keycloak

mirror of https://github.com/keycloak/keycloak.git synced 2026-04-29 10:11:16 -04:00

Author	SHA1	Message	Date
Lukas Hanusovsky	8864cdcb5e	Migration Tool - Adding RunOnServer rewrite. (#47506 ) * Migration Tool - Adding RunOnServer rewrite. Signed-off-by: Lukas Hanusovsky <lhanusov@redhat.com> * Add RunOnServerRewrite to MigrateTest, and changed field name to runOnServer Signed-off-by: stianst <stianst@gmail.com> # Conflicts: # tests/migration-util/src/main/java/org/keycloak/test/migration/MigrateTest.java --------- Signed-off-by: Lukas Hanusovsky <lhanusov@redhat.com> Co-authored-by: stianst <stianst@gmail.com>	2026-03-27 09:22:19 +01:00
Lukas Hanusovsky	4c9538442f	Migration Tool - Adding WebDriver and Pages rewrite. (#47504 ) * Migration Tool - Adding WebDriver and Pages rewrite. Signed-off-by: Lukas Hanusovsky <lhanusov@redhat.com> * Update MigrateTest Signed-off-by: stianst <stianst@gmail.com> --------- Signed-off-by: Lukas Hanusovsky <lhanusov@redhat.com> Signed-off-by: stianst <stianst@gmail.com> Co-authored-by: stianst <stianst@gmail.com>	2026-03-27 09:13:54 +01:00
Lukas Hanusovsky	b9f081d0af	Migration Tool - Adding OAuthClient rewrite. (#47505 ) * Migration Tool - Adding OAuthClient rewrite. Signed-off-by: Lukas Hanusovsky <lhanusov@redhat.com> * Add OAuthClientRewrite to MigrateTest Signed-off-by: stianst <stianst@gmail.com> # Conflicts: # tests/migration-util/src/main/java/org/keycloak/test/migration/MigrateTest.java --------- Signed-off-by: Lukas Hanusovsky <lhanusov@redhat.com> Co-authored-by: stianst <stianst@gmail.com>	2026-03-27 09:06:51 +01:00
Lukas Hanusovsky	d5c7b8ce93	Migration Tool - Adding After annotation rewrite. (#47503 ) * Migration Tool - Adding After annotation rewrite. Signed-off-by: Lukas Hanusovsky <lhanusov@redhat.com> * Add AfterRewrite to MigrateTest Signed-off-by: stianst <stianst@gmail.com> --------- Signed-off-by: Lukas Hanusovsky <lhanusov@redhat.com> Signed-off-by: stianst <stianst@gmail.com> Co-authored-by: stianst <stianst@gmail.com>	2026-03-27 08:59:07 +01:00
Simon Levermann	f4225b4f9b	Introduce traceId to freemarker attributes Closes #44090 Closes #34435 Signed-off-by: Simon Levermann <github@simon.slevermann.de>	2026-03-26 17:42:32 +01:00
Stian Thorgersen	af942df712	Verify resource indicator syntax in authz and token endpoint (#47438 ) Closes #47116, closes #47119 Signed-off-by: stianst <stianst@gmail.com>	2026-03-26 10:35:17 +01:00
Alexey Skosyrskiy	56cdb6b8ef	Optimize composite client role mappings endpoint and migrate test Pre-compute the full effective role set once in ClientRoleMappingsResource.getCompositeClientRoleMappings() using RoleUtils.getDeepRoleMappings(), then filter by client. This replaces the previous O(CMD) approach of calling user.hasRole() for every client role, which recursively expanded composites without memoization. RoleUtils.getDeepRoleMappings(RoleMapperModel) is introduced to handle both RoleMapperModel implementations correctly: UserModel includes group-inherited roles (matching UserModel.hasRole() semantics), while GroupModel expands only its direct composite mappings. The CompositeClientRoleMappingsTest is migrated from the deprecated Arquillian framework to the new Keycloak test framework (JUnit 5). Signed-off-by: Alexey Skosyrskiy <askosyrskiy@metropolis.io>	2026-03-25 17:24:16 -03:00
Stefan Guilhen	1b9f0e7db1	Switch workflows feature to supported Closes #46987 Signed-off-by: kvfi <mail@ouafi.net> Signed-off-by: Stefan Guilhen <sguilhen@redhat.com>	2026-03-25 17:05:32 -03:00
Ingrid Kamga	df92e7aac8	[OID4VCI] Generate pre-authorized codes using the JWT format (#46450 ) Closes #45231 Signed-off-by: Ingrid Kamga <Ingrid.Kamga@adorsys.com> Signed-off-by: Ingrid Kamga <xingridkamga@gmail.com>	2026-03-25 19:35:13 +01:00
Stian Thorgersen	9fbd26d363	Migrate events package to test framework (#47403 ) Closes #47401 Signed-off-by: stianst <stianst@gmail.com>	2026-03-25 14:35:54 +01:00
forkimenjeckayang	931d232fa2	[OID4VCI] Migrate OID4VCAuthorizationDetailsFlowTestBase and subclasses to new testsuite (#47287 ) closes #46597 Signed-off-by: forkimenjeckayang <forkimenjeckayang@gmail.com> Signed-off-by: Thomas Diesler <tdiesler@proton.me> Co-authored-by: Thomas Diesler <tdiesler@proton.me>	2026-03-25 10:31:52 +01:00
jimmychakkalakal	e46a33adcf	Migrate WebAuthnTransportLocaleTest to new framework (#47312 ) Closes #46503 Signed-off-by: Jimmy Chakkalakal <jimmy.chakkalakal@ibm.com>	2026-03-25 09:06:53 +01:00
Hager Khamis	13897b9b32	Adding getResourcesCommonUrl() to UrlBean (#47113 ) I added getResourcesCommonUrl() following the same URL/Path pattern already used by getResourcesUrl() and getResourcesPath(). Email clients can't resolve relative paths so the existing getResourcesCommonPath() wasn't enough for email templates. I also pulled out the common-path lookup into a private getCommonPath() helper to avoid duplicating it between getResourcesCommonPath() and the new method. Updated the theme docs with a usage example and a note about absolute URLs in emails. Closes #33198 Signed-off-by: Hager Khamis <hagerm98@hotmail.com>	2026-03-25 07:45:52 +00:00
rmartinc	e9b27d04f5	Add option to store tokens in session for Identity Providers Closes #47185 Signed-off-by: rmartinc <rmartinc@redhat.com>	2026-03-24 19:22:43 +01:00
Giuseppe Graziano	865edcea36	Client policies for identity brokering api Closes #46585 Signed-off-by: Giuseppe Graziano <g.graziano94@gmail.com>	2026-03-24 19:00:51 +01:00
vramik	8afd4be55a	Reject invalid resource IDs in permission creation Closes #40921 Signed-off-by: vramik <vramik@redhat.com>	2026-03-24 14:40:24 -03:00
Stefan Guilhen	71385f2df3	Dont auto-disable workflows in case of errors thrown by condition and step providers - also prevent exceptions in these cases from rolling back the entire transaction Closes #47232 Signed-off-by: Stefan Guilhen <sguilhen@redhat.com>	2026-03-24 08:55:28 -03:00
Stefan Guilhen	e03f2cee53	Only start workflow schedule task runner for enabled workflows Closes #47227 Signed-off-by: Stefan Guilhen <sguilhen@redhat.com>	2026-03-24 08:51:24 -03:00
Thomas Diesler	d38ee4c110	[OID4VCI] Migrate preauth offer tests to separate package Signed-off-by: Thomas Diesler <tdiesler@proton.me>	2026-03-24 09:11:04 +01:00
rmartinc	fa79f27415	Chage identity brokering API V2 to only allow confidential clients Closes #47256 Signed-off-by: rmartinc <rmartinc@redhat.com>	2026-03-23 14:40:41 +01:00
forkimenjeckayang	6e2ee6659e	Migrate OID4VCKeyAttestationTest to the new testsuite (#47289 ) closes #46599 Signed-off-by: forkimenjeckayang <forkimenjeckayang@gmail.com>	2026-03-23 10:29:52 +01:00
Giuseppe Graziano	b6b008c811	[OID4VCI] Improve signing key selection Closes #45385 Signed-off-by: Giuseppe Graziano <g.graziano94@gmail.com>	2026-03-23 10:26:45 +01:00
Stian Thorgersen	5179433eee	Introduce new mechanism for selecting tests for database testsuite (#47308 ) Closes #47307 Signed-off-by: stianst <stianst@gmail.com>	2026-03-23 07:23:37 +01:00
Thomas Diesler	53e7bdf1fe	[OID4VCI] Secure-by-Default and Default Disablement of Pre-Authorized… (#47270 ) closes #46396 Signed-off-by: Thomas Diesler <tdiesler@proton.me>	2026-03-20 17:30:29 +01:00
Ricardo Martin	b93695eb90	Add versioning to identity brokering api feature (#47281 ) Closes #47254 Signed-off-by: rmartinc <rmartinc@redhat.com>	2026-03-20 16:55:56 +01:00
Thomas Diesler	fc7f56f6a3	[OID4VCI] Migrate OID4VCJWTIssuerEndpointTest (cleanup) Signed-off-by: Thomas Diesler <tdiesler@proton.me>	2026-03-19 16:19:54 +01:00
Lukas Hanusovsky	bcd1dafba7	New Tests - updated documenation (#47231 ) Signed-off-by: Lukas Hanusovsky <lhanusov@redhat.com>	2026-03-19 13:51:15 +01:00
mposolda	302ff9f7c2	[OID4VCI] Small inconsistencies in some events Some checks failed Weblate Sync / Trigger Weblate to pull the latest changes (push) Has been cancelled Details closes #47203 Signed-off-by: mposolda <mposolda@gmail.com>	2026-03-18 18:46:48 +01:00
Stian Thorgersen	b61b26038e	Add check for missing test packages in base testsuite and add missing packages Signed-off-by: stianst <stianst@gmail.com>	2026-03-18 15:02:54 +00:00
Stian Thorgersen	f4b701869a	Check refresh request resource param matches original resource param. (#47258 ) Includes some NPE fixes (no client attribute) and refactors handling of verifying authz request resource param matching token request resource param. Closes #47180 Signed-off-by: stianst <stianst@gmail.com>	2026-03-18 15:36:57 +01:00
Giuseppe Graziano	ffede3925e	Run oid4c package in Base2TestSuite Closes #47226 Signed-off-by: Giuseppe Graziano <g.graziano94@gmail.com>	2026-03-18 13:23:28 +01:00
Peter Skopek	d11136f671	Separate password and OTP brute force protection to prevent OTP bypass attacks by default Closes #46164 Signed-off-by: Peter Skopek <peter.skopek@ibm.com> Update model/infinispan/src/main/java/org/keycloak/models/sessions/infinispan/changes/remote/updater/loginfailures/LoginFailuresUpdater.java Co-authored-by: Pedro Ruivo <pruivo@users.noreply.github.com> Signed-off-by: Peter Skopek <peter.skopek@ibm.com> Add recovery codes to the list of brute force checked authenticators. Closes #46164 Signed-off-by: Peter Skopek <peter.skopek@ibm.com>	2026-03-17 18:57:37 +01:00
Ricardo Martin	3c7582f318	Broker token API for saml (#47087 ) Closes #46589 Signed-off-by: rmartinc <rmartinc@redhat.com>	2026-03-17 18:29:48 +01:00
Stian Thorgersen	c635cdf2d7	Migrate LoginTimeoutValidationTest (#47206 ) Signed-off-by: stianst <stianst@gmail.com>	2026-03-17 15:21:23 +01:00
Awambeng	3add23020b	[OID4VCI]: Migrate NonceEndpointTest to the new test suite (#47186 ) Closes #46598 Signed-off-by: Awambeng Rodrick <awambengrodrick@gmail.com>	2026-03-17 12:16:08 +01:00
Stian Thorgersen	ca2bc8bd69	Initial experimental support for Resource Indicators (#46763 ) * Initial experimental support for Resource Indicators Closes #47040 Signed-off-by: stianst <stianst@gmail.com> # Conflicts: # services/src/main/java/org/keycloak/protocol/oidc/endpoints/TokenEndpoint.java # tests/utils-shared/src/main/java/org/keycloak/testsuite/util/oauth/LoginUrlBuilder.java * Rename TokenInterceptor to TokenPostProcessor Signed-off-by: stianst <stianst@gmail.com> --------- Signed-off-by: stianst <stianst@gmail.com>	2026-03-17 08:45:56 +01:00
Marek Posolda	c4a630da6d	[OID4VCI] User self-issued credential: Issuance initiated from web po… (#46327 ) closes #46196 Signed-off-by: mposolda <mposolda@gmail.com>	2026-03-17 08:41:16 +01:00
Stian Thorgersen	607096fd4e	Promote federated client authentication, including OIDC and Kube to fully supported Closes #42634, closes #42635, closes #42826, closes #44412 Signed-off-by: stianst <stianst@gmail.com>	2026-03-17 05:15:13 +01:00
Giuseppe Graziano	5db69aec7d	[OID4VCI] Migrate OID4VCJWTIssuerEndpointTest Closes #46925 Signed-off-by: Giuseppe Graziano <g.graziano94@gmail.com>	2026-03-16 17:44:31 +01:00
Lukas Hanusovsky	e351d5949b	Test Framework - support for multiple WebDriver instances. (#46982 ) Signed-off-by: Lukas Hanusovsky <lhanusov@redhat.com>	2026-03-16 11:54:19 +00:00
Giuseppe Graziano	238ddd331e	Client config for external tokens Closes #46583 Signed-off-by: Giuseppe Graziano <g.graziano94@gmail.com>	2026-03-13 14:49:42 +01:00
Thomas Diesler	102e3c3228	[OID4VCI] Add CredentialOfferProvider as single entry for offer creation - Part5 (#46951 ) closes #47151 Signed-off-by: Thomas Diesler <tdiesler@proton.me>	2026-03-13 14:42:20 +01:00
Thomas Diesler	6efb394398	[OID4VCI] Add support for `authorization_code` grant - Part4 (#46950 ) closes #47100 Signed-off-by: Thomas Diesler <tdiesler@proton.me> Signed-off-by: mposolda <mposolda@gmail.com> Co-authored-by: mposolda <mposolda@gmail.com>	2026-03-12 16:09:42 +01:00
Pedro Igor	f61822f15f	Brief user representation should not return attributes Closes #46296 Signed-off-by: Pedro Igor <pigor.craveiro@gmail.com>	2026-03-12 14:07:41 +01:00
Lukas Hanusovsky	e28d705a44	Updating remaing incorrect events assertions to follow the new test framework. (#46913 ) Signed-off-by: Lukas Hanusovsky <lhanusov@redhat.com>	2026-03-12 09:41:11 +01:00
Pedro Igor	215bc1e272	Do not return managed attribute as unmanaged if admin has no view permission Closes #46922 Signed-off-by: Pedro Igor <pigor.craveiro@gmail.com>	2026-03-11 11:44:09 +01:00
Giuseppe Graziano	92c9faca67	Persist federated token in user session (#46803 ) Closes #46574 Signed-off-by: Giuseppe Graziano <g.graziano94@gmail.com>	2026-03-10 15:06:40 +01:00
Marie Daly	a7012a6798	Refactored test for new test framework - closes #46461 Signed-off-by: Marie Daly <marie.daly1@ibm.com>	2026-03-10 12:32:06 +01:00
vramik	b7a9ee7105	Inconsistent search when using wildcards Closes #44678 Signed-off-by: vramik <vramik@redhat.com>	2026-03-10 08:26:15 -03:00
rmartinc	db7d9bfc8c	Promote JWT Authorization Grant feature to supported Closes #45463 Signed-off-by: rmartinc <rmartinc@redhat.com>	2026-03-10 09:13:44 +01:00

1 2 3 4 5 ...

504 commits