Skip to content
Permalink

Comparing changes

Choose two branches to see what’s changed or to start a new pull request. If you need to, you can also or learn more about diff comparisons.

Open a pull request

Create a new pull request by comparing changes across two branches. If you need to, you can also . Learn more about diff comparisons here.
base repository: keycloak/keycloak
Failed to load repositories. Confirm that selected base ref is valid, then try again.
Loading
base: 25.0.1
Choose a base ref
...
head repository: keycloak/keycloak
Failed to load repositories. Confirm that selected head ref is valid, then try again.
Loading
compare: 25.0.2
Choose a head ref
28 contributors
Loading
Showing with 1,034 additions and 437 deletions.
  1. +1 −1 .github/workflows/ci.yml
  2. +1 −1 adapters/oidc/js/pom.xml
  3. +1 −1 adapters/oidc/pom.xml
  4. +1 −1 adapters/pom.xml
  5. +1 −1 adapters/saml/core-jakarta/pom.xml
  6. +1 −1 adapters/saml/core-public/pom.xml
  7. +1 −1 adapters/saml/core/pom.xml
  8. +1 −1 adapters/saml/pom.xml
  9. +1 −1 adapters/saml/undertow/pom.xml
  10. +1 −1 adapters/saml/wildfly-elytron-jakarta/pom.xml
  11. +1 −1 adapters/saml/wildfly-elytron/pom.xml
  12. +1 −1 adapters/saml/wildfly/pom.xml
  13. +1 −1 adapters/saml/wildfly/wildfly-jakarta-subsystem/pom.xml
  14. +1 −1 adapters/saml/wildfly/wildfly-subsystem/pom.xml
  15. +1 −1 adapters/spi/adapter-spi/pom.xml
  16. +1 −1 adapters/spi/jboss-adapter-core/pom.xml
  17. +1 −1 adapters/spi/pom.xml
  18. +1 −1 adapters/spi/undertow-adapter-spi/pom.xml
  19. +1 −1 authz/client/pom.xml
  20. +1 −1 authz/policy-enforcer/pom.xml
  21. +1 −1 authz/policy/common/pom.xml
  22. +24 −4 ...licy/common/src/main/java/org/keycloak/authorization/policy/provider/role/RolePolicyProvider.java
  23. +1 −1 authz/policy/pom.xml
  24. +1 −1 authz/pom.xml
  25. +1 −1 boms/adapter/pom.xml
  26. +1 −1 boms/misc/pom.xml
  27. +1 −1 boms/pom.xml
  28. +1 −1 boms/spi/pom.xml
  29. +1 −1 common/pom.xml
  30. +1 −1 core/pom.xml
  31. +2 −2 core/src/main/java/org/keycloak/representations/IDToken.java
  32. +7 −0 core/src/main/java/org/keycloak/representations/RefreshToken.java
  33. +1 −1 crypto/default/pom.xml
  34. +1 −1 crypto/elytron/pom.xml
  35. +1 −1 crypto/fips1402/pom.xml
  36. +1 −1 crypto/pom.xml
  37. +1 −1 dependencies/pom.xml
  38. +1 −1 dependencies/server-all/pom.xml
  39. +1 −1 dependencies/server-min/pom.xml
  40. +1 −1 distribution/api-docs-dist/pom.xml
  41. +1 −1 distribution/downloads/pom.xml
  42. +1 −1 distribution/feature-packs/adapter-feature-pack/pom.xml
  43. +1 −1 distribution/feature-packs/pom.xml
  44. +1 −1 distribution/galleon-feature-packs/pom.xml
  45. +1 −1 distribution/galleon-feature-packs/saml-adapter-galleon-pack-layer-metadata-tests/pom.xml
  46. +1 −1 distribution/galleon-feature-packs/saml-adapter-galleon-pack/pom.xml
  47. +1 −1 distribution/licenses-common/pom.xml
  48. +1 −1 distribution/maven-plugins/licenses-processor/pom.xml
  49. +1 −1 distribution/maven-plugins/pom.xml
  50. +1 −1 distribution/pom.xml
  51. +1 −1 distribution/saml-adapters/pom.xml
  52. +1 −1 distribution/saml-adapters/wildfly-adapter/pom.xml
  53. +1 −1 distribution/saml-adapters/wildfly-adapter/wildfly-adapter-jakarta-zip/pom.xml
  54. +1 −1 distribution/saml-adapters/wildfly-adapter/wildfly-adapter-zip/pom.xml
  55. +1 −1 distribution/saml-adapters/wildfly-adapter/wildfly-jakarta-modules/pom.xml
  56. +1 −1 distribution/saml-adapters/wildfly-adapter/wildfly-modules/pom.xml
  57. +1 −1 docs/documentation/aggregation/pom.xml
  58. +1 −1 docs/documentation/api_documentation/pom.xml
  59. +0 −2 docs/documentation/api_documentation/topics/overview.adoc
  60. +1 −1 docs/documentation/authorization_services/pom.xml
  61. +1 −1 docs/documentation/dist/pom.xml
  62. +2 −2 docs/documentation/header-maven-plugin/pom.xml
  63. +2 −2 docs/documentation/pom.xml
  64. +1 −1 docs/documentation/release_notes/pom.xml
  65. +1 −1 docs/documentation/securing_apps/pom.xml
  66. +1 −1 docs/documentation/securing_apps/topics/saml/java/logout.adoc
  67. +1 −1 docs/documentation/server_admin/pom.xml
  68. +2 −2 docs/documentation/server_admin/topics/authentication/kerberos.adoc
  69. +1 −1 docs/documentation/server_admin/topics/clients/con-client-scopes.adoc
  70. +2 −2 docs/documentation/server_admin/topics/user-federation/sssd.adoc
  71. +2 −2 docs/documentation/server_admin/topics/users/proc-enabling-recaptcha.adoc
  72. +1 −1 docs/documentation/server_development/pom.xml
  73. +1 −1 docs/documentation/tests/pom.xml
  74. +4 −4 docs/documentation/topics/templates/document-attributes.adoc
  75. +0 −7 docs/documentation/topics/templates/making-open-source-more-inclusive.adoc
  76. +1 −1 docs/documentation/upgrading/pom.xml
  77. +5 −0 docs/documentation/upgrading/topics/changes/changes-25_0_2.adoc
  78. +5 −1 docs/documentation/upgrading/topics/changes/changes.adoc
  79. +3 −2 docs/guides/high-availability/concepts-threads.adoc
  80. +8 −4 docs/guides/operator/advanced-configuration.adoc
  81. +4 −4 docs/guides/operator/customizing-keycloak.adoc
  82. +1 −1 docs/guides/pom.xml
  83. +5 −5 docs/guides/server/caching.adoc
  84. +9 −1 docs/guides/server/configuration-production.adoc
  85. +3 −3 docs/guides/server/containers.adoc
  86. +4 −0 docs/guides/server/enabletls.adoc
  87. +0 −5 docs/guides/server/features.adoc
  88. +3 −1 docs/guides/server/hostname.adoc
  89. +3 −3 docs/guides/server/management-interface.adoc
  90. +7 −25 docs/guides/server/reverseproxy.adoc
  91. +1 −1 docs/maven-plugin/pom.xml
  92. +1 −1 docs/pom.xml
  93. +1 −1 federation/kerberos/pom.xml
  94. +1 −1 federation/ldap/pom.xml
  95. +26 −3 federation/ldap/src/main/java/org/keycloak/services/managers/LDAPServerCapabilitiesManager.java
  96. +6 −4 ...ldap/src/main/java/org/keycloak/storage/ldap/mappers/membership/group/GroupLDAPStorageMapper.java
  97. +1 −1 federation/pom.xml
  98. +1 −1 federation/sssd/pom.xml
  99. +1 −1 integration/admin-client-jee/pom.xml
  100. +1 −1 integration/admin-client/pom.xml
  101. +1 −1 integration/client-cli/admin-cli/pom.xml
  102. +9 −6 ...gration/client-cli/admin-cli/src/main/java/org/keycloak/client/cli/common/BaseAuthOptionsCmd.java
  103. +17 −2 ...n/client-cli/admin-cli/src/main/java/org/keycloak/client/cli/common/BaseConfigCredentialsCmd.java
  104. +1 −1 integration/client-cli/client-cli-dist/pom.xml
  105. +1 −1 integration/client-cli/pom.xml
  106. +1 −1 integration/client-registration/pom.xml
  107. +1 −1 integration/pom.xml
  108. +1 −1 js/apps/account-ui/package.json
  109. +1 −1 js/apps/account-ui/pom.xml
  110. +1 −1 js/apps/account-ui/public/content.json
  111. +7 −0 js/apps/account-ui/src/index.ts
  112. +10 −7 js/apps/account-ui/src/root/PageNav.tsx
  113. +1 −0 js/apps/account-ui/vite.config.ts
  114. +26 −0 js/apps/admin-ui/cypress/e2e/clients_test.spec.ts
  115. +1 −1 js/apps/admin-ui/cypress/e2e/partial_import_test.spec.ts
  116. +10 −11 js/apps/admin-ui/cypress/fixtures/partial-import-test-data/client-only.json
  117. +12 −0 js/apps/admin-ui/cypress/support/pages/admin-ui/manage/realm_settings/RealmSettingsPage.ts
  118. +6 −1 js/apps/admin-ui/maven-resources/theme/keycloak.v2/admin/messages/messages_en.properties
  119. +1 −1 js/apps/admin-ui/pom.xml
  120. +1 −3 js/apps/admin-ui/src/authentication/AuthenticationSection.tsx
  121. +2 −3 js/apps/admin-ui/src/authentication/BindFlowDialog.tsx
  122. +1 −1 js/apps/admin-ui/src/authentication/components/EditFlow.tsx
  123. +4 −4 js/apps/admin-ui/src/authentication/components/UsedBy.tsx
  124. +4 −2 js/apps/admin-ui/src/clients/ClientsSection.tsx
  125. +15 −0 js/apps/admin-ui/src/clients/advanced/AdvancedSettings.tsx
  126. +1 −0 js/apps/admin-ui/src/clients/advanced/TokenLifespan.tsx
  127. +1 −0 js/apps/admin-ui/src/clients/authorization/policy/User.tsx
  128. +7 −1 js/apps/admin-ui/src/clients/credentials/ClientSecret.tsx
  129. +1 −4 js/apps/admin-ui/src/components/client/ClientSelect.tsx
  130. +4 −1 js/apps/admin-ui/src/components/users/UserSelect.tsx
  131. +3 −1 js/apps/admin-ui/src/identity-providers/add/DescriptorSettings.tsx
  132. +3 −5 js/apps/admin-ui/src/identity-providers/component/RedirectUrl.tsx
  133. +2 −0 js/apps/admin-ui/src/realm-settings/NewAttributeSettings.tsx
  134. +27 −1 js/apps/admin-ui/src/realm-settings/TokensTab.tsx
  135. +16 −6 js/apps/admin-ui/src/realm-settings/localization/RealmOverrides.tsx
  136. +2 −0 js/apps/admin-ui/src/realm-settings/user-profile/AttributesGroupForm.tsx
  137. +6 −0 js/apps/admin-ui/src/realm-settings/user-profile/attribute/AttributeGeneralSettings.tsx
  138. +1 −1 js/apps/admin-ui/src/user-federation/ldap/mappers/LdapMapperDetails.tsx
  139. +30 −20 js/apps/admin-ui/src/utils/client-url.test.ts
  140. +8 −9 js/apps/admin-ui/src/utils/client-url.ts
  141. +1 −1 js/libs/keycloak-admin-client/package.json
  142. +1 −1 js/libs/keycloak-admin-client/pom.xml
  143. +1 −1 js/libs/keycloak-js/package.json
  144. +1 −1 js/libs/keycloak-js/pom.xml
  145. +1 −1 js/libs/ui-shared/package.json
  146. +1 −1 js/libs/ui-shared/pom.xml
  147. +1 −1 js/pom.xml
  148. +1 −1 misc/keycloak-test-helper/pom.xml
  149. +1 −1 misc/pom.xml
  150. +1 −1 model/infinispan/pom.xml
  151. +1 −1 model/jpa/pom.xml
  152. +5 −8 model/jpa/src/main/java/org/keycloak/connections/jpa/util/JpaUtils.java
  153. +4 −9 model/jpa/src/main/java/org/keycloak/models/jpa/session/PersistentClientSessionEntity.java
  154. +31 −0 model/jpa/src/main/resources/META-INF/jpa-changelog-18.0.15.xml
  155. +1 −0 model/jpa/src/main/resources/META-INF/jpa-changelog-master.xml
  156. +0 −22 model/jpa/src/main/resources/META-INF/queries-default.properties
  157. +8 −0 model/jpa/src/main/resources/META-INF/queries-mariadb.properties
  158. +8 −0 model/jpa/src/main/resources/META-INF/queries-mysql.properties
  159. +1 −1 model/pom.xml
  160. +1 −1 model/storage-private/pom.xml
  161. +1 −1 model/storage-services/pom.xml
  162. +1 −1 model/storage/pom.xml
  163. +1 −1 operator/pom.xml
  164. +2 −2 operator/src/main/java/org/keycloak/operator/controllers/KeycloakDeploymentDependentResource.java
  165. +2 −2 pom.xml
  166. +1 −1 quarkus/config-api/pom.xml
  167. +1 −1 quarkus/config-api/src/main/java/org/keycloak/config/database/Database.java
  168. +1 −1 quarkus/container/Dockerfile
  169. +1 −1 quarkus/deployment/pom.xml
  170. +1 −1 quarkus/dist/pom.xml
  171. +1 −1 quarkus/pom.xml
  172. +1 −1 quarkus/runtime/pom.xml
  173. +1 −1 quarkus/runtime/src/main/resources/cache-ispn.xml
  174. +1 −1 quarkus/runtime/src/test/java/org/keycloak/quarkus/runtime/configuration/test/ConfigurationTest.java
  175. +1 −1 quarkus/server/pom.xml
  176. +1 −1 quarkus/tests/integration/pom.xml
  177. +1 −1 quarkus/tests/junit5/pom.xml
  178. +1 −1 quarkus/tests/pom.xml
  179. +1 −1 rest/admin-ui-ext/pom.xml
  180. +1 −1 rest/pom.xml
  181. +1 −1 saml-core-api/pom.xml
  182. +1 −1 saml-core/pom.xml
  183. +1 −1 server-spi-private/pom.xml
  184. +1 −1 server-spi/pom.xml
  185. +2 −0 server-spi/src/main/java/org/keycloak/models/SingleUseObjectKeyModel.java
  186. +1 −1 services/pom.xml
  187. +35 −2 services/src/main/java/org/keycloak/authentication/forms/RecaptchaAssessmentResponse.java
  188. +35 −8 services/src/main/java/org/keycloak/services/managers/AuthenticationManager.java
  189. +2 −8 services/src/main/java/org/keycloak/services/resources/account/AccountConsole.java
  190. +2 −2 test-poc/base/pom.xml
  191. +1 −1 test-poc/framework/pom.xml
  192. +1 −1 test-poc/pom.xml
  193. +1 −1 testsuite/db-allocator-plugin/pom.xml
  194. +3 −3 testsuite/integration-arquillian/HOW-TO-RUN.md
  195. +1 −1 testsuite/integration-arquillian/pom.xml
  196. +1 −1 testsuite/integration-arquillian/servers/adapter-spi/pom.xml
  197. +1 −1 testsuite/integration-arquillian/servers/adapter-spi/undertow-adapter-saml-jakarta/pom.xml
  198. +1 −1 testsuite/integration-arquillian/servers/adapter-spi/undertow-adapter-spi-jakarta/pom.xml
  199. +1 −1 testsuite/integration-arquillian/servers/app-server/app-server-spi/pom.xml
  200. +1 −1 testsuite/integration-arquillian/servers/app-server/jboss/galleon/pom.xml
  201. +1 −1 testsuite/integration-arquillian/servers/app-server/jboss/pom.xml
  202. +1 −1 testsuite/integration-arquillian/servers/app-server/jboss/wildfly/pom.xml
  203. +1 −1 testsuite/integration-arquillian/servers/app-server/pom.xml
  204. +1 −1 testsuite/integration-arquillian/servers/app-server/undertow/pom.xml
  205. +1 −1 testsuite/integration-arquillian/servers/auth-server/pom.xml
  206. +1 −1 testsuite/integration-arquillian/servers/auth-server/quarkus/pom.xml
  207. +1 −1 testsuite/integration-arquillian/servers/auth-server/services/pom.xml
  208. +1 −1 testsuite/integration-arquillian/servers/auth-server/services/testsuite-providers-deployment/pom.xml
  209. +1 −1 testsuite/integration-arquillian/servers/auth-server/services/testsuite-providers/pom.xml
  210. +1 −1 testsuite/integration-arquillian/servers/auth-server/undertow/pom.xml
  211. +1 −1 testsuite/integration-arquillian/servers/cache-server/infinispan/datagrid/pom.xml
  212. +1 −1 testsuite/integration-arquillian/servers/cache-server/infinispan/infinispan/pom.xml
  213. +1 −1 testsuite/integration-arquillian/servers/cache-server/infinispan/pom.xml
  214. +1 −1 testsuite/integration-arquillian/servers/cache-server/legacy/datagrid/pom.xml
  215. +1 −1 testsuite/integration-arquillian/servers/cache-server/legacy/infinispan/pom.xml
  216. +1 −1 testsuite/integration-arquillian/servers/cache-server/legacy/pom.xml
  217. +1 −1 testsuite/integration-arquillian/servers/cache-server/pom.xml
  218. +1 −1 testsuite/integration-arquillian/servers/migration/pom.xml
  219. +1 −1 testsuite/integration-arquillian/servers/pom.xml
  220. +1 −1 testsuite/integration-arquillian/test-apps/cors/angular-product/pom.xml
  221. +1 −1 testsuite/integration-arquillian/test-apps/cors/database-service/pom.xml
  222. +1 −1 testsuite/integration-arquillian/test-apps/cors/pom.xml
  223. +1 −1 testsuite/integration-arquillian/test-apps/hello-world-authz-service/pom.xml
  224. +1 −1 testsuite/integration-arquillian/test-apps/pom.xml
  225. +1 −1 testsuite/integration-arquillian/test-apps/servlet-authz/pom.xml
  226. +1 −1 testsuite/integration-arquillian/test-apps/servlet-policy-enforcer/pom.xml
  227. +1 −1 testsuite/integration-arquillian/test-apps/servlets-jakarta/pom.xml
  228. +1 −1 testsuite/integration-arquillian/test-apps/servlets/pom.xml
  229. +1 −1 testsuite/integration-arquillian/test-apps/test-apps-dist/pom.xml
  230. +1 −1 testsuite/integration-arquillian/tests/base/pom.xml
  231. +58 −0 .../tests/base/src/test/java/org/keycloak/testsuite/actions/RequiredActionEmailVerificationTest.java
  232. +35 −0 ...rquillian/tests/base/src/test/java/org/keycloak/testsuite/actions/RequiredActionPriorityTest.java
  233. +23 −2 ...llian/tests/base/src/test/java/org/keycloak/testsuite/admin/UserFederationLdapConnectionTest.java
  234. +23 −0 .../integration-arquillian/tests/base/src/test/java/org/keycloak/testsuite/authz/RolePolicyTest.java
  235. +5 −11 ...quillian/tests/base/src/test/java/org/keycloak/testsuite/broker/AbstractFirstBrokerLoginTest.java
  236. +11 −0 ...e/integration-arquillian/tests/base/src/test/java/org/keycloak/testsuite/cli/admin/KcAdmTest.java
  237. +59 −1 ...lian/tests/base/src/test/java/org/keycloak/testsuite/federation/ldap/LDAPGroupMapperSyncTest.java
  238. +127 −0 ...n-arquillian/tests/base/src/test/java/org/keycloak/testsuite/oauth/OfflineTokenMigrationTest.java
  239. +1 −1 testsuite/integration-arquillian/tests/other/adapters/jboss/pom.xml
  240. +1 −1 testsuite/integration-arquillian/tests/other/adapters/pom.xml
  241. +1 −1 testsuite/integration-arquillian/tests/other/adapters/was/pom.xml
  242. +1 −1 testsuite/integration-arquillian/tests/other/adapters/was/was8/pom.xml
  243. +1 −1 testsuite/integration-arquillian/tests/other/adapters/wls/pom.xml
  244. +1 −1 testsuite/integration-arquillian/tests/other/adapters/wls/wls12/pom.xml
  245. +1 −1 testsuite/integration-arquillian/tests/other/jpa-performance/pom.xml
  246. +1 −1 testsuite/integration-arquillian/tests/other/mod_auth_mellon/pom.xml
  247. +1 −1 testsuite/integration-arquillian/tests/other/pom.xml
  248. +1 −1 testsuite/integration-arquillian/tests/other/sssd/pom.xml
  249. +1 −1 testsuite/integration-arquillian/tests/pom.xml
  250. +1 −1 testsuite/integration-arquillian/util/pom.xml
  251. +1 −1 testsuite/model/pom.xml
  252. +1 −1 testsuite/pom.xml
  253. +1 −1 testsuite/utils/pom.xml
  254. +1 −1 themes/pom.xml
  255. +1 −1 themes/src/main/resources-community/theme/base/email/messages/messages_es.properties
  256. +1 −1 util/embedded-ldap/pom.xml
  257. +1 −1 util/pom.xml
2 changes: 1 addition & 1 deletion .github/workflows/ci.yml
View file
Original file line number Diff line number Diff line change
@@ -533,7 +533,7 @@ jobs:

- name: Run cluster tests
run: |
./mvnw test ${{ env.SUREFIRE_RETRY }} -Pauth-server-cluster-quarkus -Dsession.cache.owners=2 -Dtest=**.cluster.** -pl testsuite/integration-arquillian/tests/base 2>&1 | misc/log/trimmer.sh
./mvnw test ${{ env.SUREFIRE_RETRY }} -Pauth-server-cluster-quarkus,db-postgres -Dsession.cache.owners=2 -Dtest=**.cluster.** -pl testsuite/integration-arquillian/tests/base 2>&1 | misc/log/trimmer.sh
- name: Upload JVM Heapdumps
if: always()
2 changes: 1 addition & 1 deletion adapters/oidc/js/pom.xml
View file
Original file line number Diff line number Diff line change
@@ -5,7 +5,7 @@
<parent>
<artifactId>keycloak-parent</artifactId>
<groupId>org.keycloak</groupId>
<version>999.0.0-SNAPSHOT</version>
<version>25.0.2</version>
<relativePath>../../../pom.xml</relativePath>
</parent>

2 changes: 1 addition & 1 deletion adapters/oidc/pom.xml
View file
Original file line number Diff line number Diff line change
@@ -20,7 +20,7 @@
<parent>
<artifactId>keycloak-parent</artifactId>
<groupId>org.keycloak</groupId>
<version>999.0.0-SNAPSHOT</version>
<version>25.0.2</version>
<relativePath>../../pom.xml</relativePath>
</parent>
<name>Keycloak OIDC Client Adapter Modules</name>
2 changes: 1 addition & 1 deletion adapters/pom.xml
View file
Original file line number Diff line number Diff line change
@@ -20,7 +20,7 @@
<parent>
<artifactId>keycloak-parent</artifactId>
<groupId>org.keycloak</groupId>
<version>999.0.0-SNAPSHOT</version>
<version>25.0.2</version>
<relativePath>../pom.xml</relativePath>
</parent>
<name>Keycloak Adapters</name>
2 changes: 1 addition & 1 deletion adapters/saml/core-jakarta/pom.xml
View file
Original file line number Diff line number Diff line change
@@ -6,7 +6,7 @@
<parent>
<artifactId>keycloak-parent</artifactId>
<groupId>org.keycloak</groupId>
<version>999.0.0-SNAPSHOT</version>
<version>25.0.2</version>
<relativePath>../../../pom.xml</relativePath>
</parent>

2 changes: 1 addition & 1 deletion adapters/saml/core-public/pom.xml
View file
Original file line number Diff line number Diff line change
@@ -21,7 +21,7 @@
<parent>
<artifactId>keycloak-parent</artifactId>
<groupId>org.keycloak</groupId>
<version>999.0.0-SNAPSHOT</version>
<version>25.0.2</version>
<relativePath>../../../pom.xml</relativePath>
</parent>
<modelVersion>4.0.0</modelVersion>
2 changes: 1 addition & 1 deletion adapters/saml/core/pom.xml
View file
Original file line number Diff line number Diff line change
@@ -21,7 +21,7 @@
<parent>
<artifactId>keycloak-parent</artifactId>
<groupId>org.keycloak</groupId>
<version>999.0.0-SNAPSHOT</version>
<version>25.0.2</version>
<relativePath>../../../pom.xml</relativePath>
</parent>
<modelVersion>4.0.0</modelVersion>
2 changes: 1 addition & 1 deletion adapters/saml/pom.xml
View file
Original file line number Diff line number Diff line change
@@ -20,7 +20,7 @@
<parent>
<artifactId>keycloak-parent</artifactId>
<groupId>org.keycloak</groupId>
<version>999.0.0-SNAPSHOT</version>
<version>25.0.2</version>
<relativePath>../../pom.xml</relativePath>
</parent>
<name>Keycloak SAML Client Adapter Modules</name>
2 changes: 1 addition & 1 deletion adapters/saml/undertow/pom.xml
View file
Original file line number Diff line number Diff line change
@@ -21,7 +21,7 @@
<parent>
<artifactId>keycloak-parent</artifactId>
<groupId>org.keycloak</groupId>
<version>999.0.0-SNAPSHOT</version>
<version>25.0.2</version>
<relativePath>../../../pom.xml</relativePath>
</parent>
<modelVersion>4.0.0</modelVersion>
2 changes: 1 addition & 1 deletion adapters/saml/wildfly-elytron-jakarta/pom.xml
View file
Original file line number Diff line number Diff line change
@@ -21,7 +21,7 @@
<parent>
<artifactId>keycloak-parent</artifactId>
<groupId>org.keycloak</groupId>
<version>999.0.0-SNAPSHOT</version>
<version>25.0.2</version>
<relativePath>../../../pom.xml</relativePath>
</parent>
<modelVersion>4.0.0</modelVersion>
2 changes: 1 addition & 1 deletion adapters/saml/wildfly-elytron/pom.xml
View file
Original file line number Diff line number Diff line change
@@ -21,7 +21,7 @@
<parent>
<artifactId>keycloak-parent</artifactId>
<groupId>org.keycloak</groupId>
<version>999.0.0-SNAPSHOT</version>
<version>25.0.2</version>
<relativePath>../../../pom.xml</relativePath>
</parent>
<modelVersion>4.0.0</modelVersion>
2 changes: 1 addition & 1 deletion adapters/saml/wildfly/pom.xml
View file
Original file line number Diff line number Diff line change
@@ -20,7 +20,7 @@
<parent>
<artifactId>keycloak-parent</artifactId>
<groupId>org.keycloak</groupId>
<version>999.0.0-SNAPSHOT</version>
<version>25.0.2</version>
<relativePath>../../../pom.xml</relativePath>
</parent>
<name>Keycloak SAML Wildfly Integration</name>
2 changes: 1 addition & 1 deletion adapters/saml/wildfly/wildfly-jakarta-subsystem/pom.xml
View file
Original file line number Diff line number Diff line change
@@ -21,7 +21,7 @@
<parent>
<groupId>org.keycloak</groupId>
<artifactId>keycloak-parent</artifactId>
<version>999.0.0-SNAPSHOT</version>
<version>25.0.2</version>
<relativePath>../../../../pom.xml</relativePath>
</parent>

2 changes: 1 addition & 1 deletion adapters/saml/wildfly/wildfly-subsystem/pom.xml
View file
Original file line number Diff line number Diff line change
@@ -21,7 +21,7 @@
<parent>
<groupId>org.keycloak</groupId>
<artifactId>keycloak-parent</artifactId>
<version>999.0.0-SNAPSHOT</version>
<version>25.0.2</version>
<relativePath>../../../../pom.xml</relativePath>
</parent>

2 changes: 1 addition & 1 deletion adapters/spi/adapter-spi/pom.xml
View file
Original file line number Diff line number Diff line change
@@ -21,7 +21,7 @@
<parent>
<artifactId>keycloak-parent</artifactId>
<groupId>org.keycloak</groupId>
<version>999.0.0-SNAPSHOT</version>
<version>25.0.2</version>
<relativePath>../../../pom.xml</relativePath>
</parent>
<modelVersion>4.0.0</modelVersion>
2 changes: 1 addition & 1 deletion adapters/spi/jboss-adapter-core/pom.xml
View file
Original file line number Diff line number Diff line change
@@ -21,7 +21,7 @@
<parent>
<artifactId>keycloak-parent</artifactId>
<groupId>org.keycloak</groupId>
<version>999.0.0-SNAPSHOT</version>
<version>25.0.2</version>
<relativePath>../../../pom.xml</relativePath>
</parent>
<modelVersion>4.0.0</modelVersion>
2 changes: 1 addition & 1 deletion adapters/spi/pom.xml
View file
Original file line number Diff line number Diff line change
@@ -20,7 +20,7 @@
<parent>
<artifactId>keycloak-parent</artifactId>
<groupId>org.keycloak</groupId>
<version>999.0.0-SNAPSHOT</version>
<version>25.0.2</version>
<relativePath>../../pom.xml</relativePath>
</parent>
<name>Keycloak Client Adapter SPI Modules</name>
2 changes: 1 addition & 1 deletion adapters/spi/undertow-adapter-spi/pom.xml
View file
Original file line number Diff line number Diff line change
@@ -21,7 +21,7 @@
<parent>
<artifactId>keycloak-parent</artifactId>
<groupId>org.keycloak</groupId>
<version>999.0.0-SNAPSHOT</version>
<version>25.0.2</version>
<relativePath>../../../pom.xml</relativePath>
</parent>
<modelVersion>4.0.0</modelVersion>
2 changes: 1 addition & 1 deletion authz/client/pom.xml
View file
Original file line number Diff line number Diff line change
@@ -7,7 +7,7 @@
<parent>
<groupId>org.keycloak</groupId>
<artifactId>keycloak-authz-parent</artifactId>
<version>999.0.0-SNAPSHOT</version>
<version>25.0.2</version>
<relativePath>../pom.xml</relativePath>
</parent>

2 changes: 1 addition & 1 deletion authz/policy-enforcer/pom.xml
View file
Original file line number Diff line number Diff line change
@@ -21,7 +21,7 @@
<parent>
<groupId>org.keycloak</groupId>
<artifactId>keycloak-authz-parent</artifactId>
<version>999.0.0-SNAPSHOT</version>
<version>25.0.2</version>
<relativePath>../pom.xml</relativePath>
</parent>
<modelVersion>4.0.0</modelVersion>
2 changes: 1 addition & 1 deletion authz/policy/common/pom.xml
View file
Original file line number Diff line number Diff line change
@@ -25,7 +25,7 @@
<parent>
<groupId>org.keycloak</groupId>
<artifactId>keycloak-authz-provider-parent</artifactId>
<version>999.0.0-SNAPSHOT</version>
<version>25.0.2</version>
<relativePath>../pom.xml</relativePath>
</parent>

28 changes: 24 additions & 4 deletions ...mon/src/main/java/org/keycloak/authorization/policy/provider/role/RolePolicyProvider.java
View file
Original file line number Diff line number Diff line change
@@ -22,6 +22,7 @@

import org.jboss.logging.Logger;
import org.keycloak.authorization.AuthorizationProvider;
import org.keycloak.authorization.attribute.Attributes.Entry;
import org.keycloak.authorization.identity.Identity;
import org.keycloak.authorization.model.Policy;
import org.keycloak.authorization.policy.evaluation.Evaluation;
@@ -31,6 +32,8 @@
import org.keycloak.models.RealmModel;
import org.keycloak.models.RoleModel;
import org.keycloak.models.UserModel;
import org.keycloak.models.UserProvider;
import org.keycloak.representations.JsonWebToken;
import org.keycloak.representations.idm.authorization.RolePolicyRepresentation;

/**
@@ -74,9 +77,8 @@ public void evaluate(Evaluation evaluation) {

private boolean hasRole(Identity identity, RoleModel role, RealmModel realm, AuthorizationProvider authorizationProvider, boolean fetchRoles) {
if (fetchRoles) {
KeycloakSession session = authorizationProvider.getKeycloakSession();
UserModel user = session.users().getUserById(realm, identity.getId());
return user.hasRole(role);
UserModel subject = getSubject(identity, realm, authorizationProvider);
return subject != null && subject.hasRole(role);
}
String roleName = role.getName();
if (role.isClientRole()) {
@@ -86,8 +88,26 @@ private boolean hasRole(Identity identity, RoleModel role, RealmModel realm, Aut
return identity.hasRealmRole(roleName);
}

private UserModel getSubject(Identity identity, RealmModel realm, AuthorizationProvider authorizationProvider) {
KeycloakSession session = authorizationProvider.getKeycloakSession();
UserProvider users = session.users();
UserModel user = users.getUserById(realm, identity.getId());

if (user == null) {
Entry sub = identity.getAttributes().getValue(JsonWebToken.SUBJECT);

if (sub == null || sub.isEmpty()) {
return null;
}

return users.getUserById(realm, sub.asString(0));
}

return user;
}

@Override
public void close() {

}
}
}
2 changes: 1 addition & 1 deletion authz/policy/pom.xml
View file
Original file line number Diff line number Diff line change
@@ -7,7 +7,7 @@
<parent>
<groupId>org.keycloak</groupId>
<artifactId>keycloak-authz-parent</artifactId>
<version>999.0.0-SNAPSHOT</version>
<version>25.0.2</version>
<relativePath>../pom.xml</relativePath>
</parent>

2 changes: 1 addition & 1 deletion authz/pom.xml
View file
Original file line number Diff line number Diff line change
@@ -7,7 +7,7 @@
<parent>
<groupId>org.keycloak</groupId>
<artifactId>keycloak-parent</artifactId>
<version>999.0.0-SNAPSHOT</version>
<version>25.0.2</version>
<relativePath>../pom.xml</relativePath>
</parent>

2 changes: 1 addition & 1 deletion boms/adapter/pom.xml
View file
Original file line number Diff line number Diff line change
@@ -22,7 +22,7 @@
<parent>
<groupId>org.keycloak.bom</groupId>
<artifactId>keycloak-bom-parent</artifactId>
<version>999.0.0-SNAPSHOT</version>
<version>25.0.2</version>
</parent>

<groupId>org.keycloak.bom</groupId>
2 changes: 1 addition & 1 deletion boms/misc/pom.xml
View file
Original file line number Diff line number Diff line change
@@ -22,7 +22,7 @@
<parent>
<groupId>org.keycloak.bom</groupId>
<artifactId>keycloak-bom-parent</artifactId>
<version>999.0.0-SNAPSHOT</version>
<version>25.0.2</version>
</parent>

<groupId>org.keycloak.bom</groupId>
2 changes: 1 addition & 1 deletion boms/pom.xml
View file
Original file line number Diff line number Diff line change
@@ -27,7 +27,7 @@

<groupId>org.keycloak.bom</groupId>
<artifactId>keycloak-bom-parent</artifactId>
<version>999.0.0-SNAPSHOT</version>
<version>25.0.2</version>

<packaging>pom</packaging>

2 changes: 1 addition & 1 deletion boms/spi/pom.xml
View file
Original file line number Diff line number Diff line change
@@ -23,7 +23,7 @@
<parent>
<groupId>org.keycloak.bom</groupId>
<artifactId>keycloak-bom-parent</artifactId>
<version>999.0.0-SNAPSHOT</version>
<version>25.0.2</version>
</parent>

<groupId>org.keycloak.bom</groupId>
2 changes: 1 addition & 1 deletion common/pom.xml
View file
Original file line number Diff line number Diff line change
@@ -21,7 +21,7 @@
<parent>
<artifactId>keycloak-parent</artifactId>
<groupId>org.keycloak</groupId>
<version>999.0.0-SNAPSHOT</version>
<version>25.0.2</version>
<relativePath>../pom.xml</relativePath>
</parent>
<modelVersion>4.0.0</modelVersion>
2 changes: 1 addition & 1 deletion core/pom.xml
View file
Original file line number Diff line number Diff line change
@@ -21,7 +21,7 @@
<parent>
<artifactId>keycloak-parent</artifactId>
<groupId>org.keycloak</groupId>
<version>999.0.0-SNAPSHOT</version>
<version>25.0.2</version>
<relativePath>../pom.xml</relativePath>
</parent>
<modelVersion>4.0.0</modelVersion>
4 changes: 2 additions & 2 deletions core/src/main/java/org/keycloak/representations/IDToken.java
View file
Original file line number Diff line number Diff line change
@@ -140,7 +140,7 @@ public class IDToken extends JsonWebToken {
// Financial API - Part 2: Read and Write API Security Profile
// http://openid.net/specs/openid-financial-api-part-2.html#authorization-server
@JsonProperty(S_HASH)
protected String stateHash;
protected String stateHash;

public String getNonce() {
return nonce;
@@ -172,7 +172,7 @@ public void setSessionId(String sessionId) {
@Deprecated
@JsonIgnore
public String getSessionState() {
return sessionId;
return getSessionId();
}

public String getAccessTokenHash() {
7 changes: 7 additions & 0 deletions core/src/main/java/org/keycloak/representations/RefreshToken.java
View file
Original file line number Diff line number Diff line change
@@ -53,4 +53,11 @@ public RefreshToken(AccessToken token) {
public TokenCategory getCategory() {
return TokenCategory.INTERNAL;
}

@Override
public String getSessionId() {
String sessionId = super.getSessionId();
// Fallback as offline tokens created in Keycloak 14 or earlier have only the "session_state" claim, but not "sid"
return sessionId != null ? sessionId : (String) getOtherClaims().get(IDToken.SESSION_STATE);
}
}
2 changes: 1 addition & 1 deletion crypto/default/pom.xml
View file
Original file line number Diff line number Diff line change
@@ -21,7 +21,7 @@
<parent>
<artifactId>keycloak-crypto-parent</artifactId>
<groupId>org.keycloak</groupId>
<version>999.0.0-SNAPSHOT</version>
<version>25.0.2</version>
<relativePath>../pom.xml</relativePath>
</parent>
<modelVersion>4.0.0</modelVersion>
2 changes: 1 addition & 1 deletion crypto/elytron/pom.xml
View file
Original file line number Diff line number Diff line change
@@ -21,7 +21,7 @@
<parent>
<artifactId>keycloak-crypto-parent</artifactId>
<groupId>org.keycloak</groupId>
<version>999.0.0-SNAPSHOT</version>
<version>25.0.2</version>
<relativePath>../pom.xml</relativePath>
</parent>
<modelVersion>4.0.0</modelVersion>
2 changes: 1 addition & 1 deletion crypto/fips1402/pom.xml
View file
Original file line number Diff line number Diff line change
@@ -21,7 +21,7 @@
<parent>
<artifactId>keycloak-crypto-parent</artifactId>
<groupId>org.keycloak</groupId>
<version>999.0.0-SNAPSHOT</version>
<version>25.0.2</version>
<relativePath>../pom.xml</relativePath>
</parent>
<modelVersion>4.0.0</modelVersion>
2 changes: 1 addition & 1 deletion crypto/pom.xml
View file
Original file line number Diff line number Diff line change
@@ -20,7 +20,7 @@
<parent>
<artifactId>keycloak-parent</artifactId>
<groupId>org.keycloak</groupId>
<version>999.0.0-SNAPSHOT</version>
<version>25.0.2</version>
<relativePath>../pom.xml</relativePath>
</parent>
<name>Keycloak Crypto Parent</name>
2 changes: 1 addition & 1 deletion dependencies/pom.xml
View file
Original file line number Diff line number Diff line change
@@ -21,7 +21,7 @@
<parent>
<artifactId>keycloak-parent</artifactId>
<groupId>org.keycloak</groupId>
<version>999.0.0-SNAPSHOT</version>
<version>25.0.2</version>
</parent>

<modelVersion>4.0.0</modelVersion>
Loading