keycloak

mirror of https://github.com/keycloak/keycloak.git synced 2026-05-28 04:13:22 -04:00

Author	SHA1	Message	Date
Martin Bartoš	137a35c110	Mask certain HTTP headers and cookies in the HTTP access log (#45400 ) * Mask certain HTTP headers and cookies in the HTTP access log Closes #43811 Signed-off-by: Martin Bartoš <mabartos@redhat.com> Co-authored-by: Václav Muzikář <vaclav@muzikari.cz> * Improve tests, Improve docs Signed-off-by: Martin Bartoš <mabartos@redhat.com> * Fix test Signed-off-by: Martin Bartoš <mabartos@redhat.com> --------- Signed-off-by: Martin Bartoš <mabartos@redhat.com> Co-authored-by: Václav Muzikář <vaclav@muzikari.cz>	2026-01-19 19:01:45 +01:00
Pedro Igor	c8a41dea99	Reverting format changes, updating docs, and only exposing the method to fetch first-factor credentials Signed-off-by: Pedro Igor <pigor.craveiro@gmail.com>	2026-01-19 08:30:47 -03:00
rmartinc	07b9b9656b	Allow client_id as an audience in the JWT Authorization Grant and Client Assertions Closes #45178 Signed-off-by: rmartinc <rmartinc@redhat.com>	2026-01-16 15:48:28 +01:00
Ruchika Jha	e2e11a3b8e	Hide Remember Me session settings when Remember Me is disabled in realm settings edit page in UI Closes #44973 Signed-off-by: Ruchika <ruchika.jha1@ibm.com> Signed-off-by: Ruchika Jha <Ruchika.Jha1@ibm.com> Signed-off-by: Alexander Schwartz <alexander.schwartz@ibm.com> Co-authored-by: Alexander Schwartz <alexander.schwartz@ibm.com>	2026-01-15 16:46:50 +00:00
Pedro Igor	ab351170b4	Support aggregated policies during partial evaluation Closes #45324 Signed-off-by: Pedro Igor <pigor.craveiro@gmail.com>	2026-01-15 15:20:52 +01:00
Pedro Igor	37ff64446b	Allow hide organization brokers when the user does not map to any organization during login Closes #45422 Signed-off-by: Pedro Igor <pigor.craveiro@gmail.com>	2026-01-15 15:19:43 +01:00
Alexander Schwartz	391593cfa7	Implement asynchronous logging when called from nonblocking threads Closes #45015 Signed-off-by: Alexander Schwartz <alexander.schwartz@gmx.net> Signed-off-by: Alexander Schwartz <alexander.schwartz@ibm.com> Signed-off-by: Martin Bartoš <mabartos@redhat.com> Co-authored-by: Martin Bartoš <mabartos@redhat.com>	2026-01-15 09:20:34 -03:00
Pedro Igor	cca5ef44fa	Updating the documentation Signed-off-by: Pedro Igor <pigor.craveiro@gmail.com>	2026-01-13 16:42:07 -03:00
Giuseppe Graziano	23aad2a942	DPoP Guide (#45274 ) Closes #42747 Signed-off-by: Giuseppe Graziano <g.graziano94@gmail.com>	2026-01-13 11:01:28 +01:00
Pedro Igor	c33d94da65	Allow admins with any admin role to map roles if the constraints apply Closes #44371 Closes #45182 Signed-off-by: Pedro Igor <pigor.craveiro@gmail.com>	2026-01-12 12:56:30 -03:00
Stan Silvert	eb77c055f5	Clarify documentation. Signed-off-by: Stan Silvert <ssilvert@redhat.com>	2026-01-12 10:36:10 -03:00
mposolda	1273c8db0e	DCR endpoint ignores client's requested token_endpoint_auth_method in case it is client_secret_post closes #44403 Signed-off-by: mposolda <mposolda@gmail.com>	2026-01-12 09:54:04 +01:00
Ryan Emerson	f8b114bdd8	Add indexes to BROKER_LINK table Closes #45009 Signed-off-by: Ryan Emerson <remerson@ibm.com> Signed-off-by: Alexander Schwartz <alexander.schwartz@ibm.com> Co-authored-by: Alexander Schwartz <alexander.schwartz@ibm.com>	2026-01-09 16:09:40 +00:00
Alexander Schwartz	234526761e	Fix section level in 26.5 migration guide Closes #45184 Signed-off-by: Alexander Schwartz <alexander.schwartz@gmx.net>	2026-01-07 07:54:06 -03:00
Ryan Emerson	4a2ed7c4e6	Use correct anchor for mdc logging in 26.5.0 release notes Closes #45185 Signed-off-by: Ryan Emerson <remerson@ibm.com>	2026-01-06 17:21:48 +01:00
olympus5	ffed84194e	Realign source code examples in auth-spi doc closes #43757 Signed-off-by: olympus5 <erwan.iquel@gmail.com>	2026-01-06 12:18:42 +01:00
Pedro Igor	0d5766f3a8	Allow running scheduled workflows Closes #44865 Signed-off-by: Pedro Igor <pigor.craveiro@gmail.com>	2026-01-05 13:03:47 -03:00
Alexander Schwartz	e43cf55028	Finalizing 26.5 release notes Closes #45131 Signed-off-by: Alexander Schwartz <alexander.schwartz@ibm.com> Signed-off-by: Alexander Schwartz <alexander.schwartz@gmx.net> Co-authored-by: Stian Thorgersen <stian@redhat.com>	2026-01-05 14:10:32 +01:00
Pedro Igor	3c0b308bb7	Document limitations when updating workflows Closes #45134 Signed-off-by: Pedro Igor <pigor.craveiro@gmail.com>	2026-01-05 14:10:03 +01:00
Alexander Schwartz	a6bf194487	Remove usage of kcSanitize() to avoid printing HTML (#44755 ) Some checks are pending Weblate Sync / Trigger Weblate to pull the latest changes (push) Waiting to run Details Closes #44753 Signed-off-by: Alexander Schwartz <alexander.schwartz@ibm.com>	2026-01-05 10:45:32 +01:00
Ryan Emerson	cafa1a86eb	Disable state transfer for session caches when persistent sessions are enabled Closes #44518 Signed-off-by: Ryan Emerson <remerson@ibm.com> Signed-off-by: Alexander Schwartz <alexander.schwartz@ibm.com> Co-authored-by: Alexander Schwartz <alexander.schwartz@ibm.com>	2026-01-05 08:53:59 +00:00
Ruchika Jha	60b369c622	Validate client session timeout and lifetime settings on realm settings edit Closes #44910 Signed-off-by: Ruchika <Ruchika.Jha1@ibm.com> Signed-off-by: Ryan Emerson <remerson@ibm.com> Signed-off-by: Alexander Schwartz <alexander.schwartz@ibm.com> Co-authored-by: Ryan Emerson <remerson@ibm.com> Co-authored-by: Alexander Schwartz <alexander.schwartz@ibm.com>	2026-01-05 08:50:56 +00:00
Stian Thorgersen	f2c527239d	Update JNDI reference in LDAP referrals documentation (#45129 ) Clarified the term 'JNDI' in the LDAP referrals section. Closes #45040	2026-01-05 09:01:40 +01:00
Robin Meese	0d0d468f27	Add ability to delete offline sessions via account console Closes #15502 Signed-off-by: Robin Meese <39960884+robson90@users.noreply.github.com> Signed-off-by: Alexander Schwartz <alexander.schwartz@gmx.net> Co-authored-by: Alexander Schwartz <alexander.schwartz@gmx.net>	2026-01-05 08:26:47 +01:00
Christian Ja	374e45b883	Use default locale from realm an intermediate fallback closes #40990 Signed-off-by: Christian Janker <christian.janker@gmx.at> Signed-off-by: Alexander Schwartz <alexander.schwartz@ibm.com> Co-authored-by: Alexander Schwartz <alexander.schwartz@ibm.com>	2026-01-01 14:23:33 +00:00
Robin Meese	35ee49b5d4	Add logout event to UserSessionLimitsAuthenticator Closes #44843 Signed-off-by: Robin Meese <39960884+robson90@users.noreply.github.com> Signed-off-by: Alexander Schwartz <alexander.schwartz@ibm.com> Co-authored-by: Alexander Schwartz <alexander.schwartz@ibm.com>	2026-01-01 13:22:54 +00:00
Stefan Guilhen	43634dd2ed	Update docs/documentation/server_admin/topics/workflows/understanding-workflow-definition.adoc Co-authored-by: Pedro Igor <pigor.craveiro@gmail.com> Signed-off-by: Stefan Guilhen <sguilhen@redhat.com>	2025-12-29 10:29:38 -03:00
Stefan Guilhen	9865791084	Fix wrong provider references in workflows documentation Closes #45077 Signed-off-by: Stefan Guilhen <sguilhen@redhat.com>	2025-12-29 10:29:38 -03:00
Robin Meese	0957572751	Add logout event to SessionResource Closes #44842 Signed-off-by: Robin Meese <39960884+robson90@users.noreply.github.com> Signed-off-by: Alexander Schwartz <alexander.schwartz@gmx.net> Co-authored-by: Alexander Schwartz <alexander.schwartz@gmx.net>	2025-12-29 12:25:45 +00:00
Stefan Guilhen	0d09f755f1	Fix wrong event names in workflows documentation (#45002 ) Closes #45001 Signed-off-by: Stefan Guilhen <sguilhen@redhat.com>	2025-12-19 13:01:20 -05:00
Peter Zaoral	7da8a8a2e3	feat: add Windows service support (#44496 ) Closes: #37704 Signed-off-by: Peter Zaoral <pepo48@gmail.com>	2025-12-19 16:55:42 +00:00
Stephan Seifermann	aefecade5c	Client cert lookup provider compliant to RFC 9440 (#36161 ) * Client cert lookup provider compliant to RFC 9440 (#20761) Signed-off-by: Stephan Seifermann <seiferma@users.noreply.github.com> * Release notes Signed-off-by: Václav Muzikář <vmuzikar@redhat.com> --------- Signed-off-by: Stephan Seifermann <seiferma@users.noreply.github.com> Signed-off-by: Václav Muzikář <vmuzikar@redhat.com> Co-authored-by: Stephan Seifermann <seiferma@users.noreply.github.com> Co-authored-by: Václav Muzikář <vmuzikar@redhat.com>	2025-12-19 12:38:54 +01:00
Ricardo Martin	efc75f09b0	Fix link to https://azure.microsoft.com/en-us (#45036 ) Closes #45023 Signed-off-by: rmartinc <rmartinc@redhat.com>	2025-12-19 12:27:05 +01:00
Pedro Igor	6a437521a9	Only allow LDAP URL references when following referrals (#44993 ) Signed-off-by: Pedro Igor <pigor.craveiro@gmail.com> Signed-off-by: Alexander Schwartz <alexander.schwartz@ibm.com> Signed-off-by: Stian Thorgersen <stian@redhat.com> Co-authored-by: Alexander Schwartz <alexander.schwartz@ibm.com> Co-authored-by: Stian Thorgersen <stianst@gmail.com>	2025-12-18 14:27:10 +01:00
Pedro Igor	7512a0412b	wip - workflows doc (#44685 ) Signed-off-by: Pedro Igor <pigor.craveiro@gmail.com> Co-authored-by: Stan Silvert <ssilvert@redhat.com>	2025-12-18 07:52:41 -05:00
Marek Posolda	4b68f6998b	Release notes update for Keycloak 26.5 with core-clients related contributions (#44986 ) closes #44192 Signed-off-by: mposolda <mposolda@gmail.com>	2025-12-18 10:48:27 +01:00
Martin Bartoš	548a89c823	[OTel] Micrometer to OpenTelemetry bridge support for metrics (#41716 ) * [OTel] Micrometer to OpenTelemetry bridge support for metrics Closes #41006 Signed-off-by: Martin Bartoš <mabartos@redhat.com> * Review: Docs rewording Signed-off-by: Ryan Emerson <remerson@ibm.com> * Review: Make TELEMETRY Option descriptions consistently use OpenTelemetry to reflect pattern established by telemetry-enabled, telemetry-endpoint etc Signed-off-by: Ryan Emerson <remerson@ibm.com> --------- Signed-off-by: Martin Bartoš <mabartos@redhat.com> Signed-off-by: Ryan Emerson <remerson@ibm.com> Co-authored-by: Ryan Emerson <remerson@ibm.com>	2025-12-17 17:03:56 +01:00
Sebastian Łaskawiec	9597537bf3	Additional fields for the Welcome Resource (#44758 ) * Additional fields added to the Welcome Page Signed-off-by: Sebastian Łaskawiec <sebastian.laskawiec@gmail.com> * Updated the order of fields Signed-off-by: Sebastian Łaskawiec <sebastian.laskawiec@gmail.com> --------- Signed-off-by: Sebastian Łaskawiec <sebastian.laskawiec@gmail.com>	2025-12-17 13:11:44 +01:00
Martin Kanis	012cefb654	The existence of an organization attribute called id is not validated Closes #44522 Signed-off-by: Martin Kanis <mkanis@redhat.com>	2025-12-17 08:05:32 -03:00
Steven Hawkins	148d14816c	fix: allowing settable connection request timeout (#44592 ) Some checks are pending Weblate Sync / Trigger Weblate to pull the latest changes (push) Waiting to run Details also defaulting to 5000 closes: #44500 Signed-off-by: Steve Hawkins <shawkins@redhat.com>	2025-12-16 16:35:01 +00:00
Palpable	94ee6d81fb	[OID4VCI] Realign naming of attribute configuring algorithms for credential (#44765 ) Closes #44621 Signed-off-by: Vitalisn4 <ngamvitalisyuh@gmail.com> Signed-off-by: mposolda <mposolda@gmail.com> Signed-off-by: Ingrid Kamga <Ingrid.Kamga@adorsys.com> Co-authored-by: Marek Posolda <mposolda@gmail.com> Co-authored-by: Ingrid Kamga <Ingrid.Kamga@adorsys.com>	2025-12-16 14:46:17 +01:00
Martin Bartoš	29fdcedbc8	[OTel] Introduce preview support for OpenTelemetry Logs (#41265 ) Closes #41264 Co-authored-by: Ryan Emerson <remerson@redhat.com Signed-off-by: Martin Bartoš <mabartos@redhat.com>	2025-12-15 10:50:30 +01:00
Václav Muzikář	da6c4df5ec	Support EDB 18 (#44856 ) * Support EDB 18 Closes #44494 Signed-off-by: Václav Muzikář <vmuzikar@redhat.com> * Update test-framework/db-edb/container/README.md Co-authored-by: Steven Hawkins <shawkins@redhat.com> Signed-off-by: Václav Muzikář <vaclav@muzikari.cz> --------- Signed-off-by: Václav Muzikář <vmuzikar@redhat.com> Signed-off-by: Václav Muzikář <vaclav@muzikari.cz> Co-authored-by: Steven Hawkins <shawkins@redhat.com>	2025-12-15 07:36:26 +01:00
Ruchika Jha	26fe8dc7d8	Added validation for client session timeout post comparing the realm session timeouts Closes #41019 Signed-off-by: ruchikajha95 <Ruchika.Jha1@ibm.com> Signed-off-by: Alexander Schwartz <alexander.schwartz@ibm.com>	2025-12-11 13:58:04 +01:00
Giuseppe Graziano	c0c4067bdd	JWT Authorization Grant feature to preview Closes #44492 Signed-off-by: Giuseppe Graziano <g.graziano94@gmail.com>	2025-12-11 10:37:30 +01:00
Martin Bartoš	8def691053	[OTel] Provide general options for telemetry settings (#41705 ) * [OTel] Provide general options for telemetry settings Closes #41263 Co-authored-by: Ryan Emerson <remerson@redhat.com> Signed-off-by: Martin Bartoš <mabartos@redhat.com> * Update docs/guides/observability/telemetry.adoc Co-authored-by: Václav Muzikář <vaclav@muzikari.cz> Signed-off-by: Martin Bartoš <mabartos@redhat.com> * Provide release notes and deprecation note Signed-off-by: Martin Bartoš <mabartos@redhat.com> * Ignore link to the telemetry guide for now Signed-off-by: Martin Bartoš <mabartos@redhat.com> --------- Signed-off-by: Martin Bartoš <mabartos@redhat.com> Co-authored-by: Ryan Emerson <remerson@redhat.com> Co-authored-by: Václav Muzikář <vaclav@muzikari.cz>	2025-12-10 12:03:46 +00:00
Christian Glasmachers	921b10ee80	Login failure cache: Evict entries after the configured failure reset time Closes #44801 Signed-off-by: Alexander Schwartz <alexander.schwartz@ibm.com> Signed-off-by: Alexander Schwartz <alexander.schwartz@gmx.net> Signed-off-by: Pedro Ruivo <pruivo@redhat.com> Co-authored-by: Christian Glasmachers <Christian.Glasmachers-extern@deutschebahn.com> Co-authored-by: Alexander Schwartz <alexander.schwartz@ibm.com> Co-authored-by: Alexander Schwartz <alexander.schwartz@gmx.net> Co-authored-by: Pedro Ruivo <pruivo@users.noreply.github.com>	2025-12-10 11:20:19 +01:00
rmartinc	c9686cc040	Documentation for JWT Authorization Grant Closes #44136 Signed-off-by: rmartinc <rmartinc@redhat.com>	2025-12-09 12:13:21 +01:00
vramik	5dbc91e028	Deprecate Fine-Grained Admin Permissions v1 Closes #44121 Signed-off-by: vramik <vramik@redhat.com>	2025-12-08 10:26:27 -03:00
Alexander Schwartz	2f81a2fb76	Updating and ordering the release notes Closes #44706 Signed-off-by: Alexander Schwartz <alexander.schwartz@ibm.com>	2025-12-08 10:55:33 +01:00
Pascal Knüppel	46e5979b17	[OID4VCI] Handle key_attestation_required in metadata endpoint (#44471 ) fixes #43801 Signed-off-by: Pascal Knüppel <pascal.knueppel@governikus.de> Signed-off-by: Pascal Knüppel <captain.p.goldfish@gmx.de> Signed-off-by: Captain-P-Goldfish <captain.p.goldfish@gmx.de> Co-authored-by: Ingrid Kamga <xingridkamga@gmail.com>	2025-12-05 16:00:32 +01:00
Sebastian Schuster	b5178a2bec	Added section on recommended isolation level to db guides Closes #44611 Signed-off-by: Sebastian Schuster <sebastian.schuster@bosch.com> Signed-off-by: Alexander Schwartz <alexander.schwartz@ibm.com> Co-authored-by: Alexander Schwartz <alexander.schwartz@ibm.com>	2025-12-05 14:48:31 +01:00
forkimenjeckayang	4dd68c0316	[OID4VCI] Conformance Test Fixes (#44439 ) closes #44659 Signed-off-by: forkimenjeckayang <forkimenjeckayang@gmail.com>	2025-12-04 09:03:38 +01:00
Sebastian Łaskawiec	aa789dd023	Logout confirmation Signed-off-by: Sebastian Łaskawiec <sebastian.laskawiec@gmail.com>	2025-11-28 14:24:32 +01:00
Pedro Ruivo	3ed15e740a	Add new option to schedule user session expiration Closes #44068 Signed-off-by: Pedro Ruivo <1492066+pruivo@users.noreply.github.com> Signed-off-by: Alexander Schwartz <alexander.schwartz@ibm.com> Signed-off-by: Ryan Emerson <remerson@ibm.com> Co-authored-by: Pedro Ruivo <1492066+pruivo@users.noreply.github.com> Co-authored-by: Alexander Schwartz <alexander.schwartz@ibm.com> Co-authored-by: Ryan Emerson <remerson@ibm.com>	2025-11-27 23:01:32 +01:00
Alexis Rico	b0b38176f0	Manage Organization Invites Closes #38809 Signed-off-by: Alexis Rico <sferadev@gmail.com> Signed-off-by: Pedro Igor <pigor.craveiro@gmail.com> Co-authored-by: Pedro Igor <pigor.craveiro@gmail.com>	2025-11-27 10:28:52 +01:00
Alexander Schwartz	2210b1ed50	Avoid un-escaped strings in the login templates for HTML entities Closes #44296 Signed-off-by: Alexander Schwartz <alexander.schwartz@ibm.com>	2025-11-26 07:55:35 -03:00
ruchikajha95	570ac40025	Promote MDC Logging Feature to Supported State Some checks are pending Weblate Sync / Trigger Weblate to pull the latest changes (push) Waiting to run Details Closes #41205 Signed-off-by: Ruchika Jha <ruchika@li-0551ffcc-341d-11b2-a85c-a28deda416be.ibm.com> Signed-off-by: Alexander Schwartz <alexander.schwartz@ibm.com> Co-authored-by: Ruchika Jha <ruchika@li-0551ffcc-341d-11b2-a85c-a28deda416be.ibm.com> Co-authored-by: Alexander Schwartz <alexander.schwartz@ibm.com>	2025-11-25 18:53:34 +00:00
Awambeng	8406cf34fb	[OID4VCI]: Realm-Configurable Time-Claim Normalization (Randomize/Round) to Mitigate Correlation (#43834 ) Closes #43399 Signed-off-by: Awambeng <awambengrodrick@gmail.com>	2025-11-24 11:07:07 +01:00
Sebastian Łaskawiec	081d8e5a01	Move Kubernetes IdP to preview Some checks failed Weblate Sync / Trigger Weblate to pull the latest changes (push) Has been cancelled Details Closes #42947 Signed-off-by: Sebastian Łaskawiec <sebastian.laskawiec@defenseunicorns.com> Signed-off-by: Alexander Schwartz <alexander.schwartz@ibm.com> Co-authored-by: Alexander Schwartz <alexander.schwartz@ibm.com>	2025-11-22 12:56:09 +01:00
Stian Thorgersen	2a78bc67d7	Refactoring around federated client authenticator to better handling lookup of IdPs and clients. Also, introducing updates to documentation. (#44325 ) Closes #44253 Closes #42987 Closes #44063 Signed-off-by: stianst <stianst@gmail.com> Co-authored-by: Alexander Schwartz <alexander.schwartz@gmx.net>	2025-11-22 12:53:22 +01:00
Alexander Schwartz	bb971dc6fc	Efficient row-count on PostgreSQL Closes #44057 Signed-off-by: Alexander Schwartz <alexander.schwartz@ibm.com>	2025-11-21 12:28:09 +01:00
Pedro Ruivo	13ef89664c	More accurate user session expiration logic Closes #44204 Signed-off-by: Pedro Ruivo <1492066+pruivo@users.noreply.github.com> Co-authored-by: Pedro Ruivo <1492066+pruivo@users.noreply.github.com>	2025-11-19 21:06:17 +01:00
Alexander Schwartz	15a9a36569	Align formatting of referenced RFCs Closes #44246 Signed-off-by: Alexander Schwartz <alexander.schwartz@gmx.net> Co-authored-by: Stian Thorgersen <stian@redhat.com>	2025-11-17 21:30:13 +01:00
Alexander Schwartz	167249dd6c	Updating the specifics around kubernetes service accounts Closes #44064 Signed-off-by: Alexander Schwartz <alexander.schwartz@ibm.com>	2025-11-17 11:23:39 +01:00
Ricardo Martin	20f9bb1570	Fix recaptcha links to the new docs.cloud.google.com site Closes #44187 Signed-off-by: rmartinc <rmartinc@redhat.com>	2025-11-14 09:37:54 +01:00
Chance Coleman	b2317dabdc	Add configurable HTTP retry mechanism for OCSP validation (#42535 ) Closes #42401 Signed-off-by: UnicornChance <chance@defenseunicorns.com> Signed-off-by: Chance Coleman <139784371+chance-coleman@users.noreply.github.com>	2025-11-13 13:21:13 +01:00
vramik	748b58bf64	Remove creation of default policy, resource and permission upon enabling authorization for a client Closes #43867 Signed-off-by: vramik <vramik@redhat.com>	2025-11-13 09:14:56 -03:00
Sebastian Łaskawiec	3288f83dc9	Adding an integration test with Minikube for Kubernetes Service Account Federated Authenticator Closes #42983 Signed-off-by: Sebastian Łaskawiec <sebastian.laskawiec@defenseunicorns.com> Signed-off-by: Alexander Schwartz <alexander.schwartz@ibm.com> Co-authored-by: Alexander Schwartz <alexander.schwartz@ibm.com>	2025-11-13 08:52:46 +01:00
Ricardo Martin	de49500393	Client policy to enforce only downscoping in Token Exchange (#44030 ) Closes #43931 Signed-off-by: rmartinc <rmartinc@redhat.com>	2025-11-12 08:48:42 +01:00
Martin Kanis	39e1e40be4	Document missing artifact dependency for UserStoragePrivateUtil Closes #43212 Signed-off-by: Martin Kanis <mkanis@redhat.com>	2025-11-10 10:41:12 -03:00
Martin Bartoš	1f9694358f	Ability to enable/disable feature via single property (#43542 ) * Ability to enable/disable feature via single property Closes #43541 Signed-off-by: Martin Bartoš <mabartos@redhat.com> * Provide support for specifying profile preview Signed-off-by: Martin Bartoš <mabartos@redhat.com> * Remove duplication check, use the new WildcardOptionUtil Signed-off-by: Martin Bartoš <mabartos@redhat.com> * Create quarkus specific single profile config resolver Signed-off-by: Martin Bartoš <mabartos@redhat.com> * Remove the feature profile capability for single feature option Signed-off-by: Martin Bartoš <mabartos@redhat.com> --------- Signed-off-by: Martin Bartoš <mabartos@redhat.com>	2025-11-07 13:35:39 +01:00
Stian Thorgersen	b278dbbb3d	Allow identity provider configuration without defaults for user authentication (#43963 ) Closes #43552 Signed-off-by: stianst <stianst@gmail.com>	2025-11-05 10:13:40 -03:00
KONSTANTINOS GEORGILAKIS	1c0d4616a5	hide scopes from scopes_supported in discovery endpoint Some checks are pending Weblate Sync / Trigger Weblate to pull the latest changes (push) Waiting to run Details Closes #10388 Signed-off-by: cgeorgilakis-grnet <cgeorgilakis@admin.grnet.gr> Signed-off-by: Alexander Schwartz <alexander.schwartz@ibm.com> Co-authored-by: Alexander Schwartz <alexander.schwartz@ibm.com>	2025-11-03 16:26:12 +00:00
蔡秀吉	e84a1d6363	Fix typos and formatting in OIDC auth flows documentation Closes #43818 Signed-off-by: thc1006 <84045975+thc1006@users.noreply.github.com>	2025-11-01 19:14:41 +00:00
Tobi	479859a7a3	Add new indices on `offline_client_session` Closes #43566 Signed-off-by: twobiers <22715034+twobiers@users.noreply.github.com> Signed-off-by: Alexander Schwartz <alexander.schwartz@ibm.com> Co-authored-by: Alexander Schwartz <alexander.schwartz@ibm.com>	2025-10-31 17:49:47 +01:00
Martin Bartoš	8502cc3ae1	Including OTLP headers for tracing (#43122 ) * Including OTLP headers for tracing Closes #41007 Signed-off-by: Martin Bartoš <mabartos@redhat.com> * Polishing, add test for the util class, address review Signed-off-by: Martin Bartoš <mabartos@redhat.com> * Remove the WildcardOptionsUtil#isKcWildcardOption Signed-off-by: Martin Bartoš <mabartos@redhat.com> --------- Signed-off-by: Martin Bartoš <mabartos@redhat.com>	2025-10-31 15:46:05 +01:00
Pedro Ruivo	e40c5de050	Session cache affinity Closes #42776 Signed-off-by: Pedro Ruivo <1492066+pruivo@users.noreply.github.com> Signed-off-by: Alexander Schwartz <alexander.schwartz@gmx.net> Signed-off-by: Alexander Schwartz <alexander.schwartz@ibm.com> Co-authored-by: Pedro Ruivo <1492066+pruivo@users.noreply.github.com> Co-authored-by: Alexander Schwartz <alexander.schwartz@gmx.net> Co-authored-by: Steven Hawkins <shawkins@redhat.com> Co-authored-by: Alexander Schwartz <alexander.schwartz@ibm.com>	2025-10-30 21:01:09 +00:00
Alexander Schwartz	0f01444543	Allow only normalized paths in requests (#43765 ) Closes #43763 Signed-off-by: Martin Bartoš <mabartos@redhat.com> Signed-off-by: Alexander Schwartz <alexander.schwartz@ibm.com> Co-authored-by: Martin Bartoš <mabartos@redhat.com>	2025-10-30 14:37:50 +01:00
Pedro Ruivo	6317c02a27	Refactor AuthenticationSessionManager Closes #43825 Signed-off-by: Pedro Ruivo <1492066+pruivo@users.noreply.github.com> Signed-off-by: Alexander Schwartz <alexander.schwartz@ibm.com> Co-authored-by: Pedro Ruivo <1492066+pruivo@users.noreply.github.com> Co-authored-by: Alexander Schwartz <alexander.schwartz@ibm.com>	2025-10-30 12:26:07 +01:00
Marek Posolda	2fc5419676	Avoid using UserCredentialManager from user storage extensions (#43695 ) closes #43694 Signed-off-by: mposolda <mposolda@gmail.com>	2025-10-29 16:26:59 +01:00
Alexander Schwartz	aadffb94fb	Fix typo in LDAP edit mode in the docs Closes #43720 Signed-off-by: Alexander Schwartz <alexander.schwartz@ibm.com>	2025-10-27 08:42:44 -03:00
Pedro Igor	6527b139dc	Do not lower-case username and email if users are not imported from LDAP Closes #43621 Signed-off-by: Pedro Igor <pigor.craveiro@gmail.com>	2025-10-23 13:02:33 +02:00
Pedro Igor	2b785425fa	Allow managing realm admin roles if the the realm-admin role is granted Closes #43579 Closes #43578 Signed-off-by: Pedro Igor <pigor.craveiro@gmail.com> Co-authored-by: Vlasta Ramik <vramik@users.noreply.github.com>	2025-10-23 08:02:05 -03:00
Stian Thorgersen	f6ac64907d	SPIFFE should support OIDC JWK endpoint (#43651 ) Closes #43650 Signed-off-by: stianst <stianst@gmail.com>	2025-10-22 15:19:56 +02:00
Stian Thorgersen	84a161d4dd	Extract related methods from IdentityProvider to UserIdentityProvider (#43535 ) Closes #43534 Signed-off-by: stianst <stianst@gmail.com>	2025-10-21 14:27:07 +00:00
Alexander Schwartz	6080f21c64	Adding this as a breaking change plus deprecation Closes #43022 Signed-off-by: Alexander Schwartz <alexander.schwartz@ibm.com>	2025-10-21 09:58:33 -03:00
Martin Bartoš	419afce847	Fix anchors in the documentation Closes #43084 Signed-off-by: Martin Bartoš <mabartos@redhat.com> Signed-off-by: Alexander Schwartz <alexander.schwartz@ibm.com> Co-authored-by: Václav Muzikář <vaclav@muzikari.cz> Co-authored-by: Alexander Schwartz <alexander.schwartz@ibm.com>	2025-10-21 12:33:32 +00:00
Pedro Igor	c5b560e2d8	Update user profile to allow returning a brief user representation Closes #42225 Signed-off-by: Pedro Igor <pigor.craveiro@gmail.com>	2025-10-21 12:52:31 +02:00
Ronaldo Paulino Jiconda	987ce19b45	Fix OIDC IDP broker basic auth encoding Some checks failed Weblate Sync / Trigger Weblate to pull the latest changes (push) Has been cancelled Details Ensures that the client_id and client_secret are URL-encoded before being Base64-encoded for the Basic Auth header, following RFC 6749. This fixes authentication failures when the client_id contains special characters. Closes #26374 Closes #43022 Signed-off-by: rpjicond <ronaldopaulino32@hotmail.com> Signed-off-by: Alexander Schwartz <alexander.schwartz@ibm.com> Co-authored-by: rpjicond <ronaldopaulino32@hotmail.com> Co-authored-by: Alexander Schwartz <alexander.schwartz@ibm.com> Co-authored-by: cgeorgilakis-grnet <cgeorgilakis@admin.grnet.gr>	2025-10-20 23:48:24 +02:00
Martin Bartoš	37bea126c7	[PERF] Jackson reflection-free serialization/deserialization (#42946 ) * [PERF] Jackson reflection-free serialization/deserialization Closes #42945 Signed-off-by: Martin Bartoš <mabartos@redhat.com> * Update docs/guides/server/configuration-production.adoc Co-authored-by: Alexander Schwartz <alexander.schwartz@gmx.net> Signed-off-by: Martin Bartoš <mabartos@redhat.com> * Docs improvements Signed-off-by: Martin Bartoš <mabartos@redhat.com> * Update docs/guides/server/configuration-production.adoc Co-authored-by: Václav Muzikář <vaclav@muzikari.cz> Signed-off-by: Martin Bartoš <mabartos@redhat.com> * Polish the features template macros Signed-off-by: Martin Bartoš <mabartos@redhat.com> --------- Signed-off-by: Martin Bartoš <mabartos@redhat.com> Co-authored-by: Alexander Schwartz <alexander.schwartz@gmx.net> Co-authored-by: Václav Muzikář <vaclav@muzikari.cz>	2025-10-17 20:24:47 +02:00
Peter Zaoral	2300b3fc78	Handle canonical hostname checks for localhost on Windows (#42799 ) Closes: #42794 Signed-off-by: Peter Zaoral <pepo48@gmail.com>	2025-10-17 13:40:08 +00:00
Steven Hawkins	736d4920d7	fix: noting db support level changes (#43549 ) Some checks failed Weblate Sync / Trigger Weblate to pull the latest changes (push) Has been cancelled Details closes: #43191 Signed-off-by: Steve Hawkins <shawkins@redhat.com>	2025-10-17 14:01:10 +02:00
Alexander Schwartz	7b8626ead5	Make intra-document links work in downstream Closes #43544 Signed-off-by: Alexander Schwartz <alexander.schwartz@ibm.com>	2025-10-17 10:52:58 +02:00
Martin Kanis	3f70da04f6	Final review and update for UPDATE_EMAIL documentation Closes #42991 Signed-off-by: Martin Kanis <mkanis@redhat.com>	2025-10-16 09:57:23 -03:00
Giuseppe Graziano	bda0e2a67c	Invalidate sessions created with remember me when remember me is disabled for realm Closes #43328 Signed-off-by: Giuseppe Graziano <g.graziano94@gmail.com>	2025-10-14 15:00:41 +00:00
Steven Hawkins	f66359ce19	fix: updating service account docs closes: #17268 Signed-off-by: Steve Hawkins <shawkins@redhat.com> Signed-off-by: Steven Hawkins <shawkins@redhat.com> Co-authored-by: Alexander Schwartz <alexander.schwartz@gmx.net>	2025-10-14 11:02:20 +02:00
Alexander Schwartz	934ac48a54	Rework formatting for release notes Closes #43320 Signed-off-by: Alexander Schwartz <alexander.schwartz@ibm.com>	2025-10-10 07:42:53 -03:00
mposolda	c2e49c8c59	'Service accounts roles' should be 'Service account roles' closes #43087 Signed-off-by: mposolda <mposolda@gmail.com>	2025-10-10 11:25:37 +02:00
Alexander Schwartz	94d428d450	Adding attributes for section links so they work in upstream and downstream Closes #43286 Signed-off-by: Alexander Schwartz <alexander.schwartz@ibm.com>	2025-10-08 11:37:13 -03:00

1 2 3 4 5 ...

980 commits