upstream/keycloak
1
0
Fork 0
mirror of https://github.com/keycloak/keycloak.git synced 2026-02-18 18:37:54 -05:00
Code Issues Projects Releases Packages Wiki Activity Actions 17
30212 commits 24 branches 294 tags 871 MiB
Commit graph

430 commits

Author SHA1 Message Date
Pedro Ruivo
4253a79eb2
Client or role parsing caching should be realm specific 
Closes #46403

Signed-off-by: Pedro Ruivo <1492066+pruivo@users.noreply.github.com>
Co-authored-by: Pedro Ruivo <1492066+pruivo@users.noreply.github.com>
 2026-02-17 16:57:38 +01:00
Pedro Ruivo
7e00961ee1
Cache evaluation of client roles with dots for role mapper 
Closes #43726

Signed-off-by: Pedro Ruivo <1492066+pruivo@users.noreply.github.com>
Co-authored-by: Pedro Ruivo <1492066+pruivo@users.noreply.github.com>
 2026-02-17 12:45:37 +01:00
Akbar Husain
3f62bb4d2b
Make shebang in bash scripts consistent (#37369) 
Closes #34983

Signed-off-by: akbarhusainpatel <apatel@intermiles.com>
 2026-02-17 11:32:28 +01:00
Geremia Taglialatela
418700b4f8
Fix duplicate header in VERIFY_EMAIL flow 
Fix #46105

Signed-off-by: Geremia Taglialatela <tagliala.dev@gmail.com>
Co-authored-by: tagliala <556268+tagliala@users.noreply.github.com>
 2026-02-16 16:26:22 +01:00
Steven Hawkins
c28cac9db3
fix: ensuring proper error handling for duplicate protocol mappers 
closes: #26946

Signed-off-by: Steve Hawkins <shawkins@redhat.com>
 2026-02-13 16:33:01 +00:00
Martin Bartoš
74988b5c0a
Extend client policies tests to check exact events (#46093) 
Closes #46114

Signed-off-by: Martin Bartoš <mabartos@redhat.com>
 2026-02-13 15:47:38 +01:00
Thomas Diesler
80839bfc44 -- make ctors package protected 
Signed-off-by: Thomas Diesler <tdiesler@ibm.com>
 2026-02-13 15:29:04 +01:00
Thomas Diesler
4341b8a314 [OID4VCI] Revisit and fix OAuthClient.preAuthorizedCodeGrantRequest() 
Signed-off-by: Thomas Diesler <tdiesler@ibm.com>
 2026-02-13 15:29:04 +01:00
Giuseppe Graziano
a8418b251d Unique issuer for identity providers 
Closes #45747

Signed-off-by: Giuseppe Graziano <g.graziano94@gmail.com>
 2026-02-13 08:44:07 +01:00
Thomas Diesler
44e7cf2da9 [OID4VCI] Simplify OID4VCAuthorizationDetail handling 
Signed-off-by: Thomas Diesler <tdiesler@ibm.com>
 2026-02-12 17:09:07 +01:00
Thomas Diesler
5659fa9ac7 [OID4VCI] Revisit and fix OAuthClient.credentialRequest() 
Signed-off-by: Thomas Diesler <tdiesler@ibm.com>
 2026-02-11 12:05:06 +01:00
Lukas Hanusovsky
8839c831b9
[Test Framework] testcontainers dependency refactor. (#46131) 
Signed-off-by: Lukas Hanusovsky <lhanusov@redhat.com>
 2026-02-11 10:07:12 +00:00
Thomas Diesler
de0ae92ebe [OID4VCI] Wrong typ value for SD-JWT VC 
Signed-off-by: Thomas Diesler <tdiesler@ibm.com>
 2026-02-11 08:28:07 +01:00
Giuseppe Graziano
d6f07f27ec
User validation in JWT Authorization Grant (#46149) 
Closes #46144

Signed-off-by: Giuseppe Graziano <g.graziano94@gmail.com>
 2026-02-10 13:09:05 +00:00
Thomas Diesler
64dee82f9f [OID4VCI] Revisit and fix OAuthClient.credentialOfferRequest() 
Signed-off-by: Thomas Diesler <tdiesler@ibm.com>
 2026-02-10 13:15:45 +01:00
Valeria
05ff44b8a0
Patch CVE-2026-0707. Add validation on Authorization Header with Bearer, add tests (#45787) 
Closes #45649

Signed-off-by: Valeria Epifanova <lerkamandarinka24@gmail.com>
 2026-02-10 13:10:29 +01:00
Giuseppe Graziano
176dc8902c
Check if idp is enabled for JWT Auth Grant and Federated Client Auth (#46148) 
Closes #46146

Signed-off-by: Giuseppe Graziano <g.graziano94@gmail.com>
 2026-02-10 13:01:42 +01:00
Thomas Diesler
b4c1a2a890 [OID4VCI] Revisit and fix OAuthClient.credentialOfferUriRequest() 
Signed-off-by: Thomas Diesler <tdiesler@ibm.com>
 2026-02-10 11:50:55 +01:00
Alexander Schwartz
fc7b1b1e83
Check if two IDPs with the same issuer URL exist before caching them 
Closes #45453

Signed-off-by: Alexander Schwartz <alexander.schwartz@ibm.com>
 2026-02-09 11:30:09 +01:00
Stefan Guilhen
9a32b5e2c4 Add ProviderEvents to workflows 
- custom listeners can now react to workflow operations

Closes #45170

Signed-off-by: Stefan Guilhen <sguilhen@redhat.com>
 2026-02-06 16:48:03 -03:00
Pedro Ruivo
02c6499d96
Deprecate unused methods in UserSessionProvider 
Closes #45823

Signed-off-by: Pedro Ruivo <1492066+pruivo@users.noreply.github.com>
Co-authored-by: Pedro Ruivo <1492066+pruivo@users.noreply.github.com>
 2026-02-06 19:04:19 +01:00
Lukas Hanusovsky
a21a53667e
Creating user with roles/clientRoles via UserSupplier is not supported. (#46070) 
Signed-off-by: Lukas Hanusovsky <lhanusov@redhat.com>
 2026-02-06 08:55:19 +00:00
Aggelos Sachtouris
6c003a41aa Format: apply code formatting using spotless 
Signed-off-by: Aggelos Sachtouris <aggelos_sachtouris@hotmail.com>
 2026-02-05 12:22:37 -03:00
Aggelos Sachtouris
fb58f1c40f fix: Test Old ResourceOperationType to UserCreatedWorkflowEventFactory 
Signed-off-by: Aggelos Sachtouris <aggelos_sachtouris@hotmail.com>
 2026-02-05 12:22:37 -03:00
Aggelos Sachtouris
e6e4017d3d doc: Changed comment on Unlink User Test 
Signed-off-by: Aggelos Sachtouris <aggelos_sachtouris@hotmail.com>
 2026-02-05 12:22:37 -03:00
Aggelos Sachtouris
dc6c1683bd Create test for unlink user workflow step 
Signed-off-by: Aggelos Sachtouris <aggelos_sachtouris@hotmail.com>
 2026-02-05 12:22:37 -03:00
Stian Thorgersen
ea4c8f65b6
Review realm cleanup in test framework 
Closes #45973

Signed-off-by: stianst <stianst@gmail.com>
 2026-02-04 18:03:15 +01:00
Awambeng
c40590762e
[OID4VCI] Add comprehensive tests for OID4VC authorization code flow (#45391) 
closes #44795


Signed-off-by: Awambeng Rodrick <awambengrodrick@gmail.com>
 2026-02-04 11:50:49 +01:00
Pedro Ruivo
297d8ac95d
Refactor ClientResource for better performance 
Closes #45838

Signed-off-by: Pedro Ruivo <1492066+pruivo@users.noreply.github.com>
Co-authored-by: Pedro Ruivo <1492066+pruivo@users.noreply.github.com>
 2026-02-04 11:29:18 +01:00
Stefan Guilhen
2111dcf913 Check only for the existence of the attribute if only the key is specified 
Closes #45983

Signed-off-by: Stefan Guilhen <sguilhen@redhat.com>
 2026-02-03 14:52:34 -03:00
Stefan Guilhen
021d544000 Ensure required action is enabled at the realm level before adding it to the user via workflow step 
Closes #45976

Signed-off-by: Stefan Guilhen <sguilhen@redhat.com>
 2026-02-03 14:51:28 -03:00
Martin Bartoš
3e568fc81b
OTEL: Use suggested 'code.function.name' for span attributes 
Closes #45944

Signed-off-by: Martin Bartoš <mabartos@redhat.com>
Co-authored-by: Alexander Schwartz <alexander.schwartz@gmx.net>
 2026-02-03 15:56:48 +01:00
rmartinc
c63f54ba3a Client policy executor to allow extra audiences for JWT authorization grant 
Closes #45180

Signed-off-by: rmartinc <rmartinc@redhat.com>
 2026-02-03 13:39:31 +01:00
Stefan Guilhen
6e408dd7bc Introduce WorkflowEventSpi 
- supports custom event handling beyond the built-in workflow capabilities.

Closes #43916

Signed-off-by: Stefan Guilhen <sguilhen@redhat.com>
 2026-02-02 11:18:27 -03:00
rmartinc
d4e9b16ea9 Include version in system-info for manage-realm and restrict view-system mapping 
Closes #45776

Signed-off-by: rmartinc <rmartinc@redhat.com>
 2026-02-02 12:40:57 +01:00
Pedro Igor
13cf35ded3
Only realm admins can manage workflows
Some checks failed
Weblate Sync / Trigger Weblate to pull the latest changes (push) Has been cancelled
Details 
Closes #45875

Signed-off-by: Pedro Igor <pigor.craveiro@gmail.com>
 2026-01-30 21:18:06 +01:00
Pedro Ruivo
02066f4985
Bugfix Refactor SessionsResource 
Closes #45727

Signed-off-by: Pedro Ruivo <1492066+pruivo@users.noreply.github.com>
Co-authored-by: Pedro Ruivo <1492066+pruivo@users.noreply.github.com>
 2026-01-29 14:51:50 +01:00
Pedro Ruivo
bae3963d25
Refactor SessionsResource for better memory usage and performance 
Closes #45727

Signed-off-by: Pedro Ruivo <1492066+pruivo@users.noreply.github.com>
Signed-off-by: Alexander Schwartz <alexander.schwartz@ibm.com>
Co-authored-by: Pedro Ruivo <1492066+pruivo@users.noreply.github.com>
Co-authored-by: Alexander Schwartz <alexander.schwartz@ibm.com>
 2026-01-29 11:38:54 +01:00
Tero Saarni
cb4c533464
Add support for looking up client secrets via Vault SPI (#39650) 
Fixes #13102


Signed-off-by: Tero Saarni <tero.saarni@est.tech>
 2026-01-28 16:45:30 +01:00
Pedro Igor
b9243a7270
Only enable JS policies if the scripts feature is enabled 
Closes #44132

Signed-off-by: Pedro Igor <pigor.craveiro@gmail.com>
 2026-01-28 12:28:32 +01:00
Alexander Schwartz
0ddb355d3d
Optimize deletion of composite roles 
Closes #45065

Signed-off-by: Alexander Schwartz <alexander.schwartz@ibm.com>
 2026-01-28 08:05:16 -03:00
forkimenjeckayang
f2f185b367
[OID4VCI] Add OID4VCI request/response support to OAuthClient utility (#45784) 
closes: #44671


Signed-off-by: forkimenjeckayang <forkimenjeckayang@gmail.com>
 2026-01-28 11:54:42 +01:00
Stefan Guilhen
c13a1772f8 Adds ability to migrate scheduled workflow resources from one step to another step in the same or different workflow 
Closes #45174

Signed-off-by: Stefan Guilhen <sguilhen@redhat.com>
 2026-01-27 13:46:18 -03:00
Steven Hawkins
38b5466093
fix: aligns our dev http-host default behavior with that of quarkus (#45691) 
closes: #42876

Signed-off-by: Steve Hawkins <shawkins@redhat.com>
Signed-off-by: Steven Hawkins <shawkins@redhat.com>
 2026-01-27 16:51:47 +01:00
Peter Zaoral
d2be206a9f
Run new test framework db tests on Azure (#45735) 
* Run new test framework db tests on Azure

Closes: #45658

Signed-off-by: Peter Zaoral <pepo48@gmail.com>

* Run new test framework db tests on Azure

Closes: #45658

Signed-off-by: Peter Zaoral <pepo48@gmail.com>

---------

Signed-off-by: Peter Zaoral <pepo48@gmail.com>
 2026-01-27 08:11:37 +00:00
mposolda
e414050524 Remove AuthorizationDetailsResponse and make AuthorizationDetailsJSONRepresentation as base of RAR processors 
closes #45706

Signed-off-by: mposolda <mposolda@gmail.com>
 2026-01-26 17:21:45 +01:00
mposolda
416a6017c2 Make authorizationDetails processing more generic and not tightly coupled to OID4VCI. Fixes 
closes #44961

Signed-off-by: mposolda <mposolda@gmail.com>
 2026-01-26 08:45:41 +01:00
Šimon Vacek
8f0cbcb244
Run new framework db testsuite on Aurora
Some checks are pending
Weblate Sync / Trigger Weblate to pull the latest changes (push) Waiting to run
Details 
Closes #41940

Signed-off-by: Simon Vacek <simonvacky@email.cz>
 2026-01-22 20:14:54 +01:00
vramik
111ba36504 Organization Groups Core Backend & API 
Closes #45562

Signed-off-by: vramik <vramik@redhat.com>
 2026-01-22 09:39:24 -03:00
Alexander Schwartz
fd9c513c9c
When creating or updating a Kubernetes IDP, check if issuer URL is unique 
Closes #45449

Signed-off-by: Alexander Schwartz <alexander.schwartz@ibm.com>
 2026-01-21 17:52:11 +01:00