upstream/keycloak
1
0
Fork 0
mirror of https://github.com/keycloak/keycloak.git synced 2026-02-03 20:39:33 -05:00
Code Issues Projects Releases Packages Wiki Activity Actions 4
30079 commits 23 branches 291 tags 855 MiB
Commit graph

30079 commits

This branch
This branch
All branches
Author SHA1 Message Date
Awambeng Rodrick
07b2cbd33d Make OID4VC credential offer storage cluster-aware and rename provider 
- Replace InMemoryCredentialOfferStorage with DefaultCredentialOfferStorage backed by singleUseObjects (Infinispan)
- Fix expiration handling by converting absolute expiration timestamps to lifespan seconds and skipping already-expired entries
- Rename factory to DefaultCredentialOfferStorageFactory and change provider id to default
- Update SPI service registration and add JavaDoc clarifying cluster/cross-DC behavior

Closes #44674

Signed-off-by: Awambeng Rodrick <awambengrodrick@gmail.com>
 2026-01-15 12:35:30 +01:00
Thomas Diesler
d8b74e77ab
OID4VCI credentials have invalid subject id value (#45004) 
closes #43854


Signed-off-by: Thomas Diesler <tdiesler@ibm.com>
 2026-01-15 12:28:30 +01:00
Martin Bartoš
ab25c8e059 Fix link to OpenTelemetry guide in logging 
Closes keycloak/keycloak-web#692

Co-authored-by: Ryan Emerson <remerson@ibm.com>
Signed-off-by: Martin Bartoš <mabartos@redhat.com>
 2026-01-15 11:05:21 +01:00
Giuseppe Graziano
db1f75a1cf
Fix duplicate address claim in IDToken (#45423) 
Closes #45250

Signed-off-by: Giuseppe Graziano <g.graziano94@gmail.com>
 2026-01-15 08:48:31 +01:00
Peter Skopek
87acc63f99
Determine root distribution directory properly from ZIP file itself. (#43406) 
* Determine root distribution directory properly from ZIP file itself.

Closes #43356

Signed-off-by: Peter Skopek <pskopek@redhat.com>

* Apply suggestions from code review

Co-authored-by: Martin Bartoš <mabartos@redhat.com>
Signed-off-by: Peter Skopek <skpeter@gmail.com>
Signed-off-by: Peter Skopek <pskopek@redhat.com>

---------

Signed-off-by: Peter Skopek <pskopek@redhat.com>
Signed-off-by: Peter Skopek <skpeter@gmail.com>
Co-authored-by: Martin Bartoš <mabartos@redhat.com>
 2026-01-15 08:36:18 +01:00
Steven Hawkins
a4df602f62
fix: refining arg handling (#44579) 
relying on picocli parsing as much as possible

closes: #44578

Signed-off-by: Steve Hawkins <shawkins@redhat.com>
 2026-01-14 10:57:48 -05:00
Martin Bartoš
f09c906f87
OpenApiDistTest fails in CI (#45426) 
Closes #45425

Signed-off-by: Martin Bartoš <mabartos@redhat.com>
 2026-01-14 08:52:11 -05:00
Björn Eickvonder
7e32e10b27
fix(admin-ui): admin events for dedicated user now show all user related events (#45333) (#45414) 
Signed-off-by: Björn Eickvonder <bjoern.eickvonder@inform-software.com>
 2026-01-14 08:12:20 -05:00
Ryan Emerson
349c722ed9
Update multi-cluster documentation for zero-downtime upgrades 
Closes #45338

Parts of the Infinispan docs for the in-place update of patch releases rely on ISPN16 behavior.

Signed-off-by: Ryan Emerson <remerson@ibm.com>
 2026-01-14 12:35:03 +01:00
Stian Thorgersen
198730cd0d
Allow absolute path for cache-config-file (#45416) 
Closes #19374

Signed-off-by: stianst <stianst@gmail.com>
 2026-01-14 11:05:50 +00:00
Martin Bartoš
b61a00cbba
[admin-api-v2] Every distinct Admin API should be versioned (#44527) 
Closes #44527

Signed-off-by: Martin Bartoš <mabartos@redhat.com>
 2026-01-14 12:05:33 +01:00
Pedro Igor
cca5ef44fa Updating the documentation 
Signed-off-by: Pedro Igor <pigor.craveiro@gmail.com>
 2026-01-13 16:42:07 -03:00
ksushant881
b2a1219937 Rename config 
Closes #44676

Signed-off-by: ksushant881 <ksushant881@gmail.com>
 2026-01-13 16:42:07 -03:00
ksushant881
def4edd7d4 Make target configurable in workflow notify user step 
Closes #44676

Signed-off-by: ksushant881 <ksushant881@gmail.com>
 2026-01-13 16:42:07 -03:00
Ryan Emerson
c8635f9bf2
ISPN16: Upgrade to Infinispan 16.0.5 
Closes #45341

- Remove query modules
- Remove unused config file
- Update config file versions
- Update jgroups attributes
- Remove ISPN-16595 workaround
- Call HotRodServer#postStart in HotRodServerRule to start caches as well as the server
- Simplify cluster-ha.xml
- Utilise org.infinispan.commons.util.TimeQuantity in CacheConfiguration
- Cleanup when InfinispanContainer startup fails
- RemoteUserSessionProvider remote query calls must not use negative values for offsets and maxResults
- Remove use of deprecated org.infinispan.server.test.core.InfinispanContainer class
- Use testcontainers-infinispan dependency
- Explicitly utilise "legacy" metrics
- Remove explicit `name-as-tags` configuration as Infinispan 16 defaults to true
- Remove test configuration not required since #31807

Signed-off-by: Ryan Emerson <remerson@ibm.com>
Signed-off-by: Alexander Schwartz <alexander.schwartz@ibm.com>
Co-authored-by: Alexander Schwartz <alexander.schwartz@ibm.com>
 2026-01-13 17:26:43 +01:00
rmartinc
0cff95581e Add missing icons for keycloak.v2 login theme 
Closes #45162

Signed-off-by: rmartinc <rmartinc@redhat.com>
 2026-01-13 15:45:20 +01:00
Martin Kanis
b128af59d2 Organization feature exposes and fills the account name automatically in user/password form 
Closes #44417

Signed-off-by: Martin Kanis <mkanis@redhat.com>
 2026-01-13 11:04:57 -03:00
Stefan Guilhen
75b0a8aa2a
When fetching scheduled workflows, return all steps with status completed/pending 
Closes #45212

Signed-off-by: Stefan Guilhen <sguilhen@redhat.com>
 2026-01-13 14:34:13 +01:00
Erik Jan de Wit
b1834fd10d
Add SAML client model mapper for admin-v2 API (#45200) 
* Add SAML client model mapper for admin-v2 API

Implements mapper and factory for converting between SAMLClientModel
and SAMLClientRepresentation, including support for SAML-specific
attributes like signature algorithms, name ID formats, and certificates.

Fixes #44853

Signed-off-by: Erik Jan de Wit <erikjan.dewit@gmail.com>

* updated test to test specific Saml and Oidc fields

Signed-off-by: Erik Jan de Wit <erikjan.dewit@gmail.com>

* fix test

Signed-off-by: Erik Jan de Wit <erikjan.dewit@gmail.com>

---------

Signed-off-by: Erik Jan de Wit <erikjan.dewit@gmail.com>
 2026-01-13 13:37:04 +01:00
Steven Hawkins
819de5e33a
fix: changing how scripts are loaded from the classpath (#45358) 
closes: #43975

Signed-off-by: Steve Hawkins <shawkins@redhat.com>
 2026-01-13 11:32:24 +01:00
Giuseppe Graziano
23aad2a942
DPoP Guide (#45274) 
Closes #42747

Signed-off-by: Giuseppe Graziano <g.graziano94@gmail.com>
 2026-01-13 11:01:28 +01:00
Stian Thorgersen
0a9c59932d
Fix no error throw if Keycloak is configured wrongly, and add support to setting timeout from testsuite 
Closes #44100, Closes #39168

Signed-off-by: stianst <stianst@gmail.com>
 2026-01-13 09:15:59 +01:00
Ryan Emerson
141bcee4dd
Document that the the HA architectures are tested with Openshift 4.18 
Closes #45360

Signed-off-by: Ryan Emerson <remerson@ibm.com>
 2026-01-13 09:10:28 +01:00
vramik
5d773e688b Fix charset of ORG.ID for mysql/mariadb 
Closes #45239

Signed-off-by: vramik <vramik@redhat.com>
 2026-01-12 17:02:45 -03:00
dependabot[bot]
ad695dc700
Bump @eslint/compat from 1.4.0 to 2.0.0 in /js (#45248) 
Bumps [@eslint/compat](https://github.com/eslint/rewrite/tree/HEAD/packages/compat) from 1.4.0 to 2.0.0.
- [Release notes](https://github.com/eslint/rewrite/releases)
- [Changelog](https://github.com/eslint/rewrite/blob/main/packages/compat/CHANGELOG.md)
- [Commits](https://github.com/eslint/rewrite/commits/compat-v2.0.0/packages/compat)

---
updated-dependencies:
- dependency-name: "@eslint/compat"
  dependency-version: 2.0.0
  dependency-type: direct:development
  update-type: version-update:semver-major
...

Signed-off-by: dependabot[bot] <support@github.com>
Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com>
 2026-01-12 14:34:38 -05:00
dependabot[bot]
262d200f96
Bump vitest from 3.2.4 to 4.0.16 in /js (#45247) 
Bumps [vitest](https://github.com/vitest-dev/vitest/tree/HEAD/packages/vitest) from 3.2.4 to 4.0.16.
- [Release notes](https://github.com/vitest-dev/vitest/releases)
- [Commits](https://github.com/vitest-dev/vitest/commits/v4.0.16/packages/vitest)

---
updated-dependencies:
- dependency-name: vitest
  dependency-version: 4.0.16
  dependency-type: direct:development
  update-type: version-update:semver-major
...

Signed-off-by: dependabot[bot] <support@github.com>
Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com>
 2026-01-12 14:34:12 -05:00
dependabot[bot]
dcf14b7485
Bump @types/node from 24.9.1 to 25.0.3 in /js (#45246) 
Bumps [@types/node](https://github.com/DefinitelyTyped/DefinitelyTyped/tree/HEAD/types/node) from 24.9.1 to 25.0.3.
- [Release notes](https://github.com/DefinitelyTyped/DefinitelyTyped/releases)
- [Commits](https://github.com/DefinitelyTyped/DefinitelyTyped/commits/HEAD/types/node)

---
updated-dependencies:
- dependency-name: "@types/node"
  dependency-version: 25.0.3
  dependency-type: direct:development
  update-type: version-update:semver-major
...

Signed-off-by: dependabot[bot] <support@github.com>
Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com>
 2026-01-12 14:33:33 -05:00
dependabot[bot]
46a51512b2
Bump @rollup/plugin-commonjs from 28.0.8 to 29.0.0 in /js (#45245) 
Bumps [@rollup/plugin-commonjs](https://github.com/rollup/plugins/tree/HEAD/packages/commonjs) from 28.0.8 to 29.0.0.
- [Changelog](https://github.com/rollup/plugins/blob/master/packages/commonjs/CHANGELOG.md)
- [Commits](https://github.com/rollup/plugins/commits/commonjs-v29.0.0/packages/commonjs)

---
updated-dependencies:
- dependency-name: "@rollup/plugin-commonjs"
  dependency-version: 29.0.0
  dependency-type: direct:development
  update-type: version-update:semver-major
...

Signed-off-by: dependabot[bot] <support@github.com>
Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com>
 2026-01-12 14:32:53 -05:00
dependabot[bot]
242847b50a
Bump i18next-fetch-backend from 6.0.0 to 7.0.0 in /js (#45243) 
Bumps [i18next-fetch-backend](https://github.com/dotcore64/i18next-fetch-backend) from 6.0.0 to 7.0.0.
- [Release notes](https://github.com/dotcore64/i18next-fetch-backend/releases)
- [Commits](https://github.com/dotcore64/i18next-fetch-backend/compare/v6.0.0...v7.0.0)

---
updated-dependencies:
- dependency-name: i18next-fetch-backend
  dependency-version: 7.0.0
  dependency-type: direct:production
  update-type: version-update:semver-major
...

Signed-off-by: dependabot[bot] <support@github.com>
Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com>
 2026-01-12 14:32:10 -05:00
rmartinc
e6fb3aa7df Use RawSqlStatement instead of RawParameterizedSqlStatement for Saml encryption update 
Closes #45107

Signed-off-by: rmartinc <rmartinc@redhat.com>
 2026-01-12 17:06:17 +01:00
Pedro Igor
c33d94da65 Allow admins with any admin role to map roles if the constraints apply 
Closes #44371
Closes #45182

Signed-off-by: Pedro Igor <pigor.craveiro@gmail.com>
 2026-01-12 12:56:30 -03:00
forkimenjeckayang
f9d20b84be
[OID4VCI]: Fix OID4VCI scope save to drop empty fields and apply defaults (#44874) 
closes #44846
closes #44807

Signed-off-by: forkimenjeckayang <forkimenjeckayang@gmail.com>
 2026-01-12 15:53:17 +01:00
Pedro Igor
e979735a04 Handle fragment when accessing the admin console
Some checks failed
Weblate Sync / Trigger Weblate to pull the latest changes (push) Has been cancelled
Details 
Closes #45116

Signed-off-by: Pedro Igor <pigor.craveiro@gmail.com>
 2026-01-12 10:37:33 -03:00
Stan Silvert
eb77c055f5 Clarify documentation. 
Signed-off-by: Stan Silvert <ssilvert@redhat.com>
 2026-01-12 10:36:10 -03:00
Stan Silvert
411a087490 Fix permission on create realm dialog. 
Fixes #44783

Signed-off-by: Stan Silvert <ssilvert@redhat.com>
 2026-01-12 10:36:10 -03:00
Stan Silvert
82b2c28c31 Allow view-users role to see Groups->Role Mapping tab. 
Fixes #45093

Signed-off-by: Stan Silvert <ssilvert@redhat.com>
 2026-01-12 10:35:48 -03:00
Stefan Guilhen
e22016db7f Use dedicated error message when user is already linked to idp 
Closes #45322

Signed-off-by: Stefan Guilhen <sguilhen@redhat.com>
 2026-01-12 10:32:01 -03:00
vramik
99a46155ca Flaky test: org.keycloak.testsuite.federation.ldap.LDAPGroupMapperTest#test06_addingUserToNewKeycloakGroup 
Closes #44283

Signed-off-by: vramik <vramik@redhat.com>
 2026-01-12 10:12:16 -03:00
Ryan Emerson
172aa86c6d
Increase the regularly tested load documented in HA guides 
Closes #45233

Signed-off-by: Ryan Emerson <remerson@ibm.com>
 2026-01-12 14:02:51 +01:00
Markus Dahm
2d9b216abe
Set inital status in context to avoid subsequent NPE 
Closes #45003

Signed-off-by: Markus Dahm <markus.dahm@spree.de>
 2026-01-12 11:49:12 +01:00
mposolda
1273c8db0e DCR endpoint ignores client's requested token_endpoint_auth_method in case it is client_secret_post 
closes #44403

Signed-off-by: mposolda <mposolda@gmail.com>
 2026-01-12 09:54:04 +01:00
dependabot[bot]
2e05828f89
Bump actions/upload-artifact from 5.0.0 to 6.0.0 (#45328) 
Bumps [actions/upload-artifact](https://github.com/actions/upload-artifact) from 5.0.0 to 6.0.0.
- [Release notes](https://github.com/actions/upload-artifact/releases)
- [Commits](330a01c490...b7c566a772)

---
updated-dependencies:
- dependency-name: actions/upload-artifact
  dependency-version: 6.0.0
  dependency-type: direct:production
  update-type: version-update:semver-major
...

Signed-off-by: dependabot[bot] <support@github.com>
Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com>
 2026-01-11 17:27:00 +01:00
dependabot[bot]
314c75eb4c
Bump actions/download-artifact from 6.0.0 to 7.0.0 (#45329) 
Bumps [actions/download-artifact](https://github.com/actions/download-artifact) from 6.0.0 to 7.0.0.
- [Release notes](https://github.com/actions/download-artifact/releases)
- [Commits](018cc2cf5b...37930b1c2a)

---
updated-dependencies:
- dependency-name: actions/download-artifact
  dependency-version: 7.0.0
  dependency-type: direct:production
  update-type: version-update:semver-major
...

Signed-off-by: dependabot[bot] <support@github.com>
Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com>
 2026-01-11 17:26:30 +01:00
Rickard Ötvös
cbfd9eec6e
Add Swedish translation for admin messages
Some checks failed
Weblate Sync / Trigger Weblate to pull the latest changes (push) Has been cancelled
Details 
Adds messages_sv.properties to provide Swedish translations for all admin interface messages including password validation, LDAP errors, client URL validation, and error messages.

Closes #45281

Signed-off-by: Rickard Otvos <rickard.0413@gmail.com>
 2026-01-09 19:38:06 +01:00
Giuliano Mele
316f893d19 Remove unnecessary closing div in webauthn-authenticate template 
fix keycloak/keycloak#45307
 2026-01-09 19:04:20 +01:00
Ryan Emerson
f8b114bdd8
Add indexes to BROKER_LINK table 
Closes #45009

Signed-off-by: Ryan Emerson <remerson@ibm.com>
Signed-off-by: Alexander Schwartz <alexander.schwartz@ibm.com>
Co-authored-by: Alexander Schwartz <alexander.schwartz@ibm.com>
 2026-01-09 16:09:40 +00:00
Ricardo Martin
1aa1621eaa
Use MIME decoder instead of the default one to replace deprecated Base64 class 
Closes #45226

Signed-off-by: rmartinc <rmartinc@redhat.com>
 2026-01-09 16:38:09 +01:00
Alexander Schwartz
83f31b1003
Reset a password only once 
Closes #37231

Signed-off-by: Alexander Schwartz <alexander.schwartz@ibm.com>
Signed-off-by: Alexander Schwartz <alexander.schwartz@gmx.net>
Co-authored-by: Ricardo Martin <rmartinc@redhat.com>
 2026-01-09 09:30:16 -03:00
Geremia Taglialatela
5a705c2e04
Fix label class in config-totp template 
The labels in `login-config-totp.ftl` were statically styled with a
`form-control` class instead of the intended dynamic `kcLabelClass `
property.

This caused incorrect styling in custom themes inheriting the base
theme.

Update the markup to use `kcLabelClass`, matching the rest of the theme
and ensuring consistent label styling.

Closes #45069

Signed-off-by: Geremia Taglialatela <tagliala.dev@gmail.com>
 2026-01-09 11:59:40 +01:00
Pedro Igor
34dda98a36
Update email when linking account when sync mode is FORCE 
Closes #44905

Signed-off-by: Pedro Igor <pigor.craveiro@gmail.com>
 2026-01-09 11:58:49 +01:00