Pull Request Explorer

Summary

Add social button support to test framework page objects

Adds social login button support to the test framework’s page objects, enabling automated tests to interact with social authentication flows.

Health Assessment

• • Quick turnaround with minimal changes; PR merged within 3 hours, indicating straightforward implementation and fast review.

Summary

Skip realm bootstrap to speed Quarkus ITs

Reduces integration test runtime by ~60s, improving developer productivity.

Health Assessment

• • Long review and merge times due to large cycle, but minimal rework and small scope.

Summary

Remove oid4vc protocol from create client form

This PR removes the oid4vc protocol from the client creation UI and cleans up related server‑side code and tests, simplifying client configuration and reducing unnecessary protocol options.

Health Assessment

• • The PR was reviewed and merged within a day, showing efficient collaboration. Removing the unused oid4vc protocol simplifies client configuration and reduces potential confusion.

Summary

Add Ukrainian translations and maintainers

Enhances user experience for Ukrainian-speaking users by updating translations and designating maintainers for ongoing localization.

Health Assessment

• • Quick turnaround with minimal review rounds indicates a smooth process.

Summary

Add verifiable credential tab to admin UI

Introduces a new tab in the Keycloak admin console that allows administrators to create, view, and delete verifiable credentials when the OID4VC_VCI feature is enabled, improving credential management visibility.

Health Assessment

• • The PR was reviewed and approved within 19 hours, with only a single round of changes, indicating a smooth and efficient review process.

Summary

Export/import support for credentials

Adds export and import functionality for user credentials, enabling easier migration and backup of credential data.

Health Assessment

• • PR completed quickly with a single review and minimal rework, indicating a straightforward implementation.

Summary

Fix NPE for alg:none JWT in Bearer Auth

Prevents null pointer exceptions when processing JWTs with no algorithm, improving authentication reliability for clients.

Health Assessment

• • The PR required a single round of review and a subsequent commit to address test changes, resulting in moderate review friction and a slow overall cycle time due to the complexity of the bug fix.

Summary

Prevent wildcard hostnames in redirect URLs

This change tightens security by disallowing wildcard hostnames in redirect URIs, reducing risk of open redirect attacks while maintaining backward compatibility for legacy patterns.

Health Assessment

• • The PR had a straightforward review with no rework, indicating clear intent and minimal risk.

Summary

Resolve realm display name placeholders in TOTP issuer

Ensures authenticator apps display localized realm names instead of raw placeholders, improving user experience across locales.

Health Assessment

• • The PR had a long cycle time but minimal review friction and small scope, indicating a straightforward fix that was delayed by external factors.

Summary

Fix typo in ClientAdapter.isFrontchannelLogout

Corrects a misspelling in the client adapter, ensuring accurate front‑channel logout behavior.

Health Assessment

• • Quick fix with minimal changes, resolved in a single commit after a brief review.

Summary

Enable Save Button on Organization Creation

Ensures users can save new organizations after pasting a name, improving usability and reducing friction.

Health Assessment

• • Quick fix with single commit and single approval, indicating straightforward change.

Summary

Drop Quarkus container integration test runs

Remove container integration test runs from CI to reduce flaky tests and improve build reliability.

Health Assessment

• • PR took over a week to merge due to delayed review, but the change was minimal and had no impact on functionality.

Summary

Add WebAuthn metadata service and icons

Adds updated WebAuthn metadata parsing and provider icons to improve authentication UI and user experience.

Health Assessment

• • The PR added over 3,700 lines of code and 20 files, including new Java classes, a Python script, and numerous icon assets, leading to a long cycle time of 13 days. Multiple review rounds and a sizable scope suggest higher risk and potential for integration issues.

Summary

Unify mail handling across test suites

Standardizes email server configuration in tests, improving consistency and reliability for Keycloak test execution.

Health Assessment

• • The PR required over four days for review and merge, suggesting bottlenecks in test maintenance and potential delays in delivering related features.

Summary

Prevent non-default decisionStrategy in FGAP

Ensures FGAP permissions use the default decision strategy, preventing misconfiguration and potential security issues.

Health Assessment

• • Long review time indicates possible complexity or blocker; single commit suggests minimal rework.

Summary

Refactor OID4VC JWT Issuer Endpoint Tests

Improves test maintainability and aligns error handling with RFC 6750, reducing future maintenance overhead.

Health Assessment

• • The PR took over 10 days to merge, with a single review after a long review period, indicating a slow but straightforward refactor of test code.

Summary

Enhance migration docs from FGAP V1 to V2

Provides clearer guidance for administrators transitioning to the new FGAP V2, reducing support overhead.

Health Assessment

• • Documentation update with minimal code changes, quick review and straightforward merge.

Summary

Fix test extension logic

Corrects test extension logic to handle raw distribution and cluster config dist test, reducing flaky tests and improving test reliability.

Health Assessment

• • PR merged after 4.8 days with moderate review friction; single commit and 16 files indicates focused but sizable change to improve test stability.

Summary

Add experimental REST credential offer endpoint

Adds an experimental REST credential offer endpoint for OID4VCI, enabling controlled activation of new credential issuance flows without affecting existing OID4VCI functionality. This allows teams to test and roll out the feature gradually while maintaining stability of standard flows.

Health Assessment

• • The PR took over a day to review, but required no further changes after approval, indicating a straightforward implementation with minimal friction.

Summary

Rename blacklist to denylist in password policy

Replaces 'blacklist' terminology with 'denylist' for more inclusive naming conventions in password policy implementation.

Health Assessment

• • The PR had a moderate cycle time and time to first review, indicating some review friction. However, the changes were focused on renaming terminology, which is a relatively low-risk task.

Summary

Fix virtual thread check

Ensures virtual threads are disabled on machines with fewer than four CPUs, preventing potential performance degradation.

Health Assessment

• • Fast review and merge with minimal code changes indicate low complexity and risk.

Summary

Fix services module context usage

Corrects service module to use context instead of injection, ensuring proper test execution in IDEs.

Health Assessment

• • Quick turnaround with minimal changes; PR resolved within 2 hours and received approvals without rework.

Summary

Document how to check MSSQL transaction isolation level

Provides guidance for administrators to verify transaction isolation levels in MSSQL, improving database reliability and compliance.

Health Assessment

• • PR took ~40 hours to merge with a single review after ~26 hours, indicating moderate review delay but minimal code changes.

Summary

Skip Quarkus build for update-compatibility test

Reduces CI runtime by avoiding full Quarkus build when testing the update-compatibility command.

Health Assessment

• • The PR required over 4 days to merge with a long review time, but only a single commit was needed, indicating a straightforward change that was eventually approved after a lengthy review.

Summary

Add area/ssf to issue dropdown

Adds area and SSF selection to the issue creation dropdown, improving issue categorization and workflow efficiency.

Health Assessment

• • Quick, single commit, minimal changes, straightforward review, no rework.

Summary

Fix MSSQL queries to work with case sensitive collations

Ensures Keycloak's database migrations and queries function correctly on MSSQL servers with case-sensitive collations, preventing runtime errors for deployments in such environments.

Health Assessment

• • The PR resolved a database compatibility issue with a concise set of changes and a single review cycle, indicating a low-risk, quick turnaround.

Summary

Pre-compute password denylist Bloom filter

Speeds up server startup by pre-computing a binary Bloom filter from large password denylist files

Health Assessment

• • The PR had a long cycle time, but the review process was straightforward with only one approval required
• • The changes are well-structured and include documentation updates and test additions

Summary

Fix Improper Access Control on Keycloak Server

Removes a security vulnerability that allowed unauthorized access to account APIs when the feature is disabled, strengthening authentication controls.

Health Assessment

• • The PR required a single review after a long review time, indicating a need for faster security review processes.

Summary

Identity Provider detail settings allow saving without changes

Allows users to save identity provider detail settings without making changes, preventing unnecessary validation errors and improving admin UI experience.

Health Assessment

• • Quick fix with minimal changes, merged within a day, indicating low complexity and high confidence.

Summary

Align SCIM attribute annotation format

Ensures SCIM schema attributes conform to the official spec, improving interoperability and reducing integration errors.

Health Assessment

• • The PR had a moderate review cycle with a single commit, but the review took almost two days, indicating potential communication delays.

Summary

Ignore oasis-open.org in ExternalLinksTest

Fixes documentation test failures by adding oasis-open.org to ignored links, ensuring CI stability.

Health Assessment

• • PR had a long review time but minimal changes, indicating a simple fix that was delayed.

Summary

Add startup check for missing database indexes

Adds a startup check to detect missing database indexes, improving database integrity and preventing performance regressions.

Health Assessment

• • The PR introduced a new startup check for missing database indexes, required a quick initial review, a bot comment, and a single rework commit, indicating moderate review friction but a straightforward implementation.

Summary

Allow mapping user attributes to SCIM attributes via User Profile UI

Adds UI and backend support to map user attributes to SCIM attributes, enabling better integration with external identity providers.

Health Assessment

• • PR took over 8 days to merge with a single review round, indicating a lengthy review process but minimal back‑and‑forth.

Summary

Add new maintainer - Ricardo Martin

Adds Ricardo Martin as a new maintainer, updating the project governance.

Health Assessment

• • Quick approval with minimal changes, indicating a straightforward documentation update.

Summary

Resolve SA before resolving users from username or email

Fixes a security assertion ordering bug that could lead to incorrect authorization decisions, improving system reliability and compliance.

Health Assessment

• • The PR resolved a security-related bug with a moderate review cycle and minimal rework, indicating a straightforward fix with moderate impact on the codebase.

Summary

Enforce non-empty role and group names

Ensures role and group names cannot be empty, improving data integrity and preventing misconfiguration.

Health Assessment

• • Long review time indicates a potential blocker or low priority; the small change set suggests low risk to the system.

Summary

Add IDX_IDP_FOR_LOGIN index to MSSQL deployments

Adds a missing database index to improve login performance on MSSQL deployments.

Health Assessment

• • Quick single-commit PR with minimal changes, merged within 16 hours, indicating a straightforward fix with low complexity.

Summary

Remove unused TestingResource methods from test framework

Eliminates obsolete test methods, streamlining the test framework and reducing maintenance overhead.

Health Assessment

• • The PR was reviewed quickly and merged within a day, indicating a smooth process.
• • The removal of unused test methods improves code quality without affecting functionality.

Summary

Refactor event assertion methods for logout tests

Improves test framework by consolidating logout event assertions, reducing duplication and simplifying test maintenance.

Health Assessment

• • Long review and merge times likely due to many test files affected, but overall changes are small and low risk.

Summary

Fix CI failure due to missing quarkus-bom

Resolve CI build failure on Aurora by updating Ansible scripts to correctly reference the quarkus-bom, ensuring stable CI runs.

Health Assessment

• • The PR addressed a flaky CI issue with minimal code changes and received quick approval after initial review, but the overall cycle time was extended due to a long wait before the first review.

Summary

Fix illegal characters in duplicated flow step names

Prevents authentication flow errors by validating step names, improving reliability and security of user authentication.

Health Assessment

• • Resolved quickly with a single review; minimal code changes and no rework.

Summary

Add CRUD for verifiable credentials

Enables database and admin REST endpoints for creating, reading, updating, and deleting verifiable credentials, expanding OID4VCI support.

Health Assessment

• • Single commit PR with large additions, approved after ~28h review, indicating straightforward implementation but high scope.

Summary

Upgrade to Quarkus 3.33.1.1

Keycloak is upgraded to Quarkus 3.33.1.1, improving performance, security, and compatibility with newer Java versions.

Health Assessment

• • Fast cycle time, single review, minimal changes, low risk.

Summary

Move phishing check logic to new service

Replaces legacy phishing check implementation with a dedicated service, improving maintainability and testability.

Health Assessment

• • The PR had a long cycle time with a single review after a large refactor, indicating moderate risk but minimal contention.

Summary

Update Catalan, Czech, French, Swedish translations

This PR updates UI translations for multiple languages, improving internationalization and user experience for Keycloak's admin and account interfaces.

Health Assessment

• • Long review cycle (~6.5 days) typical for translation updates; minimal code changes and low risk.