keycloak

mirror of https://github.com/keycloak/keycloak.git synced 2026-04-08 18:50:36 -04:00

Author	SHA1	Message	Date
Ryan Emerson	00c0dee3c4	Display Javascript policy description and code in admin UI Closes #47452 Signed-off-by: Ryan Emerson <remerson@ibm.com>	2026-04-02 12:37:56 -03:00
Laurids Møller Jepsen	3e3191d60c	Enable use of kc_idp_hint in Pushed Authorization Requests. The client can select which Identity Provider to use for user authentication by including an Identity Provider alias in a "kc_idp_hint" parameter in a Pushed Authorization Request. Closes #47229 Signed-off-by: Laurids Møller Jepsen <laurids.jepsen@cryptomathic.com>	2026-04-01 09:32:46 +02:00
Peter Skopek	d11136f671	Separate password and OTP brute force protection to prevent OTP bypass attacks by default Closes #46164 Signed-off-by: Peter Skopek <peter.skopek@ibm.com> Update model/infinispan/src/main/java/org/keycloak/models/sessions/infinispan/changes/remote/updater/loginfailures/LoginFailuresUpdater.java Co-authored-by: Pedro Ruivo <pruivo@users.noreply.github.com> Signed-off-by: Peter Skopek <peter.skopek@ibm.com> Add recovery codes to the list of brute force checked authenticators. Closes #46164 Signed-off-by: Peter Skopek <peter.skopek@ibm.com>	2026-03-17 18:57:37 +01:00
Stian Thorgersen	ca2bc8bd69	Initial experimental support for Resource Indicators (#46763 ) * Initial experimental support for Resource Indicators Closes #47040 Signed-off-by: stianst <stianst@gmail.com> # Conflicts: # services/src/main/java/org/keycloak/protocol/oidc/endpoints/TokenEndpoint.java # tests/utils-shared/src/main/java/org/keycloak/testsuite/util/oauth/LoginUrlBuilder.java * Rename TokenInterceptor to TokenPostProcessor Signed-off-by: stianst <stianst@gmail.com> --------- Signed-off-by: stianst <stianst@gmail.com>	2026-03-17 08:45:56 +01:00
Marek Posolda	c4a630da6d	[OID4VCI] User self-issued credential: Issuance initiated from web po… (#46327 ) closes #46196 Signed-off-by: mposolda <mposolda@gmail.com>	2026-03-17 08:41:16 +01:00
Thomas Diesler	6efb394398	[OID4VCI] Add support for `authorization_code` grant - Part4 (#46950 ) closes #47100 Signed-off-by: Thomas Diesler <tdiesler@proton.me> Signed-off-by: mposolda <mposolda@gmail.com> Co-authored-by: mposolda <mposolda@gmail.com>	2026-03-12 16:09:42 +01:00
Pedro Igor	63bf73362b	Enforcing expiration and issued for claims when validating ID tokens as claim tokens Closes #46717 Closes #46716 Signed-off-by: Pedro Igor <pigor.craveiro@gmail.com>	2026-03-09 21:18:31 +01:00
rmartinc	c47884111d	Use AESGCM for ecrypting the restart cookie with kid Closes #46350 Signed-off-by: rmartinc <rmartinc@redhat.com>	2026-03-05 14:47:48 +01:00
Pedro Igor	884e46d125	Enable and disable SCIM API to a realm through the administration console Closes #46755 Signed-off-by: Pedro Igor <pigor.craveiro@gmail.com>	2026-03-03 10:16:30 +01:00
Pedro Igor	3e3a7befd1	Initial code for SCIM core and testsuite (#45978 ) Closes #45712 Signed-off-by: Pedro Igor <pigor.craveiro@gmail.com>	2026-02-23 18:22:25 +01:00
Takashi Norimatsu	3892b9b5f1	Persistent CIMD (#45285 ) closes #45284 Signed-off-by: Takashi Norimatsu <takashi.norimatsu.ws@hitachi.com>	2026-02-23 12:47:35 +01:00
Awambeng	f55a41952f	[OID4VCI]: Normalize hash algorithm names to lowercase (#46449 ) Closes #45446 Signed-off-by: Awambeng Rodrick <awambengrodrick@gmail.com>	2026-02-23 08:16:54 +01:00
forkimenjeckayang	2d3258a209	[OID4VCI] Disable ldp_vc format and providers to focus on JWT VC and SD-JWT VC (#46485 ) closes #44875 Signed-off-by: forkimenjeckayang <forkimenjeckayang@gmail.com>	2026-02-20 09:50:48 +01:00
Thomas Diesler	613e55d733	[OID4VCI] Confine test realm setup to TestCase.configureTestRealm() Signed-off-by: Thomas Diesler <tdiesler@ibm.com>	2026-02-19 16:20:45 +01:00
Thomas Darimont	ddc79039ed	Improve SimpleHttp API (#46171 ) * Improve SimpleHttp API - Expose configured HTTP method from SimpleHttpRequest - Use same ObjectMapper configuration as in JsonSerialization used by the deprecated SimpleHTTP - Allow to configure the ObjectMapper to use by SimpleHttp - Expose ObjectMapper factory methods in JsonSerialization Fixes #43701 Signed-off-by: Thomas Darimont <thomas.darimont@googlemail.com> * Revise ObjectMapper creation methods in JsonSerialization Replace usage of deprecated method ``` mapper.setSerializationInclusion(JsonInclude.Include.NON_NULL); ``` with supported variant. Signed-off-by: Thomas Darimont <thomas.darimont@googlemail.com> * Use JsonSerialization.mapper directly in SimpleHttp Co-authored-by: Martin Bartoš <mabartos@redhat.com> Signed-off-by: Thomas Darimont <thomas.darimont@googlemail.com> --------- Signed-off-by: Thomas Darimont <thomas.darimont@googlemail.com> Co-authored-by: Martin Bartoš <mabartos@redhat.com>	2026-02-18 06:56:11 +01:00
Thomas Diesler	d2150a19d5	[OID4VCI] Make natural_person configuration available in all formats Signed-off-by: Thomas Diesler <tdiesler@ibm.com>	2026-02-13 15:30:55 +01:00
Thomas Diesler	44e7cf2da9	[OID4VCI] Simplify OID4VCAuthorizationDetail handling Signed-off-by: Thomas Diesler <tdiesler@ibm.com>	2026-02-12 17:09:07 +01:00
Thomas Diesler	de0ae92ebe	[OID4VCI] Wrong typ value for SD-JWT VC Signed-off-by: Thomas Diesler <tdiesler@ibm.com>	2026-02-11 08:28:07 +01:00
Benjamin DeWeese	67bbdf3dd2	Added theme descriptions in the Admin UI Closes #45909 Signed-off-by: Benjamin DeWeese <bdeweesevans@gmail.com> Signed-off-by: Alexander Schwartz <alexander.schwartz@ibm.com> Co-authored-by: Alexander Schwartz <alexander.schwartz@ibm.com>	2026-02-10 21:42:09 +00:00
rmartinc	e30bb37443	Mark Token Exchange v1 as deprecated but in preview Closes #45791 Signed-off-by: rmartinc <rmartinc@redhat.com>	2026-02-05 09:16:44 +01:00
Stefan Guilhen	6e408dd7bc	Introduce WorkflowEventSpi - supports custom event handling beyond the built-in workflow capabilities. Closes #43916 Signed-off-by: Stefan Guilhen <sguilhen@redhat.com>	2026-02-02 11:18:27 -03:00
rmartinc	d4e9b16ea9	Include version in system-info for manage-realm and restrict view-system mapping Closes #45776 Signed-off-by: rmartinc <rmartinc@redhat.com>	2026-02-02 12:40:57 +01:00
Thomas Diesler	c08ed20f78	[OID4VCI] Add support for user did as subject id (#45008 ) closes #45006 Signed-off-by: Thomas Diesler <tdiesler@ibm.com>	2026-01-30 17:29:47 +01:00
Stefan Guilhen	c13a1772f8	Adds ability to migrate scheduled workflow resources from one step to another step in the same or different workflow Closes #45174 Signed-off-by: Stefan Guilhen <sguilhen@redhat.com>	2026-01-27 13:46:18 -03:00
mposolda	e414050524	Remove AuthorizationDetailsResponse and make AuthorizationDetailsJSONRepresentation as base of RAR processors closes #45706 Signed-off-by: mposolda <mposolda@gmail.com>	2026-01-26 17:21:45 +01:00
mposolda	76c4263db9	Polishing based on PR review. Fix flaky tests closes #44961 Signed-off-by: mposolda <mposolda@gmail.com>	2026-01-26 08:45:41 +01:00
mposolda	416a6017c2	Make authorizationDetails processing more generic and not tightly coupled to OID4VCI. Fixes closes #44961 Signed-off-by: mposolda <mposolda@gmail.com>	2026-01-26 08:45:41 +01:00
Alexander Schwartz	e278a2f6fd	Changing default clock skew for not-issued-before to 10 seconds Closes #45620 Signed-off-by: Alexander Schwartz <alexander.schwartz@ibm.com>	2026-01-22 19:11:10 +01:00
vramik	111ba36504	Organization Groups Core Backend & API Closes #45562 Signed-off-by: vramik <vramik@redhat.com>	2026-01-22 09:39:24 -03:00
Hathoute	ea2083ed2c	Support for clients in workflows Signed-off-by: Hathoute <whitesmith.thedj@gmail.com> Signed-off-by: Pedro Igor <pigor.craveiro@gmail.com>	2026-01-21 11:20:30 -03:00
Thomas Diesler	d8b74e77ab	OID4VCI credentials have invalid subject id value (#45004 ) closes #43854 Signed-off-by: Thomas Diesler <tdiesler@ibm.com>	2026-01-15 12:28:30 +01:00
Giuseppe Graziano	db1f75a1cf	Fix duplicate address claim in IDToken (#45423 ) Closes #45250 Signed-off-by: Giuseppe Graziano <g.graziano94@gmail.com>	2026-01-15 08:48:31 +01:00
Stefan Guilhen	75b0a8aa2a	When fetching scheduled workflows, return all steps with status completed/pending Closes #45212 Signed-off-by: Stefan Guilhen <sguilhen@redhat.com>	2026-01-13 14:34:13 +01:00
Ricardo Martin	1aa1621eaa	Use MIME decoder instead of the default one to replace deprecated Base64 class Closes #45226 Signed-off-by: rmartinc <rmartinc@redhat.com>	2026-01-09 16:38:09 +01:00
mposolda	29c15d8e8a	Creating IdentityProvider with latest java admin-client may fail against Keycloak server 26.4 or older closes #45257 Signed-off-by: mposolda <mposolda@gmail.com>	2026-01-08 13:40:03 +01:00
Pascal Knüppel	dceee1c1fb	Fix NullPointer in JWSHeader with x5c header (#45161 ) fixes #45160 Signed-off-by: Pascal Knüppel <pascal.knueppel@governikus.de>	2026-01-07 08:35:22 +01:00
Pedro Igor	0d5766f3a8	Allow running scheduled workflows Closes #44865 Signed-off-by: Pedro Igor <pigor.craveiro@gmail.com>	2026-01-05 13:03:47 -03:00
Stefan Guilhen	66f3868ccf	Suppress the step's priority in the returned workflow JSON/YAML Closes #45075 Signed-off-by: Stefan Guilhen <sguilhen@redhat.com>	2025-12-29 10:26:21 -03:00
mposolda	08e96435c8	DefaultCryptoSdJwsTest.shouldValidateAgeSinceIssued_IfJwtIsTooOld() sometimes fails in CI Some checks failed Weblate Sync / Trigger Weblate to pull the latest changes (push) Has been cancelled Details closes #44971 Signed-off-by: mposolda <mposolda@gmail.com>	2025-12-18 10:59:34 +01:00
Marek Posolda	92314bccc6	More capabilities in SdJwtVP API when creating presentations (#44977 ) closes #44976 Signed-off-by: mposolda <mposolda@gmail.com>	2025-12-18 10:58:55 +01:00
forkimenjeckayang	ca617d9711	[OID4VCI]: Use Keycloak time utility for OID4VC related timestamps (#44871 ) Closes: #44235 Signed-off-by: forkimenjeckayang <forkimenjeckayang@gmail.com>	2025-12-17 14:58:01 +01:00
Awambeng Rodrick	a1bffa3ddc	Add spec-compliant jwt vc issuer well-known endpoint - expose /.well-known/jwt-vc-issuer/realms/{realm} and keep legacy route with deprecation headers - build consumer metadata URL per draft-ietf-oauth-sd-jwt-vc-13 and add realm-path coverage - add integration test for new path plus deprecation headers on legacy endpoint Closes #44256 Signed-off-by: Awambeng Rodrick <awambengrodrick@gmail.com> Signed-off-by: Awambeng <awambengrodrick@gmail.com>	2025-12-16 13:46:06 +01:00
Pascal Knüppel	46e5979b17	[OID4VCI] Handle key_attestation_required in metadata endpoint (#44471 ) fixes #43801 Signed-off-by: Pascal Knüppel <pascal.knueppel@governikus.de> Signed-off-by: Pascal Knüppel <captain.p.goldfish@gmx.de> Signed-off-by: Captain-P-Goldfish <captain.p.goldfish@gmx.de> Co-authored-by: Ingrid Kamga <xingridkamga@gmail.com>	2025-12-05 16:00:32 +01:00
Stefan Guilhen	b14d00e08f	Improve workflow concurrency settings - allow restarting based on events - allow cancelling based on events Closes #44645 Signed-off-by: Stefan Guilhen <sguilhen@redhat.com>	2025-12-05 11:28:18 -03:00
Steve Hawkins	25186278fc	fix: consolidating config logic Some checks failed Weblate Sync / Trigger Weblate to pull the latest changes (push) Has been cancelled Details closes: #42000 Signed-off-by: Steve Hawkins <shawkins@redhat.com>	2025-12-04 14:25:56 -03:00
forkimenjeckayang	4dd68c0316	[OID4VCI] Conformance Test Fixes (#44439 ) closes #44659 Signed-off-by: forkimenjeckayang <forkimenjeckayang@gmail.com>	2025-12-04 09:03:38 +01:00
Stefan Guilhen	65ab7f541d	Add API method that fetches the scheduled workflow steps for a resource Closes #43660 Signed-off-by: Stefan Guilhen <sguilhen@redhat.com>	2025-12-03 11:09:55 -03:00
Ricardo Martin	f91363d12d	Improve Public Key Management for JWTAuthorizationGrant identity provider Some checks are pending Weblate Sync / Trigger Weblate to pull the latest changes (push) Waiting to run Details Closes #44243 Signed-off-by: rmartinc <rmartinc@redhat.com>	2025-12-03 11:45:34 +01:00
mposolda	9c6a6276e4	Polishing of sd-jwt SDK builder related methods closes #44532 Signed-off-by: mposolda <mposolda@gmail.com>	2025-12-03 11:09:08 +01:00
Pascal Knüppel	9b870d3d8a	Fix ClassCastException on mixing AddressMapper with ClaimsMapper (#44457 ) closes #44455 Signed-off-by: Pascal Knüppel <pascal.knueppel@governikus.de> Signed-off-by: Captain-P-Goldfish <captain.p.goldfish@gmx.de>	2025-12-01 14:55:44 +01:00

1 2 3 4 5 ...

1178 commits