Peter Zaoral
78299ae82d
Enhancement: normalize FilesPlaintextVaultProvider secret paths to prevent false positives in CSAs ( #44345 )
...
Signed-off-by: Peter Zaoral <pzaoral@redhat.com>
2026-02-03 21:21:04 +00:00
Stefan Guilhen
021d544000
Ensure required action is enabled at the realm level before adding it to the user via workflow step
...
Closes #45976
Signed-off-by: Stefan Guilhen <sguilhen@redhat.com>
2026-02-03 14:51:28 -03:00
rmartinc
c63f54ba3a
Client policy executor to allow extra audiences for JWT authorization grant
...
Closes #45180
Signed-off-by: rmartinc <rmartinc@redhat.com>
2026-02-03 13:39:31 +01:00
Pedro Igor
072f547b71
Make sure disabled organization is ignored when re-authenticating
...
Closes #45924
Signed-off-by: Pedro Igor <pigor.craveiro@gmail.com>
2026-02-03 12:41:39 +01:00
forkimenjeckayang
3adcca44a7
[OID4VCI] CredentialEndpoint can be invoked with incorrect access token ( #45816 )
...
closes #44670
closes #44580
Signed-off-by: forkimenjeckayang <forkimenjeckayang@gmail.com>
2026-02-02 19:29:40 +01:00
Steven Hawkins
9462f0f00b
updating to quarkus 3.31.1 ( #45612 )
...
Weblate Sync / Trigger Weblate to pull the latest changes (push) Has been cancelled
* fix: updating to quarkus 3.31.0.CR1
closes : #45576
Signed-off-by: Steve Hawkins <shawkins@redhat.com>
* updating test containers for 3.31.0.CR1
also adding a managed version for microprofile-metrics-api
Signed-off-by: Steve Hawkins <shawkins@redhat.com>
* excluding quarkus-bootstrap-runner to prevent trace logging
Signed-off-by: Steve Hawkins <shawkins@redhat.com>
* changing to new logging context for hibernate jpa
Signed-off-by: Steve Hawkins <shawkins@redhat.com>
* switching to 3.31.0 release
Signed-off-by: Steve Hawkins <shawkins@redhat.com>
* switching to 3.31.1 release
Signed-off-by: Steve Hawkins <shawkins@redhat.com>
* Follow upgrading guide for Quarkus 3.31.0
Signed-off-by: Martin Bartoš <mabartos@redhat.com>
* turning of specific hibernate logging
Signed-off-by: Steve Hawkins <shawkins@redhat.com>
* removing quarkus-bootstrap-runner from the model test classpath
Signed-off-by: Steve Hawkins <shawkins@redhat.com>
---------
Signed-off-by: Steve Hawkins <shawkins@redhat.com>
Signed-off-by: Martin Bartoš <mabartos@redhat.com>
Co-authored-by: Martin Bartoš <mabartos@redhat.com>
2026-02-02 17:50:56 +01:00
Stefan Guilhen
6e408dd7bc
Introduce WorkflowEventSpi
...
- supports custom event handling beyond the built-in workflow capabilities.
Closes #43916
Signed-off-by: Stefan Guilhen <sguilhen@redhat.com>
2026-02-02 11:18:27 -03:00
rmartinc
d4e9b16ea9
Include version in system-info for manage-realm and restrict view-system mapping
...
Closes #45776
Signed-off-by: rmartinc <rmartinc@redhat.com>
2026-02-02 12:40:57 +01:00
Pedro Igor
13cf35ded3
Only realm admins can manage workflows
...
Weblate Sync / Trigger Weblate to pull the latest changes (push) Has been cancelled
Closes #45875
Signed-off-by: Pedro Igor <pigor.craveiro@gmail.com>
2026-01-30 21:18:06 +01:00
Pedro Igor
2dab08d5ed
Make sure disabled organizations are not available from selection
...
Closes #45874
Signed-off-by: Pedro Igor <pigor.craveiro@gmail.com>
2026-01-30 21:17:35 +01:00
NAMAN JAIN
c652adff78
Add format-specific credential metadata contribution for OID4VC
...
Introduce a CredentialBuilder hook that allows credential formats to
contribute format-specific metadata to the OID4VC issuer well-known
configuration. The issuer delegates metadata shaping to the
corresponding CredentialBuilder implementation.
Refactor metadata contribution to work directly with
SupportedCredentialConfiguration and CredentialScopeModel, improving
type-safety and avoiding unnecessary serialization.
Add integration tests to verify that SD-JWT credentials expose `vct`
without `credential_definition`, and JWT_VC credentials expose
`credential_definition` without `vct`.
Closes #45485
Signed-off-by: NAMAN JAIN <naman.049259@tmu.ac.in>
2026-01-30 19:39:07 +01:00
Thomas Diesler
c08ed20f78
[OID4VCI] Add support for user did as subject id ( #45008 )
...
closes #45006
Signed-off-by: Thomas Diesler <tdiesler@ibm.com>
2026-01-30 17:29:47 +01:00
mposolda
7b36fa174b
Duplicate processing of authorization_details from AuthorizationDetailsProcessorManager
...
closes #45859
Signed-off-by: mposolda <mposolda@gmail.com>
2026-01-29 17:24:03 +01:00
Tero Saarni
cb4c533464
Add support for looking up client secrets via Vault SPI ( #39650 )
...
Fixes #13102
Signed-off-by: Tero Saarni <tero.saarni@est.tech>
2026-01-28 16:45:30 +01:00
Awambeng
d14e1d56a0
[OID4VCI] Fix OID4VCI credential requests to restrict Default client scopes ( #45011 )
...
Closes #44737
Signed-off-by: Awambeng Rodrick <awambengrodrick@gmail.com>
2026-01-28 15:50:02 +01:00
Martin Kanis
d73b1f926f
Update email AIA: Back to Application URL invokes OIDC callback with missing parameters
...
Closes #44488
Signed-off-by: Martin Kanis <mkanis@redhat.com>
2026-01-28 08:24:57 -03:00
forkimenjeckayang
f2f185b367
[OID4VCI] Add OID4VCI request/response support to OAuthClient utility ( #45784 )
...
closes : #44671
Signed-off-by: forkimenjeckayang <forkimenjeckayang@gmail.com>
2026-01-28 11:54:42 +01:00
NAMAN JAIN
5e3c0b6b28
Fix realm context handling for StoreSyncEvent processing
...
Signed-off-by: NAMAN JAIN <naman.049259@tmu.ac.in>
Fix realm context handling for StoreSyncEvent processing
Ensure the correct realm is resolved and set when handling StoreSyncEvent
inside transactional jobs. Restore the original session realm context to
avoid leakage and make StoreSyncEvent constructors public so events can be
safely published after transaction commit from RealmManager.
Closes #44574
2026-01-28 11:40:45 +01:00
Giuseppe Graziano
adbbb81299
Remove admin console public config endpoint
...
Closes #45728
Signed-off-by: Giuseppe Graziano <g.graziano94@gmail.com>
2026-01-28 10:43:20 +01:00
Stefan Guilhen
bc0e2ff10b
Move init/postInit/close to WorkflowConditionProviderFactory, cleanup implementations
...
Closes #45767
Signed-off-by: Stefan Guilhen <sguilhen@redhat.com>
2026-01-27 15:06:01 -03:00
Stefan Guilhen
c13a1772f8
Adds ability to migrate scheduled workflow resources from one step to another step in the same or different workflow
...
Closes #45174
Signed-off-by: Stefan Guilhen <sguilhen@redhat.com>
2026-01-27 13:46:18 -03:00
Giuseppe Graziano
6744f46841
Max expiration for Google IDToken
...
Closes #45725
Signed-off-by: Giuseppe Graziano <g.graziano94@gmail.com>
2026-01-27 13:18:51 +01:00
mposolda
e414050524
Remove AuthorizationDetailsResponse and make AuthorizationDetailsJSONRepresentation as base of RAR processors
...
closes #45706
Signed-off-by: mposolda <mposolda@gmail.com>
2026-01-26 17:21:45 +01:00
mposolda
76c4263db9
Polishing based on PR review. Fix flaky tests
...
closes #44961
Signed-off-by: mposolda <mposolda@gmail.com>
2026-01-26 08:45:41 +01:00
mposolda
416a6017c2
Make authorizationDetails processing more generic and not tightly coupled to OID4VCI. Fixes
...
closes #44961
Signed-off-by: mposolda <mposolda@gmail.com>
2026-01-26 08:45:41 +01:00
forkimenjeckayang
17a2678438
Resolve bug: Authorization_details added to token-response even when should not be
...
closes #44961
Signed-off-by: forkimenjeckayang <forkimenjeckayang@gmail.com>
2026-01-26 08:45:41 +01:00
Alexander Schwartz
ea29c25f20
Additional restrictions when to issue a redirect to the caller on rolling updates
...
Closes #45574
Signed-off-by: Alexander Schwartz <alexander.schwartz@ibm.com>
Signed-off-by: Alexander Schwartz <alexander.schwartz@gmx.net>
Co-authored-by: Pedro Ruivo <pruivo@users.noreply.github.com>
2026-01-23 07:33:41 -03:00
Martin Bartoš
44375e2178
Hibernate Validator is enabled by default when not used ( #45681 )
...
* Hibernate Validator is enabled by default when not used
Closes #45677
Signed-off-by: Martin Bartoš <mabartos@redhat.com>
* Disable Hibernate Validator factory customizer only for non testing
Signed-off-by: Martin Bartoš <mabartos@redhat.com>
---------
Signed-off-by: Martin Bartoš <mabartos@redhat.com>
2026-01-22 16:59:39 +01:00
vramik
111ba36504
Organization Groups Core Backend & API
...
Closes #45562
Signed-off-by: vramik <vramik@redhat.com>
2026-01-22 09:39:24 -03:00
rmartinc
d67349f3aa
Check if requested user is enabled for impersonation in TE v1
...
Closes #45651
Signed-off-by: rmartinc <rmartinc@redhat.com>
2026-01-22 12:47:55 +01:00
Alexander Schwartz
fd9c513c9c
When creating or updating a Kubernetes IDP, check if issuer URL is unique
...
Closes #45449
Signed-off-by: Alexander Schwartz <alexander.schwartz@ibm.com>
2026-01-21 17:52:11 +01:00
Awambeng
39ef0e7a6a
Fix realm import failure when OID4VCI credential-offer-create role exists ( #45028 )
...
Closes #44637
Signed-off-by: Awambeng Rodrick <awambengrodrick@gmail.com>
2026-01-21 16:53:39 +01:00
Awambeng
9990df02b2
[OID4VCI] Add OID4VC tests to FIPS suite ( #45384 )
...
Closes #44105
Signed-off-by: Awambeng Rodrick <awambengrodrick@gmail.com>
2026-01-21 16:50:33 +01:00
Giuseppe Graziano
b74be6ed41
JWT Authorization Grant for Google idp ( #45543 )
...
Closes #45179
Signed-off-by: Giuseppe Graziano <g.graziano94@gmail.com>
2026-01-21 16:17:52 +01:00
rmartinc
7e20b87136
Add abstract property for themes and do not display base for selection
...
Closes #41924
Signed-off-by: rmartinc <rmartinc@redhat.com>
2026-01-21 15:42:52 +01:00
Hathoute
ea2083ed2c
Support for clients in workflows
...
Signed-off-by: Hathoute <whitesmith.thedj@gmail.com>
Signed-off-by: Pedro Igor <pigor.craveiro@gmail.com>
2026-01-21 11:20:30 -03:00
Giuseppe Graziano
3c3915556c
OIDC identity provider issuer config
...
Closes #45590
Signed-off-by: Giuseppe Graziano <g.graziano94@gmail.com>
2026-01-20 13:19:16 +01:00
forkimenjeckayang
fa28ddddb2
[OID4VCI] Disable OID4VCI functionality when Verified Credentials switch is off ( #44995 )
...
closes #44622
Signed-off-by: forkimenjeckayang <forkimenjeckayang@gmail.com>
Signed-off-by: mposolda <mposolda@gmail.com>
Co-authored-by: mposolda <mposolda@gmail.com>
2026-01-19 14:09:42 +01:00
Nikita Bohuslavskyi
348670ae32
Align organization broker redirect after OTP setup
...
Closes #40510
Signed-off-by: Nikita Bohuslavskyi <nikita.bohuslavskyi@student.tuke.sk>
2026-01-19 08:30:47 -03:00
Steve Hawkins
eff97618ef
fix: moving nonserver defaults out of application.properties
...
closes : #42332
Signed-off-by: Steve Hawkins <shawkins@redhat.com>
2026-01-19 12:11:12 +01:00
Steven Hawkins
c3739efaa6
fix: making cert lookup spi public ( #45010 )
...
closes : #33818
Signed-off-by: Steve Hawkins <shawkins@redhat.com>
2026-01-16 15:57:39 +01:00
rmartinc
07b9b9656b
Allow client_id as an audience in the JWT Authorization Grant and Client Assertions
...
Closes #45178
Signed-off-by: rmartinc <rmartinc@redhat.com>
2026-01-16 15:48:28 +01:00
Martin Kanis
4f91b5246e
User REST Admin API - count and search returns different amount of users
...
Closes #45219
Signed-off-by: Martin Kanis <mkanis@redhat.com>
2026-01-16 07:29:42 -03:00
mposolda
fcc9ade022
Not able to find key for credential signature if client scope was saved from admin console
...
Weblate Sync / Trigger Weblate to pull the latest changes (push) Waiting to run
closes #44699
Signed-off-by: mposolda <mposolda@gmail.com>
2026-01-16 08:51:51 +01:00
Tomohiko Ozawa
131131a003
include OrganizationInvitationResource to the admin REST API document
...
Closes #45474
Signed-off-by: Tomohiko Ozawa <kota65535@gmail.com>
2026-01-15 21:11:14 +00:00
Stefan Guilhen
c63a8aa087
Step provider factories cleanup
...
- adds default init, postInit, close, getConfigProperties methods to WorkflowStepProviderFactory
Closes #45398
Signed-off-by: Stefan Guilhen <sguilhen@redhat.com>
2026-01-15 15:32:45 -03:00
Stefan Guilhen
5ed7894502
Add step implementation to remove user attributes
...
Closes #44650
Signed-off-by: Stefan Guilhen <sguilhen@redhat.com>
2026-01-15 14:28:35 -03:00
Stefan Guilhen
744dfd0468
Allow ISO-8601 time formats for the workflows step-runner-task-interval config
...
Closes #45172
Signed-off-by: Stefan Guilhen <sguilhen@redhat.com>
2026-01-15 14:27:20 -03:00
Pedro Igor
37ff64446b
Allow hide organization brokers when the user does not map to any organization during login
...
Closes #45422
Signed-off-by: Pedro Igor <pigor.craveiro@gmail.com>
2026-01-15 15:19:43 +01:00
Thomas Diesler
8f0ec215b2
[OID4VCI] Issuer metadata contains unwanted 'id' for credential_configurations_supported ( #45210 )
...
closes #45209
Signed-off-by: Thomas Diesler <tdiesler@ibm.com>
2026-01-15 12:56:13 +01:00
