redhat.com>	2026-02-10 08:11:07 -03:00
Thomas Diesler	b4c1a2a890	[OID4VCI] Revisit and fix OAuthClient.credentialOfferUriRequest() Signed-off-by: Thomas Diesler <tdiesler@ibm.com>	2026-02-10 11:50:55 +01:00
Ricardo Martin	f0381f8482	Check SubjectConfirmationData element for bearer type Closes #45646 Signed-off-by: rmartinc <rmartinc@redhat.com>	2026-02-10 08:20:17 +01:00
Martin Kanis	586463b772	Protocol Mappers for Organization Groups (OIDC/SAML) Closes #45511 Signed-off-by: Martin Kanis <mkanis@redhat.com>	2026-02-09 08:34:18 -03:00
Pedro Ruivo	02c6499d96	Deprecate unused methods in UserSessionProvider Closes #45823 Signed-off-by: Pedro Ruivo <1492066+pruivo@users.noreply.github.com> Co-authored-by: Pedro Ruivo <1492066+pruivo@users.noreply.github.com>	2026-02-06 19:04:19 +01:00
vramik	ca89a0cdc4	Organization Groups Caching Closes #45509 Signed-off-by: vramik <vramik@redhat.com>	2026-02-06 08:12:55 -03:00
vramik	f8246504c4	AuthorizationServices should prevent org group ids for group policies Closes #46050 Signed-off-by: vramik <vramik@redhat.com>	2026-02-06 08:12:25 -03:00
Hugo Hakim Damer	292a177b10	[OID4VCI] Add support for nested claims in OID4VCI user attribute mapper (#45751 ) Closes #45748 Signed-off-by: Hugo Hakim Damer <HugoHakim.Damer@governikus.de>	2026-02-06 10:57:12 +01:00
Awambeng	85d9360e45	[OID4VCI] Add replay protection for credential offers by reference (#45558 ) closes #44660 Signed-off-by: Awambeng Rodrick <awambengrodrick@gmail.com>	2026-02-05 10:06:58 +01:00
vramik	2411c21429	JpaOrganizationProvider.searchGroupsByName ignores search parameter Closes #46006 Signed-off-by: vramik <vramik@redhat.com>	2026-02-04 22:17:27 -03:00
Awambeng	c40590762e	[OID4VCI] Add comprehensive tests for OID4VC authorization code flow (#45391 ) closes #44795 Signed-off-by: Awambeng Rodrick <awambengrodrick@gmail.com>	2026-02-04 11:50:49 +01:00
Pedro Igor	072f547b71	Make sure disabled organization is ignored when re-authenticating Closes #45924 Signed-off-by: Pedro Igor <pigor.craveiro@gmail.com>	2026-02-03 12:41:39 +01:00
forkimenjeckayang	3adcca44a7	[OID4VCI] CredentialEndpoint can be invoked with incorrect access token (#45816 ) closes #44670 closes #44580 Signed-off-by: forkimenjeckayang <forkimenjeckayang@gmail.com>	2026-02-02 19:29:40 +01:00
Pedro Igor	2dab08d5ed	Make sure disabled organizations are not available from selection Closes #45874 Signed-off-by: Pedro Igor <pigor.craveiro@gmail.com>	2026-01-30 21:17:35 +01:00
NAMAN JAIN	c652adff78	Add format-specific credential metadata contribution for OID4VC Introduce a CredentialBuilder hook that allows credential formats to contribute format-specific metadata to the OID4VC issuer well-known configuration. The issuer delegates metadata shaping to the corresponding CredentialBuilder implementation. Refactor metadata contribution to work directly with SupportedCredentialConfiguration and CredentialScopeModel, improving type-safety and avoiding unnecessary serialization. Add integration tests to verify that SD-JWT credentials expose `vct` without `credential_definition`, and JWT_VC credentials expose `credential_definition` without `vct`. Closes #45485 Signed-off-by: NAMAN JAIN <naman.049259@tmu.ac.in>	2026-01-30 19:39:07 +01:00
Thomas Diesler	c08ed20f78	[OID4VCI] Add support for user did as subject id (#45008 ) closes #45006 Signed-off-by: Thomas Diesler <tdiesler@ibm.com>	2026-01-30 17:29:47 +01:00
Martin Kanis	0433b0017d	Organization Groups Import/Export Closes #45507 Signed-off-by: Martin Kanis <mkanis@redhat.com>	2026-01-30 12:11:03 -03:00
Tero Saarni	cb4c533464	Add support for looking up client secrets via Vault SPI (#39650 ) Fixes #13102 Signed-off-by: Tero Saarni <tero.saarni@est.tech>	2026-01-28 16:45:30 +01:00
Awambeng	d14e1d56a0	[OID4VCI] Fix OID4VCI credential requests to restrict Default client scopes (#45011 ) Closes #44737 Signed-off-by: Awambeng Rodrick <awambengrodrick@gmail.com>	2026-01-28 15:50:02 +01:00
Pedro Igor	26a33409c5	Covering hiding username/email when brute force is enabled during identity-first login Closes #45685 Signed-off-by: Pedro Igor <pigor.craveiro@gmail.com>	2026-01-28 08:29:46 -03:00
Pedro Igor	b9243a7270	Only enable JS policies if the scripts feature is enabled Closes #44132 Signed-off-by: Pedro Igor <pigor.craveiro@gmail.com>	2026-01-28 12:28:32 +01:00
Martin Kanis	d73b1f926f	Update email AIA: Back to Application URL invokes OIDC callback with missing parameters Closes #44488 Signed-off-by: Martin Kanis <mkanis@redhat.com>	2026-01-28 08:24:57 -03:00
forkimenjeckayang	f2f185b367	[OID4VCI] Add OID4VCI request/response support to OAuthClient utility (#45784 ) closes: #44671 Signed-off-by: forkimenjeckayang <forkimenjeckayang@gmail.com>	2026-01-28 11:54:42 +01:00
mposolda	e414050524	Remove AuthorizationDetailsResponse and make AuthorizationDetailsJSONRepresentation as base of RAR processors closes #45706 Signed-off-by: mposolda <mposolda@gmail.com>	2026-01-26 17:21:45 +01:00
mposolda	76c4263db9	Polishing based on PR review. Fix flaky tests closes #44961 Signed-off-by: mposolda <mposolda@gmail.com>	2026-01-26 08:45:41 +01:00
mposolda	416a6017c2	Make authorizationDetails processing more generic and not tightly coupled to OID4VCI. Fixes closes #44961 Signed-off-by: mposolda <mposolda@gmail.com>	2026-01-26 08:45:41 +01:00
forkimenjeckayang	17a2678438	Resolve bug: Authorization_details added to token-response even when should not be closes #44961 Signed-off-by: forkimenjeckayang <forkimenjeckayang@gmail.com>	2026-01-26 08:45:41 +01:00
Alexander Schwartz	ea29c25f20	Additional restrictions when to issue a redirect to the caller on rolling updates Closes #45574 Signed-off-by: Alexander Schwartz <alexander.schwartz@ibm.com> Signed-off-by: Alexander Schwartz <alexander.schwartz@gmx.net> Co-authored-by: Pedro Ruivo <pruivo@users.noreply.github.com>	2026-01-23 07:33:41 -03:00
vramik	111ba36504	Organization Groups Core Backend & API Closes #45562 Signed-off-by: vramik <vramik@redhat.com>	2026-01-22 09:39:24 -03:00
rmartinc	d67349f3aa	Check if requested user is enabled for impersonation in TE v1 Closes #45651 Signed-off-by: rmartinc <rmartinc@redhat.com>	2026-01-22 12:47:55 +01:00
Awambeng	39ef0e7a6a	Fix realm import failure when OID4VCI credential-offer-create role exists (#45028 ) Closes #44637 Signed-off-by: Awambeng Rodrick <awambengrodrick@gmail.com>	2026-01-21 16:53:39 +01:00
Awambeng	9990df02b2	[OID4VCI] Add OID4VC tests to FIPS suite (#45384 ) Closes #44105 Signed-off-by: Awambeng Rodrick <awambengrodrick@gmail.com>	2026-01-21 16:50:33 +01:00
Luca Tronchin	a351784c33	Remove empty labels from keycloak_user_events_total metric (#45583 ) Closes #45582 Signed-off-by: Luca Tronchin <ltronky@gmail.com>	2026-01-20 13:18:27 +01:00
forkimenjeckayang	fa28ddddb2	[OID4VCI] Disable OID4VCI functionality when Verified Credentials switch is off (#44995 ) closes #44622 Signed-off-by: forkimenjeckayang <forkimenjeckayang@gmail.com> Signed-off-by: mposolda <mposolda@gmail.com> Co-authored-by: mposolda <mposolda@gmail.com>	2026-01-19 14:09:42 +01:00
Pedro Igor	c8a41dea99	Reverting format changes, updating docs, and only exposing the method to fetch first-factor credentials Signed-off-by: Pedro Igor <pigor.craveiro@gmail.com>	2026-01-19 08:30:47 -03:00
Nikita Bohuslavskyi	348670ae32	Align organization broker redirect after OTP setup Closes #40510 Signed-off-by: Nikita Bohuslavskyi <nikita.bohuslavskyi@student.tuke.sk>	2026-01-19 08:30:47 -03:00
Steve Hawkins	aa5022aaf6	fix: removing references to shaded testcontainer classes closes: #45188 Signed-off-by: Steve Hawkins <shawkins@redhat.com>	2026-01-16 13:52:50 +01:00

1 2 3 4 5 ...

7813 commits