KeyCloak/keycloak
1
0
Fork 0
mirror of https://github.com/keycloak/keycloak.git synced 2026-05-26 13:50:48 +00:00
Code Issues Packages Projects Releases Wiki Activity
30,289 Commits 34 Branches 307 Tags
copilot/refactor-java-keystore-provider
Commit Graph

30289 Commits

This Branch
This Branch
All Branches
Author SHA1 Message Date
copilot-swe-agent[bot] d1fc3f4680 perf: cache supported keystore types in CryptoProvider to avoid repeated reflection 
Co-authored-by: shawkins <2475669+shawkins@users.noreply.github.com>
 2026-02-28 16:06:17 +00:00
copilot-swe-agent[bot] df9499e77f Initial plan 2026-02-28 16:00:31 +00:00
Copilot 751b203de1 RFC 9440 cert lookup: truncate chain instead of throwing on length exceeded (#46652) 
* Fix Rfc9440 cert lookup to truncate chain instead of throwing exception when exceeding limit

closes: #46647

Co-authored-by: shawkins <2475669+shawkins@users.noreply.github.com>

* Change truncation log from warn to debug level

Co-authored-by: shawkins <2475669+shawkins@users.noreply.github.com>

* Validate certificateChainLength >= 0 in Rfc9440ClientCertificateLookupFactory.init

Co-authored-by: shawkins <2475669+shawkins@users.noreply.github.com>

---------

Co-authored-by: copilot-swe-agent[bot] <198982749+Copilot@users.noreply.github.com>
Co-authored-by: shawkins <2475669+shawkins@users.noreply.github.com>
 2026-02-28 14:12:16 +00:00
Martin dc124ccf11 Fix how the admin ui obtains its logo (#45734) 
* Fix how the admin ui obtains its logo

Signed-off-by: Martin McInnes (Rebura) <martin.j.mcinnes@gmail.com>

* Remove unrequired type.

Signed-off-by: Martin <martin.j.mcinnes@gmail.com>
Signed-off-by: Martin McInnes (Rebura) <martin.j.mcinnes@gmail.com>

* fix linting issue

Signed-off-by: Martin McInnes (Rebura) <martin.j.mcinnes@gmail.com>

---------

Signed-off-by: Martin McInnes (Rebura) <martin.j.mcinnes@gmail.com>
Signed-off-by: Martin <martin.j.mcinnes@gmail.com>
 2026-02-27 15:50:52 -05:00
Michal Vavřík 94560cb8e1 feat(admin-api-v2): automatically update openapi file used by JS client (#46472) 
* Closes: https://github.com/keycloak/keycloak/issues/46388

Signed-off-by: Michal Vavřík <michal.vavrik@aol.com>
 2026-02-27 17:24:15 +01:00
Pedro Ruivo 9430a3f928 Add CLI option for tx and migration timeout 
Closes #19453

Signed-off-by: Pedro Ruivo <1492066+pruivo@users.noreply.github.com>
Co-authored-by: Pedro Ruivo <1492066+pruivo@users.noreply.github.com>
 2026-02-27 16:11:18 +00:00
Stefan Guilhen 857b0e6925 Add support for filtering on SCIM endpoints 
Closes #46221

Signed-off-by: Stefan Guilhen <sguilhen@redhat.com>
 2026-02-27 12:20:01 -03:00
Michal Vavřík d2dc582b1c Increase allowed additions to legacy testsuite to 100 lines (#46635) (#46563) 
Signed-off-by: stianst <stianst@gmail.com>
Signed-off-by: Michal Vavřík <michal.vavrik@aol.com>
 2026-02-27 15:21:08 +01:00
rmartinc 9c6cf57410 Do not use offline sessions in the logout endpoint 
Closes #46379

Signed-off-by: rmartinc <rmartinc@redhat.com>
 2026-02-27 09:59:27 -03:00
Thomas Darimont 2a7495b4f5 Allow specifying max allowed expiration of federated client assertion in the Identity Provider settings (#46629) 
* Add support to specify max expiration time for client assertions in Identity Provider settings (#46304, #46626, #46627)

We now support the configuration of max client assertion expiration time for the following providers:
- OIDC Identity Provider
- SPIFFE Identity Provider
- Kubernetes Identity Provider

Added testFederatedClientAssertionMaxExpiration test.
Added UI test for saving and retrieving fedClientAssertionMaxExp for Kubernetes Identity Provider.

Fixes #46304 (SPIFFE)
Fixes #46626 (Kubernetes)
Fixes #46627 (OIDC)

Signed-off-by: Thomas Darimont <thomas.darimont@googlemail.com>

* Move client auth tests to AbstractBaseClientAuthTest

This allows testing base, Kubernetes and Spiffe implementations.

Fixes #46630

Signed-off-by: Thomas Darimont <thomas.darimont@googlemail.com>

---------

Signed-off-by: Thomas Darimont <thomas.darimont@googlemail.com>
 2026-02-27 07:05:10 +00:00
Lukas Hanusovsky 4c656097a8 Keycloak Test Framework - tests testing framework (#46610) 
Signed-off-by: Lukas Hanusovsky <lhanusov@redhat.com>
 2026-02-27 06:29:18 +01:00
Steven Hawkins 6b153aeb44 fix: exposing more property names (#46615) 
closes: #46569

Signed-off-by: Steve Hawkins <shawkins@redhat.com>
 2026-02-26 17:52:59 -05:00
Erik Jan de Wit d39dc010a3 use the kiota-gen instead of generate script 
fixes: #46644

Signed-off-by: Erik Jan de Wit <erikjan.dewit@gmail.com>
 2026-02-26 16:54:47 +01:00
Alexander Schwartz f2cfe159c4 Avoid having N+1 database calls when fetching composite roles 
Closes #46605

Signed-off-by: Alexander Schwartz <alexander.schwartz@ibm.com>
Signed-off-by: Alexander Schwartz <alexander.schwartz@gmx.net>
Co-authored-by: Steven Hawkins <shawkins@redhat.com>
 2026-02-26 15:31:17 +00:00
Lukas Hanusovsky accf95cfd9 Keycloak Test Framework - 26.6.0 release notes (#46611) 
Signed-off-by: Lukas Hanusovsky <lhanusov@redhat.com>
 2026-02-26 14:08:57 +01:00
Martin Kanis b7bef85f91 Organization Groups - Identity Provider Mappers (#46592) 
Closes #45512

Signed-off-by: Martin Kanis <mkanis@redhat.com>
 2026-02-26 13:44:12 +01:00
Stian Thorgersen 8705ad3c56 Increase allowed additions to legacy testsuite to 100 lines (#46635) 
Signed-off-by: stianst <stianst@gmail.com>
 2026-02-26 12:40:46 +01:00
Vlasta Ramik 3905186f89 REST API doesn't allow moving org group to root (#46559) 
Closes #46455

Signed-off-by: vramik <vramik@redhat.com>
 2026-02-26 12:30:17 +01:00
Vlasta Ramik 1b2d8404ce NPE when finding an org group by path when Organization feature disabled (#46576) 
Closes #46571

Signed-off-by: vramik <vramik@redhat.com>
 2026-02-26 12:30:08 +01:00
Stian Thorgersen d72217def5 Add a script to list all tests for a legacy testsuite (#46621) 
Closes #46619

Signed-off-by: stianst <stianst@gmail.com>
 2026-02-26 12:24:44 +01:00
Thomas Diesler 8cfef9443d [OID4VCI] Add support for CredentialScopeRepresentation 
Signed-off-by: Thomas Diesler <tdiesler@ibm.com>
 2026-02-26 09:06:15 +01:00
Marie Daly 193a423571 invalid_grant errors now return HTTP 400 (#46528) 
Closes #45812


Signed-off-by: Marie Daly <marie.daly1@ibm.com>
Signed-off-by: Marie Daly <mdaly@redhat.com>
Co-authored-by: Ricardo Martin <rmartinc@redhat.com>
 2026-02-25 18:03:36 +01:00
Erik Jan de Wit 391b8b0774 Add v2 admin event support to Client Admin API (#46124) 
* Add v2 admin event support to Client Admin API

Introduce AdminEventV2Builder to fire admin events with apiVersion=v2
detail marker, allowing consumers to distinguish v2 API events from v1.

- Add AdminEventV2Builder class for creating v2 admin events
- Modify DefaultClientService to fire v2 events on client create/update
- Pass AdminAuth through API chain for proper event authentication context
- Add tests verifying v2 events contain correct operation type and format

Closes #46123

Co-authored-by: Cursor <cursoragent@cursor.com>
Signed-off-by: Erik Jan de Wit <erikjan.dewit@gmail.com>

* added github comments

Extended AdminEventBuilder, now accepts AdimPermissionEvaluator instead
of AdminAuth

Signed-off-by: Erik Jan de Wit <erikjan.dewit@gmail.com>

* Refactor admin builder v2, mask sensitive info, improve tests

Signed-off-by: Martin Bartoš <mabartos@redhat.com>
Signed-off-by: Erik Jan de Wit <erikjan.dewit@gmail.com>

* Apply suggestions from code review

Signed-off-by: Martin Bartoš <mabartos@redhat.com>
Signed-off-by: Erik Jan de Wit <erikjan.dewit@gmail.com>

* Apply suggestion from @mabartos

Signed-off-by: Martin Bartoš <mabartos@redhat.com>
Signed-off-by: Erik Jan de Wit <erikjan.dewit@gmail.com>

* fixed imports

Signed-off-by: Erik Jan de Wit <erikjan.dewit@gmail.com>

* fixed merge error

Signed-off-by: Erik Jan de Wit <erikjan.dewit@gmail.com>

* Polish constructors, disable events by default

Signed-off-by: Martin Bartoš <mabartos@redhat.com>

* Public visibility for detail key, add test case for PATCH

Signed-off-by: Martin Bartoš <mabartos@redhat.com>

---------

Signed-off-by: Erik Jan de Wit <erikjan.dewit@gmail.com>
Signed-off-by: Martin Bartoš <mabartos@redhat.com>
Co-authored-by: Cursor <cursoragent@cursor.com>
Co-authored-by: Martin Bartoš <mabartos@redhat.com>
 2026-02-25 17:47:30 +01:00
Thomas Diesler 44897a58b7 Deprecation check rejects changes to packages containing testsuite (#46586) 
* Deprecation check rejects changes to packages containing `testsuite`

Signed-off-by: Thomas Diesler <tdiesler@ibm.com>

* Apply suggestion from @stianst

Signed-off-by: Stian Thorgersen <stianst@gmail.com>

---------

Signed-off-by: Thomas Diesler <tdiesler@ibm.com>
Signed-off-by: Stian Thorgersen <stianst@gmail.com>
Co-authored-by: Stian Thorgersen <stianst@gmail.com>
 2026-02-25 10:03:58 +01:00
Stian Thorgersen d0dc412703 Fix testsuite deprecation check when event is not pull_request (#46584) 
Signed-off-by: stianst <stianst@gmail.com>
 2026-02-25 09:51:19 +01:00
Šimon Vacek c072bacf5e Add docs for framework hot deployment & fix (#46568) 
Closes: #46552

Signed-off-by: Simon Vacek <simonvacky@email.cz>
 2026-02-25 08:04:41 +01:00
Giuseppe Graziano ebfc294c85 Executor for client uris pattern validation (#46300) 
Closes #45645

Signed-off-by: Giuseppe Graziano <g.graziano94@gmail.com>
 2026-02-24 16:26:00 +01:00
Steven Hawkins 40f39f0edc fix: adding server not ready to the status (#46143) 
closes: #45802

Signed-off-by: Steve Hawkins <shawkins@redhat.com>
Signed-off-by: Steven Hawkins <shawkins@redhat.com>
 2026-02-24 16:03:53 +01:00
Ruchika Jha 9ec61bfb52 Added the shutdown delay and shutdown timeout for the testcases to default options 
Closes #46337

Signed-off-by: Ruchika <ruchika.jha1@ibm.com>
 2026-02-24 14:47:04 +01:00
Vlasta Ramik 46f648dc95 Ability to retrive subgroups count for organization groups (#46534) 
Closes #46445

Signed-off-by: vramik <vramik@redhat.com>
 2026-02-24 14:26:49 +01:00
vramik 4beaaf2ab4 Expose organization group membership for a member 
Closes #46454

Signed-off-by: vramik <vramik@redhat.com>
 2026-02-24 09:02:53 -03:00
Davit Harutyunyan 4808e9e13a Add Armenian (hy) locale support with initial translations (#46548) 
Register the Armenian locale across all theme types (login, account,
admin, email) and add initial message bundles seeded from English
sources. Armenian translations will follow via Weblate.

Signed-off-by: Davit <davit.ah@users.noreply.github.com>
Signed-off-by: davit.harutyunyan <davit.harutyunyan@aerodynamics.am>
Signed-off-by: Davit Harutyunyan <h_davit@yahoo.com>
Co-authored-by: Cursor <cursoragent@cursor.com>
 2026-02-24 12:01:39 +01:00
Lukas Hanusovsky cbfcd07c62 [Test Framework] Fix of AdminClientSupplier for ManagedRealm. (#46287) 
Signed-off-by: Lukas Hanusovsky <lhanusov@redhat.com>
 2026-02-24 10:48:27 +00:00
Ricardo Martin e7ac4ef3f7 Move test class for persistent CIMD to the new test-suite 
Closes #46438

Signed-off-by: rmartinc <rmartinc@redhat.com>
 2026-02-24 11:40:26 +01:00
Lukas Hanusovsky 619a5a0e63 GH actions for ci.yaml workflow - testsuite deprecation check. (#46351) 
Signed-off-by: Lukas Hanusovsky <lhanusov@redhat.com>
 2026-02-24 11:23:43 +01:00
Martin Bartoš ff5c13f05c [client-v2] Create tests to check FGAP (#46474) 
Closes #46209

Signed-off-by: Martin Bartoš <mabartos@redhat.com>
 2026-02-24 09:01:52 +01:00
Yike Gao 8453022d09 Fix replyTo and from address are not validated 
fixed typo and added method for checking replyTo 

Closes #46192

Signed-off-by: Yike Gao <yikegao8@gmail.com>
 2026-02-23 22:23:15 +01:00
Ricardo Martin 2bd386842a Step up authentication for saml - preview (#44185) 
Closes #10155


Signed-off-by: rmartinc <rmartinc@redhat.com>
 2026-02-23 19:57:00 +01:00
Pedro Igor 3e3a7befd1 Initial code for SCIM core and testsuite (#45978) 
Closes #45712

Signed-off-by: Pedro Igor <pigor.craveiro@gmail.com>
 2026-02-23 18:22:25 +01:00
Alexander Schwartz 27da1c6d0f Adding the Indonesian translation 
Closes #46430

Signed-off-by: Alexander Schwartz <alexander.schwartz@ibm.com>
 2026-02-23 14:13:21 -03:00
Pedro Ruivo be175346cd Aggregate client-id field for improved Infinispan query 
Closes #46471

Signed-off-by: Pedro Ruivo <1492066+pruivo@users.noreply.github.com>
Co-authored-by: Pedro Ruivo <1492066+pruivo@users.noreply.github.com>
 2026-02-23 16:43:23 +01:00
Alexander Schwartz 82c1d0d35e Renaming the SRE team 
Closes #46526

Signed-off-by: Alexander Schwartz <alexander.schwartz@ibm.com>
 2026-02-23 13:04:27 +01:00
Takashi Norimatsu 3892b9b5f1 Persistent CIMD (#45285) 
closes #45284


Signed-off-by: Takashi Norimatsu <takashi.norimatsu.ws@hitachi.com>
 2026-02-23 12:47:35 +01:00
Steven Hawkins 99ed9d9c1d fix: correcting the logic for show-config to remove null values (#46498) 
closes: #46493

Signed-off-by: Steve Hawkins <shawkins@redhat.com>
 2026-02-23 11:06:13 +01:00
Thomas Diesler 54189f8094 [OID4VCI] Revisit and fix /credential_offer_uri endpoint (#46199) 
closes #45005


Signed-off-by: Thomas Diesler <tdiesler@ibm.com>
 2026-02-23 10:10:58 +01:00
Awambeng f55a41952f [OID4VCI]: Normalize hash algorithm names to lowercase (#46449) 
Closes #45446


Signed-off-by: Awambeng Rodrick <awambengrodrick@gmail.com>
 2026-02-23 08:16:54 +01:00
Marie Daly 3bdf058578 Added delay to flaky test AttackDetectionResourceTest (#46490) 
closes #45986


Signed-off-by: Marie Daly <marie.daly1@ibm.com>
 2026-02-23 08:14:30 +01:00
Šimon Vacek 46b1899178 Hot deploy custom providers from module to test server (#45556) 
* Hot deploy provider module

Closes #34188

Signed-off-by: Simon Vacek <simonvacky@email.cz>

* fix for external projects and add deployCurrentProject

Signed-off-by: Simon Vacek <simonvacky@email.cz>

* address review comments

Signed-off-by: Simon Vacek <simonvacky@email.cz>

* improve dependency compatibility check

Signed-off-by: Simon Vacek <simonvacky@email.cz>

---------

Signed-off-by: Simon Vacek <simonvacky@email.cz>
 2026-02-23 08:01:03 +01:00
Steven Hawkins f9373a247c fix: allowing targetServerType to always be used (#46497) 
closes: #46459

Signed-off-by: Steve Hawkins <shawkins@redhat.com>
 2026-02-20 14:37:25 -05:00
Steven Hawkins 1ce2447b72 fix: adding a check for the client api v2 feature (#46103) 2026-02-20 20:32:49 +01:00