keycloak

mirror of https://github.com/keycloak/keycloak.git synced 2026-05-28 04:13:22 -04:00

Author	SHA1	Message	Date
Akbar Husain	9d3cfe0672	Remove `X-XSS-Protection` header (#36881 ) Closes #21728 Signed-off-by: akbarhusainpatel <apatel@intermiles.com>	2025-02-19 08:42:26 +01:00
Michal Hajas	f54bb16a61	Add Grafana dashboards to release notes Closes #37402 Signed-off-by: Michal Hajas <mhajas@redhat.com>	2025-02-18 14:04:23 +01:00
Jon Koops	3ccc88628f	Fix broken external link in Gitlab IdP docs (#37435 ) Closes #37434 Signed-off-by: Jon Koops <jonkoops@gmail.com>	2025-02-18 11:03:53 +00:00
Václav Muzikář	764ca50fc4	Upgrade to Quarkus 3.18.2 (#37300 ) * Upgrade to Quarkus 3.18.2 Closes #37056 Signed-off-by: Václav Muzikář <vmuzikar@redhat.com> * Update docs/documentation/upgrading/topics/changes/changes-26_2_0.adoc Co-authored-by: Alexander Schwartz <alexander.schwartz@gmx.net> Signed-off-by: Václav Muzikář <vaclav@muzikari.cz> --------- Signed-off-by: Václav Muzikář <vmuzikar@redhat.com> Signed-off-by: Václav Muzikář <vaclav@muzikari.cz> Co-authored-by: Alexander Schwartz <alexander.schwartz@gmx.net>	2025-02-17 16:30:05 +01:00
rmartinc	6850f41060	Force login in reset-credentials to federated users Closes #37207 Signed-off-by: rmartinc <rmartinc@redhat.com>	2025-02-12 13:47:39 -03:00
Alexander Schwartz	822eb4471d	Ensure a sufficient virtual threads pool (#37197 ) Closes #37162 Signed-off-by: Alexander Schwartz <aschwart@redhat.com>	2025-02-10 16:28:24 +01:00
Pedro Igor	bf3dcda87b	Updating messages Signed-off-by: Pedro Igor <pigor.craveiro@gmail.com>	2025-02-07 10:42:45 -03:00
Alexander Schwartz	690b0e4bef	VERIFY_EMAIL as supported Application Initiated Action Closes #25154 Signed-off-by: Alexander Schwartz <aschwart@redhat.com>	2025-02-06 16:49:28 +01:00
Martin Bartoš	98f74026c6	Certificate reloading does not work for the management interface (#37052 ) Fixes #37039 Signed-off-by: Martin Bartoš <mabartos@redhat.com> Co-authored-by: Steven Hawkins <shawkins@redhat.com>	2025-02-05 14:39:21 +01:00
Pedro Igor	602df06191	Allows querying credential from user storage providers Closes #35020 Signed-off-by: Pedro Igor <pigor.craveiro@gmail.com>	2025-02-05 07:56:05 -03:00
Martin Bartoš	20203746fb	Support ECS for logs Closes #36854 Signed-off-by: Martin Bartoš <mabartos@redhat.com>	2025-02-04 17:59:30 +01:00
papastepano	0c46ad299c	Outdated documentation reCAPTCHA Closes #36887 Signed-off-by: Stepan Papazyan <papastepano@gmail.com>	2025-01-29 21:03:45 +00:00
Ricardo Martin	8671f86046	Provide an option to force login after reset credentials (#36856 ) Closes #36844 Signed-off-by: rmartinc <rmartinc@redhat.com> Co-authored-by: Ricardo Martin <rmartinc@redhat.com> Co-authored-by: andymunro <48995441+andymunro@users.noreply.github.com> Co-authored-by: Marek Posolda <mposolda@gmail.com> Signed-off-by: Marek Posolda <mposolda@gmail.com>	2025-01-28 18:35:02 +01:00
Giuseppe Graziano	7896af5827	Remove Node.js adapter documentation (#36573 ) closes #36440 Signed-off-by: Giuseppe Graziano <g.graziano94@gmail.com>	2025-01-28 12:23:17 +01:00
andymunro	1912602a5a	Add Dependency section for creating an SPI Closes #36798 Signed-off-by: AndyMunro <amunro@redhat.com> Signed-off-by: Alexander Schwartz <aschwart@redhat.com> Co-authored-by: Alexander Schwartz <aschwart@redhat.com>	2025-01-27 18:54:03 +01:00
Giuseppe Graziano	bd807ceac3	Select auth flow via acr using client policies (#36441 ) Closes #24297 Co-authored-by: Ben Cresitello-Dittmar <bcresitellodittmar@mitre.org> Signed-off-by: Giuseppe Graziano <g.graziano94@gmail.com>	2025-01-23 19:46:07 +01:00
vramik	b5c95e9f1c	Update `index-creation-threshold` in migrate_db.adoc Closes #36669 Signed-off-by: vramik <vramik@redhat.com>	2025-01-23 15:45:13 +01:00
rmartinc	6cf92d9dc7	Add crl cache to certificate validation Closes #26473 Signed-off-by: rmartinc <rmartinc@redhat.com>	2025-01-22 14:58:35 +01:00
rmartinc	f89be1813d	Check next update time for CRL in certificate validation Closes #35983 Signed-off-by: rmartinc <rmartinc@redhat.com>	2025-01-22 14:58:35 +01:00
rmartinc	17d2dd58ca	Add some common headers for the links check in docs Closes #36675 Signed-off-by: rmartinc <rmartinc@redhat.com>	2025-01-22 12:21:29 +01:00
Stian Thorgersen	fc2b9018f1	Extend REST API for login and admin events to support sync scenarios (#36601 ) Closes #36600 Signed-off-by: stianst <stianst@gmail.com>	2025-01-20 14:32:55 +01:00
Pedro Igor	aca84824c0	Allow enforce that users are members of organizations when authenticating Closes #34275 Signed-off-by: Pedro Igor <pigor.craveiro@gmail.com>	2025-01-17 19:48:55 +01:00
Martin Bartoš	af3f6281b8	ExternalLinksTest is broken after Keycloak 26.1.0 release Fixes #36486 Signed-off-by: Martin Bartoš <mabartos@redhat.com>	2025-01-15 13:12:55 +01:00
Martin Bartoš	ed1b3e77b5	Wrong link for tracing in 26.1.0 release notes Fixes #36483 Signed-off-by: Martin Bartoš <mabartos@redhat.com>	2025-01-15 12:43:35 +01:00
Stian Thorgersen	c1c147cb17	Restrict access to environment variables when at the server runtime (#36472 ) Signed-off-by: Pedro Igor <pigor.craveiro@gmail.com> Co-authored-by: Pedro Igor <pigor.craveiro@gmail.com>	2025-01-15 09:36:19 +01:00
Alexander Schwartz	05e612bfb6	Moving the docs for password metrics to a new guide Closes #36442 Signed-off-by: Alexander Schwartz <aschwart@redhat.com> Signed-off-by: Alexander Schwartz <alexander.schwartz@gmx.net> Co-authored-by: Michal Hajas <mhajas@redhat.com>	2025-01-14 16:17:04 +00:00
Stian Thorgersen	bc2665fc2a	Re-order items in release notes for 26.1 (#36346 ) * Re-order items in release notes for 26.1 Signed-off-by: stianst <stianst@gmail.com> * Review (#161) Signed-off-by: Alexander Schwartz <aschwart@redhat.com> --------- Signed-off-by: stianst <stianst@gmail.com> Signed-off-by: Alexander Schwartz <aschwart@redhat.com> Co-authored-by: Alexander Schwartz <alexander.schwartz@gmx.net>	2025-01-14 09:21:04 +00:00
Selvi	db5a8466ad	Remove duplicate "the" in documentation (#36329 ) Signed-off-by: Selvi <SelviA@users.noreply.github.com>	2025-01-09 16:12:30 +01:00
Stian Thorgersen	f14dde7358	Add 26.1.0 release to release notes (#36328 ) Signed-off-by: stianst <stianst@gmail.com>	2025-01-09 14:51:54 +01:00
Michal Hajas	3839f8e3b5	Add metric for password validations (#36049 ) Closes #36048 Signed-off-by: Michal Hajas <mhajas@redhat.com> Signed-off-by: Alexander Schwartz <aschwart@redhat.com> Co-authored-by: Alexander Schwartz <aschwart@redhat.com>	2025-01-07 10:05:47 +01:00
Martin Bartoš	3e8f8277d4	Remove ignored links from the documentation tests after KC 26 release Closes #32071 Signed-off-by: Martin Bartoš <mabartos@redhat.com>	2025-01-06 22:37:01 +01:00
Michael Warnecke	3f7c26bc95	Remove unnecessary word from docs Fixes #36055 Signed-off-by: Michael Warnecke <13361@nordakademie.de>	2025-01-02 20:49:47 +01:00
Marek Posolda	4ab34f4816	Updating release notes with core-clients contributions and features (#36066 ) closes #35953 Signed-off-by: mposolda <mposolda@gmail.com> Co-authored-by: andymunro <48995441+andymunro@users.noreply.github.com> Signed-off-by: Marek Posolda <mposolda@gmail.com>	2024-12-20 10:15:55 +01:00
Marek Posolda	a3fd076960	Adding ConditionalClientScopeAuthenticator (#36020 ) closes #36081 Signed-off-by: mposolda <mposolda@gmail.com> Co-authored-by: andymunro <48995441+andymunro@users.noreply.github.com> Signed-off-by: Marek Posolda <mposolda@gmail.com>	2024-12-20 09:53:51 +01:00
Jan Verhaeghe	56246096e0	Align on one realm-name placeholder Closes #36047 Signed-off-by: Jan Verhaeghe <jan@hwfaq.be>	2024-12-19 13:48:18 +00:00
Pedro Ruivo	3767642f93	[Operator] Network Policy Rules Closes #35598 Signed-off-by: Pedro Ruivo <pruivo@redhat.com>	2024-12-19 10:06:25 +01:00
Thomas Darimont	3cdbbc5b15	Add support for Initiating User Registration via prompt=create (#10701 ) (#35903 ) Fixes #10701 Signed-off-by: Thomas Darimont <thomas.darimont@googlemail.com>	2024-12-16 19:54:52 +01:00
Steven Hawkins	cb1d28d043	fix: deprecating the default db value in production mode (#35674 ) closes: #23805 Fix typo in docs, some improvements adding a negative assertion Update docs/documentation/upgrading/topics/changes/changes-26_1_0.adoc Signed-off-by: Steven Hawkins <shawkins@redhat.com> Co-authored-by: Václav Muzikář <vaclav@muzikari.cz>	2024-12-13 11:59:55 +01:00
Marek Posolda	0265cb6254	Update upgrading notes with the changes related to core clients (#35860 ) closes #35859 Signed-off-by: mposolda <mposolda@gmail.com> Co-authored-by: andymunro <48995441+andymunro@users.noreply.github.com> Signed-off-by: Marek Posolda <mposolda@gmail.com>	2024-12-13 10:12:37 +01:00
Marek Posolda	47753b9624	Release note about node.js adapter and javascript adapter released in… (#35857 ) closes #35856 Signed-off-by: mposolda <mposolda@gmail.com> Co-authored-by: Jon Koops <jonkoops@gmail.com> Signed-off-by: Marek Posolda <mposolda@gmail.com> --------- Signed-off-by: mposolda <mposolda@gmail.com> Signed-off-by: Marek Posolda <mposolda@gmail.com> Co-authored-by: Jon Koops <jonkoops@gmail.com>	2024-12-13 09:38:55 +01:00
Martin Bartoš	41356dff24	Add Keycloak CR support for Tracing options (#35703 ) Closes #32092 Signed-off-by: Martin Bartoš <mabartos@redhat.com>	2024-12-12 12:59:27 +01:00
Ricardo Martin	bbca6116b0	Implement a conditional authenticator to check if a sub-flow was executed or not previously in the process (#35668 ) Closes #35231 Signed-off-by: rmartinc <rmartinc@redhat.com> Co-authored-by: Marek Posolda <mposolda@gmail.com> Co-authored-by: andymunro <48995441+andymunro@users.noreply.github.com>	2024-12-12 11:16:30 +01:00
Martin Bartoš	8f2c825835	Enable opentelemetry feature by default (#35756 ) Closes #35753 Signed-off-by: Martin Bartoš <mabartos@redhat.com>	2024-12-11 16:53:14 +00:00
Václav Muzikář	9993e17346	Ability to specify log category levels through separate options (#35138 ) Closes #34957 Co-authored-by: Steve Hawkins <shawkins@redhat.com> Signed-off-by: Václav Muzikář <vmuzikar@redhat.com>	2024-12-11 17:27:44 +01:00
rmartinc	769bd6c9d0	Improve the note about group synchronization in sssd Closes #35643 Signed-off-by: rmartinc <rmartinc@redhat.com>	2024-12-11 07:40:04 -03:00
Niko Köbler	2639f3ee43	set default ldap connection pooling to plain and ssl (#35763 ) * set default ldap connection pooling to plain and ssl closes #35758	2024-12-10 12:05:14 -03:00
Alexander Schwartz	7c4a5aed77	Restructuring the migration guide (#35724 ) Closes #35487 Signed-off-by: Alexander Schwartz <aschwart@redhat.com>	2024-12-10 12:07:32 +01:00
Stian Thorgersen	5bc4ab1429	Delete OpenShift 3.x identity provider (#34331 ) Closes #34330 Signed-off-by: stianst <stianst@gmail.com>	2024-12-06 11:24:47 +01:00
Marek Posolda	d0cab170a3	Update release notes for Keycloak 26.1.0 with new community additions (#35590 ) closes #35588 Signed-off-by: mposolda <mposolda@gmail.com> Co-authored-by: andymunro <48995441+andymunro@users.noreply.github.com> Signed-off-by: Marek Posolda <mposolda@gmail.com>	2024-12-04 18:51:15 +01:00
Alexander Schwartz	13e3439246	Upgrading guide 26.0.6 is missing in the upgrading guide (#35545 ) Closes #35544 Signed-off-by: Alexander Schwartz <aschwart@redhat.com>	2024-12-03 11:58:32 +01:00
Alexander Schwartz	b98cd12b58	Changing mis-formatted definition list of hashing algorithms to a table Closes #35416 Signed-off-by: Alexander Schwartz <aschwart@redhat.com>	2024-12-02 15:05:05 -03:00
Pedro Igor	e9e19c2683	Allow asking for additional scopes when querying the account console root URL Closes #35243 Signed-off-by: Pedro Igor <pigor.craveiro@gmail.com> Signed-off-by: Alexander Schwartz <aschwart@redhat.com> Co-authored-by: Alexander Schwartz <aschwart@redhat.com>	2024-12-02 12:54:00 +00:00
Stefan Guilhen	9861acc2aa	UserSessionProvider.removeUserSessions now removes all user sessions (both regular and offline) Closes #31359 Signed-off-by: Stefan Guilhen <sguilhen@redhat.com>	2024-11-29 12:35:15 -03:00
Giuseppe Graziano	a659c8d1cb	Sign AUTH_SESSION_ID cookie (#35297 ) closes #34027 Signed-off-by: Giuseppe Graziano <g.graziano94@gmail.com>	2024-11-28 17:28:52 +01:00
Sebastian Rose	015f06b5b8	Adjust documentation according to new home in keycloak/docs/documentation - refer mvnw instead of mvn - contributing.adoc reflects GitHub-Issues and new git-structure Closes #35373 Signed-off-by: Sebastian Rose <sebastian.rose@gmail.com>	2024-11-28 14:28:11 +01:00
Pedro Igor	45f9bcd673	Resolve scopes from bearer tokens when processing requests to the Account API Closes #35357 Signed-off-by: Pedro Igor <pigor.craveiro@gmail.com>	2024-11-27 14:17:53 -03:00
Martin Kanis	20770d8aaa	Fix upgrading guide about deprecation of getAll() methods in the organization APIs Closes #34975 Signed-off-by: Martin Kanis <mkanis@redhat.com>	2024-11-25 10:10:02 +01:00
rmartinc	b0b247f1f1	Passivate imported keys if the associate certificate is expired Closes #34973 Signed-off-by: rmartinc <rmartinc@redhat.com>	2024-11-25 09:40:59 +01:00
Cornelius Roemer	29abfd3e89	Fix typos in .md and .adoc files using codespell interactive mode Closes #35256 This PR fixes a bunch of typos in docs files. I ran codespell on `.adoc` and `.md` files in the repo in interactive mode carefully checking each identified typo and proposed fix for false positives. The most widely read file with typos identified is likely the changelog/migration guide. Signed-off-by: Cornelius Roemer <cornelius.roemer@gmail.com>	2024-11-25 08:21:26 +01:00
Cornelius Roemer	e11db03d76	fix(doc): v24 changelog grammar typo "longer" -> "no longer" () Closes #35163 The missing "no" makes this really confusing to read Signed-off-by: Cornelius Roemer <cornelius.roemer@gmail.com>	2024-11-22 11:56:48 +01:00
Cornelius Roemer	610c08a0f3	Fix typo `www.recatcha.net` -> `www.recaptcha.net` in docs (#35210 ) closes #35210 Signed-off-by: Cornelius Roemer <cornelius.roemer@gmail.com>	2024-11-22 10:39:52 +01:00
AndyMunro	e2d221c4bd	Address QE comments on Server Admin Guide Closes #34916 Signed-off-by: AndyMunro <amunro@redhat.com>	2024-11-22 10:20:18 +01:00
Václav Muzikář	d60cb9aaef	fix: prevent inclusion of characters that could lead to FileVault path traversal (#35223 ) Closes: #35215 Signed-off-by: Peter Zaoral <pzaoral@redhat.com> Co-authored-by: Peter Zaoral <pepo48@gmail.com>	2024-11-22 10:18:00 +01:00
Václav Muzikář	cf622e8d51	Update docs with security warning around client certificate lookup (#35222 ) Closes #35217 Signed-off-by: Václav Muzikář <vmuzikar@redhat.com>	2024-11-22 10:12:21 +01:00
Martin Kanis	05116f7951	getAll() organization and organization members only returns the first 10 items Closes #34975 Signed-off-by: Martin Kanis <mkanis@redhat.com>	2024-11-21 17:29:37 -03:00
Marek Posolda	a56378e989	Remove upgrading client libraries from the server documentation (#35101 ) closes #34949 Signed-off-by: mposolda <mposolda@gmail.com> Co-authored-by: andymunro <48995441+andymunro@users.noreply.github.com> Signed-off-by: Marek Posolda <mposolda@gmail.com>	2024-11-20 16:14:42 +01:00
Ricardo Martin	ca1c10f7ba	Use short UUID for ldap components (#34815 ) Closes #32143 Signed-off-by: rmartinc <rmartinc@redhat.com>	2024-11-15 15:15:04 +01:00
michielpeeters	cec081961b	Update upgrade guide docs 25.0.0 cache options Closes #34987 Signed-off-by: michielpeeters <michielpeeters@users.noreply.github.com> Signed-off-by: Alexander Schwartz <aschwart@redhat.com> Co-authored-by: Alexander Schwartz <aschwart@redhat.com>	2024-11-15 14:27:57 +01:00
AndyMunro	da9774b281	Update Leveraging Jakarta EE Closes #34873 Signed-off-by: AndyMunro <amunro@redhat.com>	2024-11-13 10:14:06 +01:00
AndyMunro	85765f94f2	Apply QE authorization services guide comments Closes #34882 Signed-off-by: AndyMunro <amunro@redhat.com>	2024-11-13 10:06:06 +01:00
Marek Posolda	92d9ac6621	Update KEYCLOAK_SESSION cookie to not have sessionId in plaintext (#34551 ) closes #34026 Signed-off-by: mposolda <mposolda@gmail.com>	2024-11-11 18:47:18 +01:00
Pedro Ruivo	d7e5319f70	Document network ports for Keycloak clustering Also switch the default to jdbc-ping as this should be a drop-in replacement looking at the networking behavior of udp. Closes #34658 Signed-off-by: Pedro Ruivo <pruivo@redhat.com> Signed-off-by: Alexander Schwartz <aschwart@redhat.com> Co-authored-by: Alexander Schwartz <aschwart@redhat.com>	2024-11-11 13:28:15 +01:00
Pedro Igor	0a05ba49d1	Adding a details map to admin events to store additional contextual data when the event is fired Signed-off-by: Pedro Igor <pigor.craveiro@gmail.com>	2024-11-07 17:19:43 -03:00
Pedro Ruivo	33cae33ae4	Remove JGroups thread pool docs from HA Guide Clustering is disabled with multi-site deployment and there is no JGroups thread pool to configure. Closes #34715 Signed-off-by: Pedro Ruivo <pruivo@redhat.com> Signed-off-by: Alexander Schwartz <aschwart@redhat.com> Co-authored-by: Alexander Schwartz <aschwart@redhat.com>	2024-11-07 09:00:48 +00:00
Ricardo Martin	226daa41c7	Add service account mappers via client scope instead of dedicated scope (#34664 ) Closes #10417 Signed-off-by: rmartinc <rmartinc@redhat.com> Co-authored-by: andymunro <48995441+andymunro@users.noreply.github.com> Signed-off-by: Ricardo Martin <rmartinc@redhat.com>	2024-11-07 08:45:11 +01:00
Ricardo Martin	ce454bda47	Remove online session when offline access is requested as the first request (#34346 ) Closes #34001 Signed-off-by: rmartinc <rmartinc@redhat.com> Co-authored-by: andymunro <48995441+andymunro@users.noreply.github.com> Signed-off-by: Marek Posolda <mposolda@gmail.com> --------- Signed-off-by: rmartinc <rmartinc@redhat.com> Signed-off-by: Marek Posolda <mposolda@gmail.com> Co-authored-by: Marek Posolda <mposolda@gmail.com> Co-authored-by: andymunro <48995441+andymunro@users.noreply.github.com>	2024-11-06 08:33:12 +01:00
Gilvan Filho	910caf5ff8	Update brute force docs Fixes #27378 Signed-off-by: Gilvan Filho <gilvan.sfilho@gmail.com> Signed-off-by: Alexander Schwartz <alexander.schwartz@gmx.net> Co-authored-by: Alexander Schwartz <alexander.schwartz@gmx.net> Co-authored-by: andymunro <48995441+andymunro@users.noreply.github.com>	2024-11-04 09:41:26 +00:00
Ryan Emerson	a79b67cac8	Deprecate other transport stacks (ec2, azure, google) Closes #34253 Signed-off-by: Ryan Emerson <remerson@redhat.com>	2024-10-31 11:47:13 +01:00
Erik Jan de Wit	19ef0a608b	Add switch to toggle dark mode (#33822 ) Closes #33821 Signed-off-by: Erik Jan de Wit <erikjan.dewit@gmail.com> Signed-off-by: Jon Koops <jonkoops@gmail.com> Co-authored-by: Jon Koops <jonkoops@gmail.com>	2024-10-31 10:19:03 +00:00
Pedro Igor	4ad462fbd3	Do not rely on the pwdLastSet attribute when updating AD entries Closes #34467 Signed-off-by: Pedro Igor <pigor.craveiro@gmail.com>	2024-10-30 17:43:07 +01:00
AndyMunro	4984900bae	Make organizations chapter available in downstream Closes #34382 Signed-off-by: AndyMunro <amunro@redhat.com>	2024-10-28 10:28:24 +01:00
Andy	f994cc54d5	Remove robots.txt entirely * remove robots.txt entirely, as blocking page- crawling prevents the `X-Robots-Tag` headers (and similar meta tags) from working as intended. Closes #17433 Signed-off-by: Andy <andy@slice.is> Signed-off-by: Alexander Schwartz <aschwart@redhat.com> Co-authored-by: Alexander Schwartz <aschwart@redhat.com>	2024-10-25 12:09:50 +00:00
Dave Meyer	883b0a3378	doc: Replaced dead link (#34239 ) Replaced dead link to quickstart template with a (similar) template. Signed-off-by: Dave Meyer <7davidmeyer@gmail.com>	2024-10-24 15:28:42 +02:00
Ryan Emerson	902abfdae4	JDBC_PING as default discovery protocol Closes #29399 - Add ProviderFactory#dependsOn to allow dependencies between ProviderFactories to be explicitly defined - Disable Infinispan default shutdownhook disabled to ensure lifecycle is managed exclusively by Keycloak - Remove Infinispan shutdown hook in KeycloakRecorder and manage EmbeddedCacheManager lifecycle only in DefaultInfinispanConnectionProviderFactory#close Signed-off-by: Ryan Emerson <remerson@redhat.com> Signed-off-by: Alexander Schwartz <aschwart@redhat.com> Co-authored-by: Alexander Schwartz <aschwart@redhat.com>	2024-10-22 20:19:19 +00:00
Gilvan Filho	e6cd1a05c1	Update docs/documentation/server_admin/topics/threat/brute-force.adoc Co-authored-by: andymunro <48995441+andymunro@users.noreply.github.com> Signed-off-by: Gilvan Filho <gilvan.sfilho@gmail.com>	2024-10-22 10:33:22 -03:00
Gilvan Filho	c4005d29f0	add linear strategy to brute force closes #25917 Signed-off-by: Gilvan Filho <gilvan.sfilho@gmail.com>	2024-10-22 10:33:22 -03:00
Pedro Ruivo	fffa9aa72e	Enable virtual threads in Infinispan and JGroups by default Closes #33939 Signed-off-by: Pedro Ruivo <pruivo@redhat.com> Signed-off-by: Alexander Schwartz <aschwart@redhat.com> Co-authored-by: Alexander Schwartz <aschwart@redhat.com>	2024-10-21 16:02:28 +00:00
Simon Levermann	dcf1d83199	Enable enforcement of a minimum ACR at the client level (#16884 ) (#33205 ) closes #16884 Signed-off-by: Simon Levermann <github@simon.slevermann.de>	2024-10-21 13:54:02 +02:00
mposolda	dbcb3151a9	Align admin console for client for backchannel and frontchannel logout closes #10138 Signed-off-by: mposolda <mposolda@gmail.com> Co-authored-by: Erik Jan de Wit <edewit@redhat.com> Signed-off-by: Marek Posolda <mposolda@gmail.com>	2024-10-21 11:32:03 +02:00
Jon Koops	7657e71be1	Automatically retrieve configuration for authorization Closes #14562 Signed-off-by: Jon Koops <jonkoops@gmail.com>	2024-10-18 14:03:36 +02:00
Jake	946798aa01	Small grammatical error in documentation Closes #34009 Signed-off-by: Jake <156826184+jlanning-gl@users.noreply.github.com>	2024-10-16 18:49:49 +02:00
Marek Posolda	94b5f05c64	Re-add links to policy-enforcer to the authorization services documen… (#33905 ) closes #32644 Signed-off-by: mposolda <mposolda@gmail.com> Co-authored-by: andymunro <48995441+andymunro@users.noreply.github.com> Signed-off-by: Marek Posolda <mposolda@gmail.com>	2024-10-15 08:34:56 +02:00
Stefan Guilhen	a832381a37	Add section to clarify the impact of having imported LDAP users when performing searches Closes #16451 Signed-off-by: Stefan Guilhen <sguilhen@redhat.com>	2024-10-11 11:01:14 -03:00
kennhhhhh	dbfd059b21	fix: available SPIs should be found in Provider info (#33805 ) Signed-off-by: kennhhhhh <164991693+kennhhhhh@users.noreply.github.com>	2024-10-11 06:47:24 +00:00
Pedro Ruivo	464fc90519	Fail to start if work cache is not replicated Keycloak will now fail to start if the work cache is replicated. Listeners require the data to be local. Closes #33702 Signed-off-by: Pedro Ruivo <pruivo@redhat.com> Signed-off-by: Alexander Schwartz <aschwart@redhat.com> Co-authored-by: Alexander Schwartz <aschwart@redhat.com>	2024-10-09 19:40:24 +00:00
Pedro Ruivo	0e3554934e	Read cache-ispn.xml from conf/ by default Fixed #31492 Signed-off-by: Pedro Ruivo <pruivo@redhat.com> Signed-off-by: Alexander Schwartz <aschwart@redhat.com> Co-authored-by: Alexander Schwartz <aschwart@redhat.com>	2024-10-09 16:40:17 +00:00
Jon Koops	05e8b932c3	Add dark mode support to welcome theme and unify approach (#32495 ) Closes #26178 Signed-off-by: Jon Koops <jonkoops@gmail.com> Signed-off-by: Erik Jan de Wit <erikjan.dewit@gmail.com> Co-authored-by: Erik Jan de Wit <erikjan.dewit@gmail.com>	2024-10-04 08:27:37 -04:00
Alexander Schwartz	d8c8c6a0be	Fixing broken links after KC26 docs changes (#33577 ) Closes #33576 Signed-off-by: Alexander Schwartz <aschwart@redhat.com>	2024-10-04 13:59:47 +02:00
Stian Thorgersen	64e096d89c	Update 26_0_0.adoc Signed-off-by: Stian Thorgersen <stianst@gmail.com>	2024-10-04 10:54:19 +02:00
Stian Thorgersen	81f1974f7a	Re-order items in release notes for 26 (#33551 ) Signed-off-by: stianst <stianst@gmail.com>	2024-10-04 06:47:08 +02:00
Jon Koops	b475f936d5	Use `crypto.randomUUID()` to generate UUIDs for Keycloak JS (#33518 ) Closes #33515 Signed-off-by: Jon Koops <jonkoops@gmail.com>	2024-10-03 12:07:57 -03:00
Stian Thorgersen	2be2b2ffe5	Upgrade guide updates for renaming account, admin, and login features (#33521 ) * Upgrade guide updates for renaming account, admin, and login features Signed-off-by: stianst <stianst@gmail.com> * Update docs/documentation/upgrading/topics/changes/changes-26_0_0.adoc Signed-off-by: Stian Thorgersen <stian@redhat.com> --------- Signed-off-by: stianst <stianst@gmail.com> Signed-off-by: Stian Thorgersen <stian@redhat.com>	2024-10-03 15:05:48 +02:00
vramik	b7eaa9b0cb	Wildcard search not working for custom user attributes Closes #32451 Signed-off-by: vramik <vramik@redhat.com>	2024-10-03 08:48:36 -03:00
Maksim Zvankovich	35eba8be8c	Add option to include the organization id in the organization claims Closes #32746 Signed-off-by: Maksim Zvankovich <m.zvankovich@nexovagroup.eu> Co-authored-by: Stefan Guilhen <sguilhen@redhat.com>	2024-10-03 08:11:36 -03:00
Jon Koops	aacdf80664	Add shim for Web Crypto API to admin and account console (#33480 ) Closes #33330 Signed-off-by: Jon Koops <jonkoops@gmail.com>	2024-10-03 10:51:23 +00:00
mposolda	41c72d46d2	Document users hashed passwords with argon2 does not work in FIPS environment closes #33296 Signed-off-by: mposolda <mposolda@gmail.com> Co-authored-by: Steven Hawkins <shawkins@redhat.com> Co-authored-by: andymunro <48995441+andymunro@users.noreply.github.com> Signed-off-by: Marek Posolda <mposolda@gmail.com>	2024-10-03 08:47:45 +02:00
Pedro Aguiar	f60be4bf8e	update: fix typo "a email" (#33482 ) - "a email" becomes "an email". Signed-off-by: Pedro Aguiar <contact@codespearhead.com>	2024-10-02 19:34:33 +02:00
Alexander Schwartz	cb12f03003	Rework AWS Lambda doc to show it is required (#33462 ) Closes #33461 Signed-off-by: Alexander Schwartz <aschwart@redhat.com>	2024-10-02 12:42:11 +02:00
vramik	c1653448f3	[Organizations] Allow orgs to define the redirect URL after user registers or accepts invitation link Closes #33201 Signed-off-by: vramik <vramik@redhat.com>	2024-10-02 07:37:48 -03:00
Jon Koops	21704a70c1	Update documentation and release notes for Keycloak JS (#33409 ) Closes #32843 Signed-off-by: Jon Koops <jonkoops@gmail.com>	2024-10-01 10:29:23 +02:00
vramik	412f1f85a9	Update Organization documentation Closes #33410 Signed-off-by: vramik <vramik@redhat.com>	2024-10-01 09:29:49 +02:00
Peter Zaoral	d5d6390b1c	Make Keycloak fail with an error when the persisted build options differs from those provided (#33241 ) * PropertyException is now thrown instead of a warning * Operator guides clarification around health and metrics options Closes: #32717 Signed-off-by: Peter Zaoral <pzaoral@redhat.com>	2024-09-30 19:28:23 +02:00
Stan Silvert	b4a200d333	Fixes release notes section on new login theme, keycloak.v2 (#33359 ) * Fixes #33351 Signed-off-by: Stan Silvert <ssilvert@redhat.com> * Fixes #33351 Signed-off-by: Stan Silvert <ssilvert@redhat.com> * Ignore saml.xml.org because of expired cert. Signed-off-by: Stan Silvert <ssilvert@redhat.com> --------- Signed-off-by: Stan Silvert <ssilvert@redhat.com>	2024-09-30 15:38:29 +02:00
Steven Hawkins	5d99d91818	fix: allows for the detection of a master realm with --import-realms (#32914 ) also moving initial bootstrapping after import closes: #32689 Signed-off-by: Steven Hawkins <shawkins@redhat.com> Co-authored-by: Martin Bartoš <mabartos@redhat.com>	2024-09-30 14:40:16 +02:00
Steven Hawkins	53102521d2	fix: correcting the recovery upgrade note (#33356 ) closes: #33307 Signed-off-by: Steve Hawkins <shawkins@redhat.com>	2024-09-30 08:22:29 -04:00
Steven Hawkins	cf2ecf87f6	fix: add the proxy-protocol option (#33276 ) * fix: add the proxy-protocol-enabled option closes: #10492 Signed-off-by: Steve Hawkins <shawkins@redhat.com> * Update docs/guides/server/reverseproxy.adoc Co-authored-by: Martin Bartoš <mabartos@redhat.com> Signed-off-by: Steven Hawkins <shawkins@redhat.com> --------- Signed-off-by: Steve Hawkins <shawkins@redhat.com> Signed-off-by: Steven Hawkins <shawkins@redhat.com> Co-authored-by: Martin Bartoš <mabartos@redhat.com>	2024-09-27 23:44:59 +02:00
Václav Muzikář	fc76bad1fd	Undeprecate `https-trust-store-*` options and enhance mTLS docs Closes #33172 Signed-off-by: Václav Muzikář <vmuzikar@redhat.com>	2024-09-27 18:07:57 +02:00
Stefan Guilhen	b717810061	Update organizations documentation in the server admin guide Closes #33199 Signed-off-by: Stefan Guilhen <sguilhen@redhat.com> Co-authored-by: andymunro <48995441+andymunro@users.noreply.github.com>	2024-09-27 16:27:54 +02:00
Stefan Guilhen	e2810b788e	Fix duplicated screenshot in Authorization Services Guide Closes #23028 Signed-off-by: Stefan Guilhen <sguilhen@redhat.com>	2024-09-27 09:05:06 +02:00
Stefan Guilhen	d87f67b4e6	Fix duplicated screenshots in the Fine grain admin permissions section of the Server Admin Guide Closes #31083 Signed-off-by: Stefan Guilhen <sguilhen@redhat.com> Co-authored-by: andymunro <48995441+andymunro@users.noreply.github.com>	2024-09-27 09:04:01 +02:00
Marek Posolda	061e74267f	Release notes update with the core-clients contributions (#33279 ) closes #32990 Signed-off-by: mposolda <mposolda@gmail.com> Co-authored-by: andymunro <48995441+andymunro@users.noreply.github.com> Signed-off-by: Marek Posolda <mposolda@gmail.com>	2024-09-26 06:53:33 +02:00
mposolda	8f038f19dd	Upgrade BCFIPS to 2.0 closes #30415 Signed-off-by: mposolda <mposolda@gmail.com>	2024-09-26 06:52:21 +02:00
Jon Koops	021a2af2fd	Compute SHA-256 digest for PKCE using the Web Crypto API (#33251 ) Closes #33250 Signed-off-by: Jon Koops <jonkoops@gmail.com>	2024-09-25 16:19:16 +02:00
Ryan Emerson	adb8d989f5	Allow Embedded Cache sizes to be configured via the CLI Closes #31514 Signed-off-by: Ryan Emerson <remerson@redhat.com>	2024-09-24 14:35:24 +02:00
mposolda	a79d95d1bc	Documentation note about Java 8 support for client libraries closes #33186 Signed-off-by: mposolda <mposolda@gmail.com>	2024-09-23 11:54:39 +02:00
Martin Bartoš	84564f080a	Redirect to relative-path from the root path (#32868 ) Closes #32863 Signed-off-by: Martin Bartoš <mabartos@redhat.com>	2024-09-18 16:37:28 +02:00
mposolda	f1ec0a9bb6	Release notes and upgrading guide for the client libraries closes #30815 Signed-off-by: mposolda <mposolda@gmail.com> Co-authored-by: andymunro <48995441+andymunro@users.noreply.github.com> Signed-off-by: Marek Posolda <mposolda@gmail.com>	2024-09-18 14:52:11 +02:00
Vlasta Ramik	4ce40be1af	Make the ORGANIZATION a default feature (#32404 ) Closes #32395 Signed-off-by: vramik <vramik@redhat.com>	2024-09-18 12:19:28 +02:00
Jon Koops	8bb3598129	Remove deprecated `setOrCreateChild()` method from Admin Client (#33022 ) Closes #33021 Signed-off-by: Jon Koops <jonkoops@gmail.com>	2024-09-18 09:33:54 +02:00
Jon Koops	cf90247441	Ignore documentation links with broken certificate (#33026 ) Closes #33023 Signed-off-by: Jon Koops <jonkoops@gmail.com>	2024-09-17 13:17:32 +02:00
Václav Muzikář	83c00731c3	Upgrade to Quarkus 3.14.2 (#32519 ) Closes #32517 Signed-off-by: Václav Muzikář <vmuzikar@redhat.com>	2024-09-13 20:18:48 +02:00
Martin Bartoš	45ef84a397	Possibility to separately specify log levels for log handlers - basic (#32779 ) * Possibility to separately specify log levels for log handlers Closes #32619 Signed-off-by: Martin Bartoš <mabartos@redhat.com> Co-authored-by: Václav Muzikář <vaclav@muzikari.cz> * Edit properties description Signed-off-by: Martin Bartoš <mabartos@redhat.com> --------- Signed-off-by: Martin Bartoš <mabartos@redhat.com> Co-authored-by: Václav Muzikář <vaclav@muzikari.cz>	2024-09-13 12:05:03 +02:00
Steven Hawkins	f0bf290c28	fix: add a reload period property (#32715 ) closes: #23771 Signed-off-by: Steve Hawkins <shawkins@redhat.com>	2024-09-13 09:47:21 +02:00
Jon Koops	188893222f	Remove references of statically served Keycloak JS from documentation Closes #32821 Signed-off-by: Jon Koops <jonkoops@gmail.com>	2024-09-12 09:38:00 +02:00
Pedro Ruivo	24fce87a8e	Deprecate old remote store (feedback) Closes #32577 Signed-off-by: Pedro Ruivo <pruivo@redhat.com> Signed-off-by: Alexander Schwartz <aschwart@redhat.com> Co-authored-by: Alexander Schwartz <aschwart@redhat.com>	2024-09-11 14:08:53 +00:00
Alexander Schwartz	b88ecc0237	Removing the extra two-minute Window for persistent user sessions (#32660 ) Closes #28418 Signed-off-by: Alexander Schwartz <aschwart@redhat.com> Signed-off-by: Michal Hajas <mhajas@redhat.com> Co-authored-by: Michal Hajas <mhajas@redhat.com>	2024-09-09 09:28:48 +02:00
Giuseppe Graziano	a14548a7a2	Lightweight access tokens for Admin REST API (#32347 ) * Lightweight access tokens for Admin REST API Closes #31513 Signed-off-by: Giuseppe Graziano <g.graziano94@gmail.com>	2024-09-04 18:04:23 +02:00
Pedro Ruivo	3274591fe1	Deprecate old remote store Closes #32577 Signed-off-by: Pedro Ruivo <pruivo@redhat.com> Signed-off-by: Alexander Schwartz <aschwart@redhat.com> Co-authored-by: Alexander Schwartz <aschwart@redhat.com>	2024-09-04 10:25:51 +00:00
rmartinc	cce9ae94c7	Move documentation to keycloak-client Closes #31870 Signed-off-by: rmartinc <rmartinc@redhat.com>	2024-09-04 10:55:46 +02:00
Theresa Henze	a1c23fef8c	introduce event types to update/remove credentials Closes #10114 Signed-off-by: Theresa Henze <theresa.henze@bare.id>	2024-09-03 18:27:27 +02:00
Thomas Darimont	88a5c96fff	Add `kc_action` to redirect URI after a required action is cancelled (#31925 ) Closes #31894 Signed-off-by: Thomas Darimont <thomas.darimont@googlemail.com>	2024-09-03 14:26:23 +00:00
Jon Koops	2d17024b14	Remove `redirect_uri` support from OIDC logout endpoint Closes #10983 Signed-off-by: Jon Koops <jonkoops@gmail.com> Signed-off-by: Alexander Schwartz <alexander.schwartz@gmx.net> Co-authored-by: Alexander Schwartz <alexander.schwartz@gmx.net>	2024-08-30 12:52:49 +00:00
Michal Hajas	af53af1506	Document persistent sessions are enabled by default Closes #32387 Signed-off-by: Michal Hajas <mhajas@redhat.com> Signed-off-by: Alexander Schwartz <aschwart@redhat.com> Co-authored-by: Pedro Ruivo <pruivo@users.noreply.github.com> Co-authored-by: Alexander Schwartz <aschwart@redhat.com>	2024-08-30 09:20:58 +00:00
Steve Hawkins	c9779cfa24	fix: adding a first-class option for trusted proxies closes: #32135 Signed-off-by: Steve Hawkins <shawkins@redhat.com>	2024-08-29 14:00:27 +02:00
Václav Muzikář	7d3dcae96e	Additional datasources now require XA (#32403 ) * Additional datasources now require XA Closes #32402 Signed-off-by: Václav Muzikář <vmuzikar@redhat.com> * Apply suggestions from code review Co-authored-by: Steven Hawkins <shawkins@redhat.com> Signed-off-by: Václav Muzikář <vaclav@muzikari.cz> * Relax validation Signed-off-by: Václav Muzikář <vmuzikar@redhat.com> * Added a note on recovery Signed-off-by: Václav Muzikář <vmuzikar@redhat.com> * Fix `CustomJpaEntityProviderDistTest` Signed-off-by: Václav Muzikář <vmuzikar@redhat.com> --------- Signed-off-by: Václav Muzikář <vmuzikar@redhat.com> Signed-off-by: Václav Muzikář <vaclav@muzikari.cz> Co-authored-by: Steven Hawkins <shawkins@redhat.com>	2024-08-29 11:16:38 +02:00
Václav Muzikář	9bbfec5cdd	Remove GELF (#32230 ) Closes #27365 Signed-off-by: Václav Muzikář <vmuzikar@redhat.com>	2024-08-28 21:25:05 +02:00
Steven Hawkins	29eb0171de	task: remove hostname v1 (#32352 ) closes: #27731 Signed-off-by: Steve Hawkins <shawkins@redhat.com>	2024-08-28 17:48:06 +02:00
Yuvi Panda	5210b7e546	Use Google as example, not Google+ Google+ no longer exists Signed-off-by: Yuvi Panda <yuvipanda@gmail.com>	2024-08-26 10:18:52 +02:00
Jon Koops	5ac8ffa5b5	Move unrelated files out of `common` resources (#32285 ) Closes #24861 Signed-off-by: Jon Koops <jonkoops@gmail.com>	2024-08-22 09:57:15 +02:00
Steven Hawkins	087647dab3	fix: adding docs around client redirect uris and hostname-strict (#32101 ) * fix: adding docs around admin client redirect uris and hostname-strict closes: #31640 Signed-off-by: Steve Hawkins <shawkins@redhat.com> * Update docs/documentation/upgrading/topics/changes/changes-25_0_0.adoc Co-authored-by: Václav Muzikář <vaclav@muzikari.cz> Signed-off-by: Steven Hawkins <shawkins@redhat.com> * Update docs/documentation/upgrading/topics/changes/changes-25_0_0.adoc Co-authored-by: Václav Muzikář <vaclav@muzikari.cz> Signed-off-by: Steven Hawkins <shawkins@redhat.com> --------- Signed-off-by: Steve Hawkins <shawkins@redhat.com> Signed-off-by: Steven Hawkins <shawkins@redhat.com> Co-authored-by: Václav Muzikář <vaclav@muzikari.cz>	2024-08-21 14:19:30 +00:00
yelhouti	e8840df0e0	Fix: admin GUI not working with 1000s of realms Search by RealmName is done before loading all realms when filtering Closes #31956 Signed-off-by: Youssef El Houti <youssef.elhouti@gmail.com> Signed-off-by: Alexander Schwartz <aschwart@redhat.com> Co-authored-by: Alexander Schwartz <aschwart@redhat.com>	2024-08-21 14:58:36 +02:00
Pedro Igor	c1f6d5ca64	Support for selecting an organization when requesting the organization scope Closes #31438 Signed-off-by: Pedro Igor <pigor.craveiro@gmail.com>	2024-08-21 13:04:58 +02:00
Pedro Ruivo	4675a4eda9	Deprecate UserSessionCrossDCManager Fixes #31878 Signed-off-by: Pedro Ruivo <pruivo@redhat.com>	2024-08-21 08:52:39 +02:00
Pedro Igor	eeae50fb43	Make sure federationLink always map to the storage provider associated with federated users Closes #31670 Signed-off-by: Pedro Igor <pigor.craveiro@gmail.com>	2024-08-20 11:27:22 +02:00
Stefan Guilhen	fa7c2b5da6	Address review comments Signed-off-by: Stefan Guilhen <sguilhen@redhat.com>	2024-08-19 09:06:35 -03:00
Stefan Guilhen	f82159cf65	Rework logic to fetch IDPs for the login page so that IDPs are fetched from the provider and not filtered in code. Closes #32090 Signed-off-by: Stefan Guilhen <sguilhen@redhat.com>	2024-08-19 09:06:35 -03:00
Václav Muzikář	cb418b0bfc	Upgrade to Quarkus 3.13.2 (#31678 ) * Upgrade to Quarkus 3.13.2 Closes #31676 Signed-off-by: Václav Muzikář <vmuzikar@redhat.com> Co-authored-by: Peter Zaoral <pzaoral@redhat.com> Co-authored-by: Martin Bartoš <mabartos@redhat.com>	2024-08-16 11:41:34 +02:00
Erik Jan de Wit	e85f25434f	added documentation on how use npm packages (#31426 ) Signed-off-by: Erik Jan de Wit <erikjan.dewit@gmail.com>	2024-08-16 11:09:18 +02:00
Michal Hajas	36ad5fb3bd	Remove information about online_user_session table Closes #32178 Signed-off-by: Michal Hajas <mhajas@redhat.com> Co-authored-by: Alexander Schwartz <alexander.schwartz@gmx.net>	2024-08-16 09:23:14 +02:00
Stian Thorgersen	310824cc2b	Remove legacy cookies Closes #16770 Signed-off-by: stianst <stianst@gmail.com> Signed-off-by: Jon Koops <jonkoops@gmail.com> Co-authored-by: Jon Koops <jonkoops@gmail.com>	2024-08-15 15:27:38 +02:00
Yoshiyuki Tabata	cb6eb187ac	Client Policy - Condition : Client - Client Attribute Closes https://github.com/keycloak/keycloak/issues/31766 Signed-off-by: Yoshiyuki Tabata <yoshiyuki.tabata.jy@hitachi.com>	2024-08-14 09:56:56 +02:00
Alexander Schwartz	d4991ce56f	Fix server guide cross-references for downstream docs Closes #31947 Signed-off-by: Alexander Schwartz <aschwart@redhat.com>	2024-08-13 14:51:01 -03:00
Martin Bartoš	d17a48f8f8	Add docs for the OpenTelemetry tracing Closes #31908 Signed-off-by: Martin Bartoš <mabartos@redhat.com> Co-authored-by: Alexander Schwartz <aschwart@redhat.com> Co-authored-by: Steven Hawkins <shawkins@redhat.com> Co-authored-by: Václav Muzikář <vaclav@muzikari.cz>	2024-08-13 08:46:48 +02:00
Steven Hawkins	ea3937f37c	fix: always replacing placeholders (#31871 ) closes: #31625 Signed-off-by: Steve Hawkins <shawkins@redhat.com>	2024-08-12 16:20:47 +00:00
rmartinc	347f595913	Add ECDH-ES encyption algorithms to the java keystore key provider Closes #32023 Signed-off-by: rmartinc <rmartinc@redhat.com>	2024-08-09 15:57:51 +02:00
Pedro Igor	3ab2446074	Do not return identity providers when querying the realm representation Closes #21072 Signed-off-by: Pedro Igor <pigor.craveiro@gmail.com>	2024-08-07 10:06:51 -03:00
rmartinc	acbbfde4ab	Adding upgrading notes for brute force changes Closes #31960 Signed-off-by: rmartinc <rmartinc@redhat.com>	2024-08-07 14:38:30 +02:00
Ryan Emerson	db14ab1365	Refactor HA guide to refer to generic multi-site deployments Old Active/Passive guides replaced with Active/Active architecture, but A/P vs A/A distinction hidden from users in favour of generic multi-site docs. Closes #31029 Signed-off-by: Ryan Emerson <remerson@redhat.com> Signed-off-by: Alexander Schwartz <aschwart@redhat.com> Co-authored-by: Alexander Schwartz <aschwart@redhat.com>	2024-08-07 08:22:59 +00:00
Tero Saarni	62fd969fe1	Allow requests from local IPv6 addresses If administrator selects EXTERNAL for Require SSL setting, allow clear-text HTTP requests when client is coming from IPv6 link-local or unique local address (ULA). Previously only private IPv4 addresses were allowed and private IPv6 addresses were rejected. Closes #30678 Signed-off-by: Tero Saarni <tero.saarni@est.tech>	2024-08-05 16:38:55 +02:00
rmartinc	942d5d0aa3	Convert chapter planning for securing applications and services to guides Final removal of the securing_apps documentation Final checks for links, order and other minor things Closes #31328 Signed-off-by: rmartinc <rmartinc@redhat.com>	2024-08-01 16:45:56 +02:00
Giuseppe Graziano	adb2af442a	Move token exchange documentation to guides (#31707 ) Closes #31334 Signed-off-by: Giuseppe Graziano <g.graziano94@gmail.com> Signed-off-by: Marek Posolda <mposolda@gmail.com> Co-authored-by: Marek Posolda <mposolda@gmail.com>	2024-07-30 21:04:05 +02:00
Giuseppe Graziano	a3c9944610	Move Keycloak JavaScript adapter to guides (#31751 ) Closes #31695 Signed-off-by: Giuseppe Graziano <g.graziano94@gmail.com> Signed-off-by: Marek Posolda <mposolda@gmail.com> Co-authored-by: Marek Posolda <mposolda@gmail.com>	2024-07-30 18:39:33 +02:00
rmartinc	b07b120f2a	Convert chapter client registration CLI from securing apps into guides Closes #31333 Signed-off-by: rmartinc <rmartinc@redhat.com>	2024-07-30 18:30:46 +02:00
rmartinc	b2b27f8a4e	Convert chapter client registration service from securing apps into guides Closes #31332 Signed-off-by: rmartinc <rmartinc@redhat.com>	2024-07-30 18:30:46 +02:00
Giuseppe Graziano	e1266c2678	Move mod-auth-openidc.adoc to guides Closes #31697 Signed-off-by: Giuseppe Graziano <g.graziano94@gmail.com>	2024-07-30 18:23:40 +02:00
Peter Zaoral	07cfdac862	Document admin bootstrapping and recovery Closes: #30011 Signed-off-by: Peter Zaoral <pzaoral@redhat.com> Co-authored-by: Alexander Schwartz <aschwart@redhat.com> Co-authored-by: Václav Muzikář <vaclav@muzikari.cz>	2024-07-30 15:45:56 +02:00
Giuseppe Graziano	ca2b6dc754	Move Node.js adapter to guides Closes #31696 Signed-off-by: Giuseppe Graziano <g.graziano94@gmail.com>	2024-07-30 11:29:51 +02:00
Marek Posolda	5b52117351	Documentation for Delete Credential action and related changes (#31719 ) closes #31718 Signed-off-by: mposolda <mposolda@gmail.com> Signed-off-by: Marek Posolda <mposolda@gmail.com> Co-authored-by: andymunro <48995441+andymunro@users.noreply.github.com>	2024-07-30 10:05:14 +02:00
Giuseppe Graziano	c3019fb2d3	Move oidc documentation to guides (#31627 ) Closes #31329 Signed-off-by: Giuseppe Graziano <g.graziano94@gmail.com>	2024-07-30 09:46:14 +02:00
Steven Hawkins	22f8e5cdf0	Added field to the RealmImport spec to replace environment variables within the realm import (#31232 ) * Added field to the RealmImport spec to replace environment variables within the realm import Closes #26470 Signed-off-by: stustison <scott.tustison@gmail.com> * Added field to the RealmImport spec to replace environment variables within the realm import Closes #26470 Signed-off-by: stustison <scott.tustison@gmail.com> * testing refinement for placeholder handling closes: #26470 Signed-off-by: Steve Hawkins <shawkins@redhat.com> * changing from placeholdersecret to placeholder Signed-off-by: Steve Hawkins <shawkins@redhat.com> * Update docs/guides/operator/realm-import.adoc Co-authored-by: Martin Bartoš <mabartos@redhat.com> Signed-off-by: Steven Hawkins <shawkins@redhat.com> * Update docs/documentation/release_notes/topics/26_0_0.adoc Co-authored-by: Martin Bartoš <mabartos@redhat.com> Signed-off-by: Steven Hawkins <shawkins@redhat.com> --------- Signed-off-by: stustison <scott.tustison@gmail.com> Signed-off-by: Steve Hawkins <shawkins@redhat.com> Signed-off-by: Steven Hawkins <shawkins@redhat.com> Co-authored-by: stustison <scott.tustison@gmail.com> Co-authored-by: Martin Bartoš <mabartos@redhat.com>	2024-07-29 11:16:09 +02:00
rmartinc	e97ffe7a32	Convert chapter docker registry from securing apps into guides Closes #31331 Signed-off-by: rmartinc <rmartinc@redhat.com>	2024-07-26 15:39:51 +02:00
Alexander Schwartz	227c71f7f0	Persisting revoked access tokens Closes #31296 Signed-off-by: Alexander Schwartz <aschwart@redhat.com>	2024-07-26 11:46:14 +02:00
rmartinc	e30230488e	Convert chapter mod_auth_mellon from securing apps into guides Closes #31569 Signed-off-by: rmartinc <rmartinc@redhat.com>	2024-07-24 21:16:49 +02:00
Pedro Igor	f4b1a5ca88	Updating docs Signed-off-by: Pedro Igor <pigor.craveiro@gmail.com>	2024-07-24 15:12:16 -03:00
Maciej Mierzwa	97e89e2071	feature: password age in days policy Closes #30210 Signed-off-by: Maciej Mierzwa <dev.maciej.mierzwa@gmail.com>	2024-07-24 15:12:16 -03:00
rmartinc	9f2eddead8	Re-add notes about not supporting DPoP and holder-of-key in the remaining adapters Closes #30874 Signed-off-by: rmartinc <rmartinc@redhat.com>	2024-07-24 11:55:47 +02:00
rmartinc	ccab30d5f2	Move saml documentation to guides Closes #31330 Signed-off-by: rmartinc <rmartinc@redhat.com>	2024-07-24 11:50:24 +02:00
Thomas Darimont	dbd4079f92	Allow users to customize the footer of a login theme (#31391 ) Closes #31390 Signed-off-by: Thomas Darimont <thomas.darimont@googlemail.com>	2024-07-23 09:29:38 +02:00
Hynek Mlnarik	a7374f92be	Update login theme to login v2 Fixes: #29009 Signed-off-by: Hynek Mlnarik <hmlnarik@redhat.com>	2024-07-18 14:33:22 +02:00
rmartinc	764ef4831a	Release notes and some notes for JavaKeystoreProvider changes Closes #31226 Signed-off-by: rmartinc <rmartinc@redhat.com>	2024-07-17 10:44:45 +02:00
Stian Thorgersen	865c2dabea	Update themes.adoc (#31362 ) Closes #30816 Signed-off-by: Stian Thorgersen <stianst@gmail.com>	2024-07-17 10:32:45 +02:00
Thomas Darimont	e79d10e71e	Add missing user event translations to admin-ui Fixes #27677 Signed-off-by: Thomas Darimont <thomas.darimont@googlemail.com> Signed-off-by: Alexander Schwartz <aschwart@redhat.com> Co-authored-by: Alexander Schwartz <aschwart@redhat.com>	2024-07-12 10:04:57 +02:00
Steven Hawkins	4970a9b729	fix: deprecate KEYCLOAK_ADMIN and KEYCLOAK_ADMIN_PASSWORD closes: #30658 Signed-off-by: Steve Hawkins <shawkins@redhat.com> Signed-off-by: Steven Hawkins <shawkins@redhat.com> Co-authored-by: Jon Koops <jonkoops@gmail.com>	2024-07-11 18:07:57 +02:00
rmartinc	e80c3fee9b	Change link to https://github.com/eclipse/microprofile/wiki/JWT_Auth Closes #31219 Signed-off-by: rmartinc <rmartinc@redhat.com>	2024-07-11 18:03:57 +02:00
Steve Hawkins	9247029ca3	fix: removes the operator's usage of the v1 proxy option closes: #30945 Signed-off-by: Steve Hawkins <shawkins@redhat.com>	2024-07-11 14:21:50 +02:00
rmartinc	096e335a92	Support for vault and AES and HMAC algorithms to JavaKeystoreKeyProvider Closes #30880 Closes #29755 Signed-off-by: rmartinc <rmartinc@redhat.com>	2024-07-11 12:40:45 +02:00
Lucy Linder	0f7c2364f0	Update links in ReCAPTCHA doc Google links changed and are now causing redirect issues reports. Closes: #31187 Signed-off-by: Lucy Linder <lucy.derlin@gmail.com>	2024-07-11 00:27:09 +02:00
Martin Kanis	922eaa9fc8	Disable username prohibited chars validator when email as username is… (#31140 ) * Disable username prohibited chars validator when email as the username is set Closes #25339 Signed-off-by: Martin Kanis <mkanis@redhat.com> Signed-off-by: Pedro Igor <pigor.craveiro@gmail.com> Co-authored-by: Pedro Igor <pigor.craveiro@gmail.com>	2024-07-10 09:46:24 -03:00
rmartinc	ce195b81f8	Improve consent deletion when a realm is removed Closes #30992 Signed-off-by: rmartinc <rmartinc@redhat.com>	2024-07-10 09:44:42 +02:00
Gilvan Filho	a918eb1e30	Fix user storage spi jpa quickstart description Closes #30941 Signed-off-by: Gilvan Filho <gfilho@redhat.com>	2024-07-08 14:44:41 +02:00
Pedro Igor	1a8075d62a	Update migration and upgrade guides about GroupRemovedEvent no longer fired when removing a realm Closes #30919 Signed-off-by: Pedro Igor <pigor.craveiro@gmail.com>	2024-07-05 10:14:30 +02:00
Pedro Igor	b745ac8259	Documenting LDAP connection pooling Closes #30995 Signed-off-by: Pedro Igor <pigor.craveiro@gmail.com>	2024-07-04 13:21:47 +02:00
Steven Hawkins	a7ae90cbb6	fix: adds affinity and other scheduling to the operator (#29977 ) closes: #29258 Signed-off-by: Steve Hawkins <shawkins@redhat.com>	2024-07-03 20:07:03 +02:00
Thomas Darimont	f34bb21af6	Fix deprecations in common module - Use charset in `Encode` class - Replace reflective call to protected `Liquibase#resetServices()` with call to exposed public method on a custom subclass `KeycloakLiquibase` - Remove usage of deprecated AccessController class in Reflections - Deprecated SetAccessibleProvilegedAction and UnsetAccessibleProvilegedAction Fixes #22209 Signed-off-by: Thomas Darimont <thomas.darimont@googlemail.com> Signed-off-by: Alexander Schwartz <aschwart@redhat.com> Co-authored-by: Alexander Schwartz <aschwart@redhat.com>	2024-07-02 16:02:35 +00:00
Peter Zaoral	add45a25a8	Add default CPU limit/request for the operator (#30601 ) Closes: #27432 Signed-off-by: Peter Zaoral <pzaoral@redhat.com>	2024-07-01 15:12:43 +02:00
Christoph Schulz	657aff787f	Add missing comma to (#30914 ) Signed-off-by: Christoph Schulz <mail@ciis0.de> Co-authored-by: Alexander Schwartz <alexander.schwartz@gmx.net>	2024-06-28 13:13:13 +00:00
Stan Silvert	a1445cd93f	Minor doc fix. (#30899 ) Signed-off-by: Stan Silvert <ssilvert@redhat.com>	2024-06-27 16:18:32 -04:00
andymunro	30264c7dd4	Remove inclusive language foreword Closes #30856 Signed-off-by: AndyMunro <amunro@redhat.com> Signed-off-by: Alexander Schwartz <aschwart@redhat.com> Co-authored-by: Alexander Schwartz <aschwart@redhat.com>	2024-06-27 15:22:03 +02:00
Douglas Palmer	5af3001122	Check if OSGI metadata can be removed entirely Closes #29104 Signed-off-by: Douglas Palmer <dpalmer@redhat.com>	2024-06-25 14:12:33 +02:00
Douglas Palmer	54f4ab50f0	Broken external links Closes #30717 Signed-off-by: Douglas Palmer <dpalmer@redhat.com>	2024-06-25 09:55:50 +02:00
Jon Koops	df18629ffe	Use a default Java version from root POM (#29927 ) Signed-off-by: Jon Koops <jonkoops@gmail.com>	2024-06-21 14:19:31 +02:00
Pedro Igor	a0ad680346	Adding an alias to organization and exposing them to templates Closes #30312 Closes #30313 Signed-off-by: Pedro Igor <pigor.craveiro@gmail.com>	2024-06-20 14:36:14 -03:00
Jon Koops	77fb3c4dd4	Use correct host URL for Admin Console requests (#30535 ) Closes #30432 Signed-off-by: Jon Koops <jonkoops@gmail.com>	2024-06-19 15:21:53 +02:00
CARBONNEAUX Mathieu	acf79b81c7	add RS256 algorithm to webauthn default policy (#30528 ) closes #28020 Signed-off-by: Mathieu CARBONNEAUX <mathieu.carbonneaux@ch2o.info>	2024-06-19 10:16:46 +02:00
Pedro Ruivo	5c0dddd837	Batch cluster events Sending multiple events in a single network request should minimize latency and traffic. Closes #30445 Signed-off-by: Pedro Ruivo <pruivo@redhat.com>	2024-06-14 21:14:22 +02:00
Thibault Morin	f6fa869b12	feat(SAML): add Artifact Binding on brokering scenarios when Keycloak is SP (#29619 ) * feat: add Artifact Binding on brokering scenarios when Keycloak is SP Signed-off-by: tmorin <git@morin.io> * Adding broker test and minor improvements Signed-off-by: Pedro Igor <pigor.craveiro@gmail.com> * Fixing IdentityProviderTest Signed-off-by: Pedro Igor <pigor.craveiro@gmail.com> * Renaming methods related to idp initiated flows Signed-off-by: Pedro Igor <pigor.craveiro@gmail.com> * Fixing partial_import_test.spec.ts Signed-off-by: Pedro Igor <pigor.craveiro@gmail.com> --------- Signed-off-by: tmorin <git@morin.io> Signed-off-by: Pedro Igor <pigor.craveiro@gmail.com> Co-authored-by: Pedro Igor <pigor.craveiro@gmail.com>	2024-06-14 08:54:49 -03:00
Pedro Ruivo	18a6c79011	Infinispan Protostream Marshaller (#29474 ) Closes #29394 Signed-off-by: Pedro Ruivo <pruivo@redhat.com> Co-authored-by: Alexander Schwartz <aschwart@redhat.com>	2024-06-13 18:02:46 +02:00
Kohei Tamura	d96967682b	Improve procedure for handling open transactions (#29748 ) Signed-off-by: k-tamura <ktamura.biz.80@gmail.com>	2024-06-12 23:21:24 +02:00
Martin Bartoš	04b16a914c	Remove link to management interface guide from ignored links in docs Closes #28475 Signed-off-by: Martin Bartoš <mabartos@redhat.com>	2024-06-12 11:50:21 +02:00
daviddelannoy	d4fc5249c4	fix label error for persistent-user-sessions feature flag in documentation Closes #30368 Signed-off-by: daviddelannoy <16318239+daviddelannoy@users.noreply.github.com>	2024-06-12 09:32:10 +00:00
Pedro Igor	e6df8a2866	Allow multiple instances of the same social broker in a realm Closes #30088 Signed-off-by: Pedro Igor <pigor.craveiro@gmail.com>	2024-06-11 12:44:10 -03:00
Pedro Igor	22da43c619	Fixing broken link (#30299 ) Signed-off-by: Pedro Igor <pigor.craveiro@gmail.com>	2024-06-10 15:22:48 +02:00
Pedro Igor	c35bf11b1b	Adding organization section (#29796 ) Closes #28731 Signed-off-by: Pedro Igor <pigor.craveiro@gmail.com> Co-authored-by: andymunro <48995441+andymunro@users.noreply.github.com>	2024-06-10 09:08:50 +02:00
Giuseppe Graziano	6067f93984	Improvements to refresh token rotation with multiple tabs (#29966 ) Closes #14122 Signed-off-by: Giuseppe Graziano <g.graziano94@gmail.com>	2024-06-07 12:02:36 +02:00
Steven Hawkins	5059a02eb2	fix: minor refinements to collection utils (#29536 ) closes: #29535 Signed-off-by: Steve Hawkins <shawkins@redhat.com>	2024-06-06 10:07:34 -04:00
Steven Hawkins	c7e9ee2bff	fix: adds handling for all kcadm prompts as env variables (#29430 ) closes: #21961 Signed-off-by: Steve Hawkins <shawkins@redhat.com>	2024-06-06 13:08:23 +00:00
Marek Posolda	79c8c80058	Example for X.509 direct grant flow authentication (#30203 ) closes #29639 Signed-off-by: mposolda <mposolda@gmail.com> Co-authored-by: andymunro <48995441+andymunro@users.noreply.github.com>	2024-06-06 11:58:09 +02:00
Erik Jan de Wit	5897334ddb	Align environment variables between consoles (#30125 ) * change to make authServerUrl the same as authUrl fixes: #29641 Signed-off-by: Erik Jan de Wit <erikjan.dewit@gmail.com> * Remove `authUrl` entirely Signed-off-by: Jon Koops <jonkoops@gmail.com> * Remove file that is unrelated Signed-off-by: Jon Koops <jonkoops@gmail.com> * Split out and align environment variables between consoles Signed-off-by: Jon Koops <jonkoops@gmail.com> * Restore removed variables to preserve backwards compatibility Signed-off-by: Jon Koops <jonkoops@gmail.com> * Also deprecate the `authUrl` for the Admin Console Signed-off-by: Jon Koops <jonkoops@gmail.com> --------- Signed-off-by: Erik Jan de Wit <erikjan.dewit@gmail.com> Signed-off-by: Jon Koops <jonkoops@gmail.com> Co-authored-by: Jon Koops <jonkoops@gmail.com>	2024-06-06 08:36:46 +02:00
Giuseppe Graziano	d5e82356f9	Encrypted KC_RESTART cookie and removed sensitive notes Closes #keycloak/keycloak-private#162 Signed-off-by: Giuseppe Graziano <g.graziano94@gmail.com>	2024-06-05 10:33:44 +02:00
Marek Posolda	193439788e	Release notes for support application/jwt response in token introspec… (#30105 ) closes #30104 Signed-off-by: mposolda <mposolda@gmail.com> Co-authored-by: andymunro <48995441+andymunro@users.noreply.github.com>	2024-06-04 06:49:13 +02:00
Martin Bartoš	262fc09edc	OpenJDK 21 support (#28518 ) * OpenJDK 21 support Closes #28517 Co-authored-by: Václav Muzikář <vaclav@muzikari.cz> Signed-off-by: Martin Bartoš <mabartos@redhat.com> * x509 SAN UPN other name is not handled in JDK 21 (#904) closes #29968 Signed-off-by: mposolda <mposolda@gmail.com> --------- Signed-off-by: Martin Bartoš <mabartos@redhat.com> Signed-off-by: mposolda <mposolda@gmail.com> Co-authored-by: Václav Muzikář <vaclav@muzikari.cz> Co-authored-by: Marek Posolda <mposolda@gmail.com>	2024-06-03 14:17:28 +02:00
Peter Zaoral	cd2451d58b	Remove Oracle JDBC driver out of the box (#29895 ) Closes: #29491 Co-authored-by: Václav Muzikář <vaclav@muzikari.cz> Co-authored-by: Martin Bartoš <mabartos@redhat.com> Signed-off-by: Peter Zaoral <pzaoral@redhat.com>	2024-05-31 17:21:19 +00:00
Alexander Schwartz	af23150343	Fixing typo in the upgrading guide for persistent sessions Closes #30028 Signed-off-by: Alexander Schwartz <aschwart@redhat.com>	2024-05-31 13:18:34 +02:00
Miquel Simon	2c521bd64d	Upgrade supported PostgreSQL to version 16 Closes #29875 Signed-off-by: Miquel Simon <msimonma@redhat.com>	2024-05-29 16:31:40 +02:00
Marek Posolda	336b2c875f	Update release notes for Keycloak 25 (#29894 ) closes #29576 Signed-off-by: mposolda <mposolda@gmail.com> Co-authored-by: andymunro <48995441+andymunro@users.noreply.github.com>	2024-05-29 14:19:17 +02:00
mposolda	37c10b4d43	Improve documentation for the case when 'basic' client scope already exists closes #29880 Signed-off-by: mposolda <mposolda@gmail.com>	2024-05-29 13:32:05 +02:00
Ryan Emerson	5788263413	Document Failover Lambda for Active/Passive deployments Closes #29787 Signed-off-by: Ryan Emerson <remerson@redhat.com> Signed-off-by: Alexander Schwartz <aschwart@redhat.com> Co-authored-by: Alexander Schwartz <aschwart@redhat.com> Co-authored-by: Alexander Schwartz <alexander.schwartz@gmx.net> Co-authored-by: andymunro <48995441+andymunro@users.noreply.github.com>	2024-05-29 12:33:13 +02:00
Michal Hajas	61d0d56720	Document it is not possible to use rolling configuration upgrade for enabling persistent sessions Closes #29561 Signed-off-by: Michal Hajas <mhajas@redhat.com> Signed-off-by: Alexander Schwartz <aschwart@redhat.com> Co-authored-by: Alexander Schwartz <aschwart@redhat.com>	2024-05-29 10:19:20 +02:00
Pedro Igor	bbb83236f5	Do not lower-case the username from the IdP when creating the federated identity Closes #28495 Signed-off-by: Pedro Igor <pigor.craveiro@gmail.com>	2024-05-29 01:58:20 -03:00
Jon Koops	a3b2dd0735	Remove deprecated `ServerCookie` class (#29916 ) Signed-off-by: Jon Koops <jonkoops@gmail.com>	2024-05-28 14:14:05 +00:00
Ryan Emerson	0f17f0abc5	Require external Infinispan be of version 15 or greater Signed-off-by: Ryan Emerson <remerson@redhat.com> Signed-off-by: Alexander Schwartz <aschwart@redhat.com> Co-authored-by: Alexander Schwartz <aschwart@redhat.com>	2024-05-22 11:26:26 +00:00
Alexander Schwartz	80de3a0a71	Allow migration of non-persistent sessions to persistent sessions Closes #29375 Signed-off-by: Alexander Schwartz <aschwart@redhat.com>	2024-05-22 10:30:46 +02:00
rmartinc	f7044ba5c2	Use SessionExpirationUtils for validate user and client sessions Check client session is valid in TokenManager Closes #24936 Signed-off-by: rmartinc <rmartinc@redhat.com>	2024-05-22 10:12:20 +02:00
Marek Posolda	6dc28bc7b5	Clarify the documentation about step-up authentication (#29735 ) closes #28341 Signed-off-by: mposolda <mposolda@gmail.com> Co-authored-by: andymunro <48995441+andymunro@users.noreply.github.com>	2024-05-21 19:46:27 +02:00
mposolda	bbd4b60163	Update documentation after adapters removal closes #28792 Signed-off-by: mposolda <mposolda@gmail.com>	2024-05-21 09:34:48 +02:00
vramik	35df0140ee	Add a note to the migration guide about index name length for Oracle database Closes #29594 Signed-off-by: vramik <vramik@redhat.com>	2024-05-16 10:06:39 -03:00
Takashi Norimatsu	b4e7d9b1aa	Passkeys: Supporting WebAuthn Conditional UI (#24305 ) closes #24264 Signed-off-by: Takashi Norimatsu <takashi.norimatsu.ws@hitachi.com> Signed-off-by: mposolda <mposolda@gmail.com> Co-authored-by: mposolda <mposolda@gmail.com>	2024-05-16 07:58:43 +02:00
Alexander Schwartz	8deca303e2	Update instruction on how to enable persistent sessions (#29490 ) Closes #29489 Signed-off-by: Alexander Schwartz <aschwart@redhat.com>	2024-05-15 13:26:51 +02:00
Kamesh Akella	1d613d9037	Argon2 release notes and sizing guide update Closes #29033 Signed-off-by: Kamesh Akella <kamesh.asp@gmail.com> Signed-off-by: Alexander Schwartz <aschwart@redhat.com> Co-authored-by: Alexander Schwartz <alexander.schwartz@gmx.net> Co-authored-by: Václav Muzikář <vaclav@muzikari.cz> Co-authored-by: Alexander Schwartz <aschwart@redhat.com>	2024-05-14 17:40:51 +02:00
mposolda	d8a7773947	Adding dummyHash to DirectGrant request in case user does not exists. Fix dummyHash for normal login requests closes #12298 Signed-off-by: mposolda <mposolda@gmail.com>	2024-05-13 16:33:29 +02:00
christian2	e200ccfa53	Fix URL endpoint for Docker registry v2 authentication Closes #29132 Signed-off-by: Christian Hörtnagl <christian2@univie.ac.at>	2024-05-13 13:51:06 +02:00
Alexander Schwartz	6fbe207d64	Create documentation for persistent user sessions Closes #29218 Signed-off-by: Alexander Schwartz <aschwart@redhat.com> Signed-off-by: Michal Hajas <mhajas@redhat.com> Co-authored-by: Michal Hajas <mhajas@redhat.com>	2024-05-13 11:02:45 +02:00
mruzicka	6864ee0ead	doc: Quarkus launch rebuild optimization (#28320 ) Suggest a command which performs the update of the class loading indices only once. Closes #28336 Signed-off-by: Michal Růžička <michal.ruza@gmail.com>	2024-05-10 12:28:38 +02:00
AndyMunro	4a5055c3cc	Update create realm topics to replace Master Closes #29280 Signed-off-by: AndyMunro <amunro@redhat.com>	2024-05-08 17:37:20 +02:00
Nathan Raj	8ff1ae0c08	Update stack-overflow.adoc (#29363 ) Corrected capitalisation for heading	2024-05-08 16:06:33 +02:00
Thore	4b194d00be	iso-date validator for the user-profile Adds a new validator in order to be able to validate user-model fields which should be modified/supplied by a datepicker. Closes #11757 Signed-off-by: Thore <thore@kruess.xyz>	2024-05-07 11:42:39 -03:00
Pedro Igor	d2c5fc86a9	Additional note on release and upgrade guides about partial update on user attributes Closes #28220 Signed-off-by: Pedro Igor <pigor.craveiro@gmail.com>	2024-05-07 09:59:38 -03:00
Dimitri Papadopoulos Orfanos	9db1443367	Fix typos found by codespell in docs (#28890 ) Run `chmod -x` on files that need not be executable. Signed-off-by: Dimitri Papadopoulos <3234522+DimitriPapadopoulos@users.noreply.github.com> Signed-off-by: Alexander Schwartz <aschwart@redhat.com> Co-authored-by: Alexander Schwartz <aschwart@redhat.com>	2024-05-03 12:41:16 +00:00
Douglas Palmer	26eaa4f83f	Broken link in documentation Closes #29233 Signed-off-by: Douglas Palmer <dpalmer@redhat.com>	2024-05-02 15:29:56 -03:00
Steven Hawkins	4697cc956b	further refinement of context handling (#28182 ) * fully removing providers and moving the keycloaksession creation / final cleanup also deprecated Resteasy utility methods closes: #29223 Signed-off-by: Steve Hawkins <shawkins@redhat.com> Co-authored-by: Pedro Igor <pigor.craveiro@gmail.com>	2024-05-02 11:21:01 -04:00
Steven Hawkins	3b1ca46be2	fix: updating docs around -q parameter (#29151 ) closes: #27877 Signed-off-by: Steve Hawkins <shawkins@redhat.com>	2024-05-02 16:48:43 +02:00
Douglas Palmer	8d4d5c1c54	Remove redundant servers from the testsuite Closes #29089 Signed-off-by: Douglas Palmer <dpalmer@redhat.com>	2024-04-30 17:39:32 +02:00
Jon Koops	a6e2ab5523	Remove `jaxrs-oauth-client` and OIDC `servlet-filter` adapters Closes #28784 Signed-off-by: Jon Koops <jonkoops@gmail.com>	2024-04-26 15:56:57 +02:00
Douglas Palmer	cca660067a	Remove JAAS login modules Closes #28789 Signed-off-by: Douglas Palmer <dpalmer@redhat.com>	2024-04-26 09:30:35 +02:00
Douglas Palmer	eae20c76bd	Remove KeycloakInstalled Signed-off-by: Douglas Palmer <dpalmer@redhat.com> Closes #28790	2024-04-26 09:30:35 +02:00
Douglas Palmer	b2f09feebf	Remove servlet filter saml adapters Closes #28786 Signed-off-by: Douglas Palmer <dpalmer@redhat.com>	2024-04-26 09:30:35 +02:00
Douglas Palmer	3e13b40648	Remove Spring adapters Closes #28780 Signed-off-by: Douglas Palmer <dpalmer@redhat.com>	2024-04-26 09:30:35 +02:00
Douglas Palmer	bf2c97065f	Remove SpringBoot adapters Closes #28781 Signed-off-by: Douglas Palmer <dpalmer@redhat.com>	2024-04-26 09:30:35 +02:00
Douglas Palmer	43aa10e091	Remove Tomcat OIDC adapter Closes #28778 Signed-off-by: Douglas Palmer <dpalmer@redhat.com>	2024-04-26 09:30:35 +02:00
Douglas Palmer	98faf6e6a0	Remove Tomcat SAML adapter Signed-off-by: Douglas Palmer <dpalmer@redhat.com> Closes #28783	2024-04-26 09:30:35 +02:00
Mark Banierink	ad32896725	replaced and removed deprecated token methods (#27715 ) closes #19671 Signed-off-by: Mark Banierink <mark.banierink@nedap.com> Co-authored-by: Pedro Igor <pigor.craveiro@gmail.com>	2024-04-23 09:23:37 +02:00
Stefan Guilhen	8ca4bc77a1	Improve the performance of the queries used to find granted resources - simplifies the queries to avoid unnecessary join - creates two new indexes to speed up search time Closes #28861 Signed-off-by: Stefan Guilhen <sguilhen@redhat.com>	2024-04-22 11:26:06 -03:00
Lex Cao	7e034dbbe0	Add IdpConfirmOverrideLinkAuthenticator to handle duplicate federated identity (#26393 ) Closes #26201. Signed-off-by: Lex Cao <lexcao@foxmail.com> Co-authored-by: andymunro <48995441+andymunro@users.noreply.github.com>	2024-04-22 11:30:14 +02:00
Pedro Ruivo	3e0a185070	Remove deprecated EnvironmentDependentProviderFactory.isSupported method Closes #26280 Signed-off-by: Pedro Ruivo <pruivo@redhat.com>	2024-04-19 16:36:49 +02:00
Ricardo Martin	fc6b6f0d94	Perform exact string match if redirect URI contains userinfo, encoded slashes or parent access (#131 ) (#28872 ) Closes keycloak/keycloak-private#113 Closes keycloak/keycloak-private#134 Signed-off-by: rmartinc <rmartinc@redhat.com> Co-authored-by: Stian Thorgersen <stianst@gmail.com>	2024-04-18 16:02:24 +02:00
Martin Bartoš	7f74286106	Emphasize the need for setting container limit Closes #28729 Signed-off-by: Martin Bartoš <mabartos@redhat.com>	2024-04-18 15:44:27 +02:00
rmartinc	ddacfbdefd	Remove deprecated LinkedIn social provider Closes #23127 Signed-off-by: rmartinc <rmartinc@redhat.com>	2024-04-18 10:10:58 +02:00
Martin Bartoš	1fb83bb165	Release notes and Migration guide for Hostname v2 (#28621 ) Closes #27730 Signed-off-by: Martin Bartoš <mabartos@redhat.com> Co-authored-by: Václav Muzikář <vmuzikar@redhat.com> Co-authored-by: Peter Zaoral <pzaoral@redhat.com>	2024-04-17 09:29:59 +02:00
Alexander Schwartz	5b4a69a6e9	Limit the concurrency of password hashing to the number of CPU cores available Closes #28477 Signed-off-by: Alexander Schwartz <aschwart@redhat.com>	2024-04-15 15:05:09 +02:00
Steven Hawkins	58398d1f69	fix: replaces aesh with picocli (#28276 ) * fix: replaces aesh with picocli closes: #28275 Signed-off-by: Steve Hawkins <shawkins@redhat.com> * fix: replaces aesh with picocli closes: #28275 Signed-off-by: Steve Hawkins <shawkins@redhat.com> --------- Signed-off-by: Steve Hawkins <shawkins@redhat.com>	2024-04-15 13:04:58 +00:00
Christopher Miles	1646315939	Deny list lower cases all passwords when loading from file Closes #28381 We always lower case the inbound password before comparing against the deny list yet the deny list may contain passwords that contain upper case letters. With this change we will now convert passwords from the deny list into lower case while loading, ensuring that more passwords match the deny list. Signed-off-by: Christopher Miles <twitch@nervestaple.com>	2024-04-15 08:49:37 +02:00
Marek Posolda	e6747bfd23	Adjust priority of SubMapper (#28663 ) closes #28661 Co-authored-by: andymunro <48995441+andymunro@users.noreply.github.com>	2024-04-12 14:13:03 +02:00
Martin Bartoš	a3669a6562	Make general cache options runtime (#28542 ) Closes #27549 Signed-off-by: Martin Bartoš <mabartos@redhat.com>	2024-04-12 11:56:11 +02:00
rmartinc	6d74e6b289	Escape slashes in full group path representation but disabled by default Closes #23900 Signed-off-by: rmartinc <rmartinc@redhat.com>	2024-04-12 10:53:39 +02:00
Marek Posolda	74faddec8e	Release notes for lightweight access tokens and group together relate… (#28622 ) closes #28460 Signed-off-by: mposolda <mposolda@gmail.com> Co-authored-by: andymunro <48995441+andymunro@users.noreply.github.com>	2024-04-11 20:02:33 +02:00
Jon Koops	9b94b6f47e	Add release notes for changes to Account and Admin consoles (#28545 ) Signed-off-by: Jon Koops <jonkoops@gmail.com>	2024-04-11 08:42:08 +02:00
Marek Posolda	13daaa55ba	Documentation for changes related to 'You are already logged in' scen… (#28595 ) closes #27879 Signed-off-by: mposolda <mposolda@gmail.com> Co-authored-by: andymunro <48995441+andymunro@users.noreply.github.com>	2024-04-11 08:18:41 +02:00
Giuseppe Graziano	33b747286e	Changed userId value for refresh token events Closes #28567 Signed-off-by: Giuseppe Graziano <g.graziano94@gmail.com>	2024-04-11 07:46:44 +02:00
Giuseppe Graziano	c76cbc94d8	Add sub via protocol mapper to access token Closes #21185 Signed-off-by: Giuseppe Graziano <g.graziano94@gmail.com>	2024-04-10 10:40:42 +02:00
Martin Bartoš	b2c88e9876	docs: Support management port for health and metrics (#28213 ) Relates to #19334 Signed-off-by: Martin Bartoš <mabartos@redhat.com> Co-authored-by: Alexander Schwartz <aschwart@redhat.com> Co-authored-by: Václav Muzikář <vmuzikar@redhat.com>	2024-04-09 14:33:30 +02:00
Alexander Schwartz	3ba9a905c9	Provide histograms for http server metrics Closes #28178 Co-authored-by: Martin Bartoš <mabartos@redhat.com> Signed-off-by: Martin Bartoš <mabartos@redhat.com> Signed-off-by: Alexander Schwartz <aschwart@redhat.com>	2024-04-09 12:52:42 +02:00
Stian Thorgersen	a499512f35	Set SameSite for all cookies (#28467 ) Closes #28465 Signed-off-by: stianst <stianst@gmail.com>	2024-04-09 12:29:19 +02:00
Steve Hawkins	9afe3a2560	fix: changing max threads default closes: #17483 Signed-off-by: Steve Hawkins <shawkins@redhat.com>	2024-04-09 12:14:56 +02:00
Martin Bartoš	9c1790af68	Enable Syslog log handler (#28462 ) * Enable syslog log handler Closes #27544 Signed-off-by: Martin Bartoš <mabartos@redhat.com> * Suggest an alternative to GELF Signed-off-by: Martin Bartoš <mabartos@redhat.com> --------- Signed-off-by: Martin Bartoš <mabartos@redhat.com>	2024-04-08 17:38:20 +02:00
Pedro Igor	52ba9b4b7f	Make sure attribute metadata from user storage providers are added only for the provider associated with a federated user Closes #28248 Signed-off-by: Pedro Igor <pigor.craveiro@gmail.com>	2024-04-08 09:05:16 -03:00
Giuseppe Graziano	b4f791b632	Remove session_state from tokens Closes #27624 Signed-off-by: Giuseppe Graziano <g.graziano94@gmail.com>	2024-04-08 08:12:51 +02:00
Stian Thorgersen	b9feaec38e	Ignore all links to GitHub when checking external links in docs due to rate limiting issues (#28472 ) Closes #28330 Signed-off-by: stianst <stianst@gmail.com>	2024-04-05 15:36:38 +02:00
Pedro Igor	8fb6d43e07	Do not export ids when exporting authorization settings Closes #25975 Co-authored-by: 박시준 <sjpark@logblack.com> Signed-off-by: Pedro Igor <pigor.craveiro@gmail.com>	2024-04-04 19:26:03 +02:00
Clemens Zagler	b44252fde9	authz/client: Fix getPermissions returning wrong type Due to an issue with runtime type erasure, getPermissions returned a List<LinkedHashSet> instead of List<Permission>. Fixed and added test to catch this Closes #16520 Signed-off-by: Clemens Zagler <c.zagler@noi.bz.it>	2024-04-02 11:09:43 -03:00
Giuseppe Graziano	fe06df67c2	New default client scope for 'basic' claims with 'auth_time' protocol mapper Closes #27623 Signed-off-by: Giuseppe Graziano <g.graziano94@gmail.com>	2024-04-02 08:44:28 +02:00
Steven Hawkins	e9ad9d0564	fix: replace aesh with picocli (#27458 ) * fix: replace aesh with picocli closes: #27388 Signed-off-by: Steve Hawkins <shawkins@redhat.com> * Update integration/client-cli/admin-cli/src/main/java/org/keycloak/client/admin/cli/commands/AbstractRequestCmd.java Co-authored-by: Martin Bartoš <mabartos@redhat.com> * splitting the error handling for password input Signed-off-by: Steve Hawkins <shawkins@redhat.com> * adding a change note about kcadm Signed-off-by: Steve Hawkins <shawkins@redhat.com> * Update docs/documentation/upgrading/topics/changes/changes-25_0_0.adoc Co-authored-by: Martin Bartoš <mabartos@redhat.com> --------- Signed-off-by: Steve Hawkins <shawkins@redhat.com> Co-authored-by: Martin Bartoš <mabartos@redhat.com>	2024-03-28 14:34:06 +01:00
Gilvan Filho	757c524cc5	Password policy for not having username in the password closes #27643 Signed-off-by: Gilvan Filho <gfilho@redhat.com>	2024-03-28 08:29:03 +01:00
Stian Thorgersen	c3a98ae387	Use Argon2 as default password hashing algorithm (#28162 ) Closes #28161 Signed-off-by: stianst <stianst@gmail.com>	2024-03-22 13:04:14 +00:00
rmartinc	d4da0c816c	Upgrading note to warn truststore changes affect webauthn registration Closes #28113 Signed-off-by: rmartinc <rmartinc@redhat.com>	2024-03-22 10:58:48 +01:00
Steven Hawkins	619775b8db	fix: simplifies the parsing routine, which accounts for leading 0's (#28102 ) closes: #27839 Signed-off-by: Steve Hawkins <shawkins@redhat.com>	2024-03-22 09:19:52 +01:00
Stian Thorgersen	cae92cbe8c	Argon2 password hashing provider (#28031 ) Closes #28030 Signed-off-by: stianst <stianst@gmail.com>	2024-03-22 07:08:09 +01:00
Steven Hawkins	cbe185fbab	doc: add a note about lack of other JAX-RS support (#28048 ) closes: #27057 Signed-off-by: Steve Hawkins <shawkins@redhat.com>	2024-03-21 16:59:22 +01:00
Steven Hawkins	7eab019748	task: deprecate WILDCARD and STRICT options (#26833 ) closes: #24893 Signed-off-by: Steve Hawkins <shawkins@redhat.com>	2024-03-21 16:22:41 +01:00
Alexander Schwartz	c4fdf1cee7	Enable HTTP metrics for Keycloak by default (#28088 ) Closes #27924 Signed-off-by: Alexander Schwartz <aschwart@redhat.com>	2024-03-21 16:18:03 +01:00
Steve Hawkins	91c89c28e7	fix: changes xa transaction related defaults xa is not enabled by default recovery is enabled by default closes #27308 Signed-off-by: Steve Hawkins <shawkins@redhat.com>	2024-03-21 16:01:19 +01:00
Sebastian Schuster	0542554984	12671 querying by user attribute no longer forces case insensitivity for keys Signed-off-by: Sebastian Schuster <sebastian.schuster@bosch.io>	2024-03-21 08:35:29 -03:00
Alexander Schwartz	fbdb2ed9f7	Updated performance impact due to changed hashing Fixes #27900 Signed-off-by: Alexander Schwartz <aschwart@redhat.com>	2024-03-19 09:30:49 +01:00
AndyMunro	d61b1ddb09	Edit use of Keycloak in Server Admin Guide Closes #27955 Signed-off-by: AndyMunro <amunro@redhat.com>	2024-03-18 09:51:55 +01:00
Alexander Schwartz	62d24216e3	Remove offline session preloading Closes #27602 Signed-off-by: Alexander Schwartz <aschwart@redhat.com>	2024-03-15 15:19:27 +01:00
Stian Thorgersen	2bddfe7380	Remove log4j from documentation tests (#27929 ) Signed-off-by: stianst <stianst@gmail.com>	2024-03-15 15:06:24 +01:00
AndyMunro	e40227fa50	Address comments on Securing Apps Closes #27867 Signed-off-by: AndyMunro <amunro@redhat.com>	2024-03-15 13:04:05 +01:00
Stian Thorgersen	81f3f211f3	Delete all deprecated and unmaintained examples (#27855 ) Signed-off-by: stianst <stianst@gmail.com>	2024-03-15 07:24:20 +01:00
Steven Hawkins	1cc1911ec3	doc: adding a note about repairing a corrupted classloading index (#27906 ) relates to: #26396 Signed-off-by: Steve Hawkins <shawkins@redhat.com>	2024-03-14 16:47:07 +01:00
larsw	42244d2a67	doc/token-exchange.adoc: issuer claim -> iss claim (#27018 ) Fixed a typo in the text.	2024-03-14 13:37:40 +01:00
andymunro	be29be6741	Edit Keycloak 23 part of Upgrading Guide Closes #27484 Signed-off-by: AndyMunro <amunro@redhat.com>	2024-03-14 11:03:58 +01:00
Alexander Schwartz	1788cf2b09	Enable Infinispan metrics automatically if overall metrics are enabled Closes #27724 Signed-off-by: Alexander Schwartz <aschwart@redhat.com>	2024-03-13 18:55:45 +01:00
Alexander Schwartz	6de5325d1c	Limit the received content when handling the content as a String Closes #27293 Co-authored-by: rmartinc <rmartinc@redhat.com> Signed-off-by: rmartinc <rmartinc@redhat.com> Signed-off-by: Alexander Schwartz <aschwart@redhat.com>	2024-03-13 16:43:03 +01:00
Steven Hawkins	e22148043b	doc: mention that the split package warning may not happen (#27789 ) closes: #26396 Signed-off-by: Steve Hawkins <shawkins@redhat.com>	2024-03-13 14:57:20 +01:00
Stian Thorgersen	1f772d2957	Move authenticator example to quickstarts (#27850 ) Signed-off-by: stianst <stianst@gmail.com>	2024-03-13 11:52:29 +00:00
stianst	15717cc152	Remove deprecated cookie code Closes #26813 Signed-off-by: stianst <stianst@gmail.com>	2024-03-12 17:24:14 +01:00
Alexander Schwartz	967ceddfbb	Fixing downstream documentation build (#27781 ) Closes #27780 Signed-off-by: Alexander Schwartz <aschwart@redhat.com>	2024-03-12 08:37:41 +01:00
andymunro	66cffca3d4	Simplify Upgrade Guide structure Closes #27632 Signed-off-by: AndyMunro <amunro@redhat.com> Signed-off-by: Alexander Schwartz <aschwart@redhat.com> Co-authored-by: Alexander Schwartz <aschwart@redhat.com>	2024-03-11 16:22:46 +01:00
Alexander Schwartz	050acf0d94	Map Storage Removal: Remove deprecated model/legacy module (#27601 ) Closes #26657 Signed-off-by: Alexander Schwartz <aschwart@redhat.com>	2024-03-08 15:17:24 +00:00
Martin Bartoš	c5553b46b4	Update Welcome page image in docs Closes #27719 Signed-off-by: Martin Bartoš <mabartos@redhat.com>	2024-03-08 15:00:36 +01:00
rmartinc	dea15e25da	Only add the nonce claim to the ID Token (mapper for backwards compatibility) Closes #26893 Signed-off-by: rmartinc <rmartinc@redhat.com>	2024-03-07 09:56:57 +01:00
Alexander Schwartz	fa12b14a32	Update docs about when emails for changed credentials are sent Closes #27620 Co-authored-by: andymunro <48995441+andymunro@users.noreply.github.com> Signed-off-by: Alexander Schwartz <aschwart@redhat.com> Signed-off-by: andymunro <48995441+andymunro@users.noreply.github.com>	2024-03-07 07:16:16 +01:00
Alexander Schwartz	2199d37879	Add multi-site active-passive support to the release notes (#27575 ) Closes #27573 Signed-off-by: Alexander Schwartz <aschwart@redhat.com>	2024-03-06 12:59:22 +01:00
Alexander Schwartz	4b697009d3	Clean up feature IDs in the docs (#27418 ) Closes #27416 Signed-off-by: Alexander Schwartz <aschwart@redhat.com>	2024-03-06 12:32:06 +01:00
Pedro Igor	d12711e858	Allow fetching roles when evaluating role licies Closes #20736 Signed-off-by: Pedro Igor <pigor.craveiro@gmail.com>	2024-03-05 15:54:02 +01:00
Alexander Schwartz	aec6020750	URL change as liquibase.org now redirects Closes #27540 Signed-off-by: Alexander Schwartz <aschwart@redhat.com>	2024-03-05 13:24:12 +01:00
Stian Thorgersen	d48ef8b507	Added release notes for 24.0.1 (#27524 ) Signed-off-by: stianst <stianst@gmail.com>	2024-03-05 08:46:10 +01:00
Stian Thorgersen	d875a8f2b7	Delete broken images from release notes (#27492 ) Signed-off-by: stianst <stianst@gmail.com>	2024-03-04 12:47:03 +01:00
Lucy Linder	84d48a9877	Update documentation for reCAPTCHA support Signed-off-by: Lucy Linder <lucy.derlin@gmail.com>	2024-03-04 20:28:06 +09:00
Marek Posolda	f1e7c572da	Release notes 24: default password hashing updates (#27475 ) Signed-off-by: mposolda <mposolda@gmail.com>	2024-03-04 09:55:03 +01:00
AndyMunro	14a12d106a	Edit Keycloak 23.x release notes Closes #27440 Signed-off-by: AndyMunro <amunro@redhat.com>	2024-03-02 21:20:58 +01:00
AndyMunro	405feb0bc2	Edit Keycloak 24 changes chapter Closes 27452 Signed-off-by: AndyMunro <amunro@redhat.com>	2024-03-02 21:11:35 +01:00
Steven Hawkins	c2596849f9	doc: adding a note about not conflicting with built-in stuff (#27214 ) closes: #24459 Signed-off-by: Steve Hawkins <shawkins@redhat.com>	2024-03-01 14:34:16 +01:00
Václav Muzikář	3e3cb2222d	Deprecate GELF (#27367 ) Closes #27364 Signed-off-by: Václav Muzikář <vmuzikar@redhat.com>	2024-02-29 12:07:28 +01:00
Takashi Norimatsu	3db04d8d8d	Replace Security Key with Passkey in WebAuthn UIs and their documents closes #27147 Signed-off-by: Takashi Norimatsu <takashi.norimatsu.ws@hitachi.com>	2024-02-29 10:31:05 +01:00
Marek Posolda	8dd0eb451d	Additional release notes for Keycloak 24 (#27339 ) closes #27142 Signed-off-by: mposolda <mposolda@gmail.com> Co-authored-by: andymunro <48995441+andymunro@users.noreply.github.com>	2024-02-29 08:43:22 +01:00
Alexander Schwartz	3950b4ed46	Cleaning old product documentation from the upstream documentation Closes #27324 Signed-off-by: Alexander Schwartz <aschwart@redhat.com>	2024-02-28 13:30:39 +01:00
AndyMunro	941e7cc3a5	notes about access and refresh tokens Closes #26919 Signed-off-by: AndyMunro <amunro@redhat.com>	2024-02-28 12:12:48 +01:00
AndyMunro	ca0526f54d	Edit Keycloak 24 release notes Closes #27326 Signed-off-by: AndyMunro <amunro@redhat.com>	2024-02-28 10:43:17 +01:00
Alexander Schwartz	6de61f61f0	Adding missing explicit IDs for cross-references Closes #27316 Signed-off-by: Alexander Schwartz <aschwart@redhat.com>	2024-02-28 08:37:52 +01:00
Gilvan Filho	83af01c4c0	Add failedLoginNotBefore to AttackDetectionResource Closes #17574 Signed-off-by: Gilvan Filho <gfilho@redhat.com>	2024-02-26 09:35:51 +01:00
Pedro Igor	b98e115183	Updating docs and account message Signed-off-by: Pedro Igor <pigor.craveiro@gmail.com>	2024-02-22 22:58:22 +09:00
Pedro Igor	604274fb76	Allow setting an attribute as multivalued Closes #23539 Signed-off-by: Pedro Igor <pigor.craveiro@gmail.com> Co-authored-by: Jon Koops <jonkoops@gmail.com> Co-authored-by: Erik Jan de Wit <erikjan.dewit@gmail.com>	2024-02-22 12:56:44 +01:00
Takashi Norimatsu	1e12b15890	Supporting OAuth 2.1 for public clients closes #25316 Co-authored-by: shigeyuki kabano <shigeyuki.kabano.sj@hitachi.com> Signed-off-by: Takashi Norimatsu <takashi.norimatsu.ws@hitachi.com>	2024-02-22 10:57:29 +01:00
Douglas Palmer	b0ef746f39	Permanently lock users out after X temporary lockouts during a brute force attack Closes #26172 Signed-off-by: Douglas Palmer <dpalmer@redhat.com>	2024-02-22 09:34:51 +01:00
Takashi Norimatsu	9ea679ff35	Supporting OAuth 2.1 for confidential clients closes #25314 Co-authored-by: shigeyuki kabano <shigeyuki.kabano.sj@hitachi.com> Signed-off-by: Takashi Norimatsu <takashi.norimatsu.ws@hitachi.com>	2024-02-22 08:34:21 +01:00
Jon Koops	89af9e3ffd	Write announcement and documentation for Account Console v3 (#26318 ) Closes #26122 Signed-off-by: Jon Koops <jonkoops@gmail.com>	2024-02-21 13:42:33 -05:00
Alexander Schwartz	3b6886d970	Add warning about too long attribute values as it can exhaust caches (#27126 ) Closes #27125 Signed-off-by: Alexander Schwartz <aschwart@redhat.com>	2024-02-21 13:47:58 +01:00
Václav Muzikář	33425dacd9	Add `proxy-headers` option to the Keycloak CR (#27092 ) Closes #25179 Signed-off-by: Václav Muzikář <vmuzikar@redhat.com>	2024-02-21 12:19:37 +01:00
Václav Muzikář	de60c9b469	Tweak the default memory request and limit in the Operator (#27170 ) Closes #27169 Signed-off-by: Václav Muzikář <vmuzikar@redhat.com>	2024-02-21 10:03:17 +01:00
Takashi Norimatsu	1bdbaa2ca5	Client policies: executor for validate and match a redirect URI closes #25637 Signed-off-by: Takashi Norimatsu <takashi.norimatsu.ws@hitachi.com>	2024-02-20 08:37:33 +01:00
Joshua Sorah	018914d7fd	Change Open ID Connect to OpenID Connect in UI and docs Closes #27093 Signed-off-by: Joshua Sorah <jsorah@redhat.com>	2024-02-19 17:01:57 +01:00
Takashi Norimatsu	849a920955	Rename Resident key to Discoverable Credential closes #9508 Signed-off-by: Takashi Norimatsu <takashi.norimatsu.ws@hitachi.com>	2024-02-19 14:12:15 +01:00
Marek Posolda	d8ab12eab7	Release notes for Keycloak 24 with OIDC contributions (#27047 ) closes #25729 Signed-off-by: mposolda <mposolda@gmail.com> Co-authored-by: andymunro <48995441+andymunro@users.noreply.github.com>	2024-02-16 08:34:20 +01:00
Vlasta Ramik	76453550a5	User attribute value length extension Closes #9758 Signed-off-by: vramik <vramik@redhat.com> Signed-off-by: Alexander Schwartz <aschwart@redhat.com> Signed-off-by: Michal Hajas <mhajas@redhat.com> Co-authored-by: Alexander Schwartz <aschwart@redhat.com> Co-authored-by: Michal Hajas <mhajas@redhat.com>	2024-02-16 08:09:34 +01:00
Martin Bartoš	59007844d9	Supported option to specify resource management for pods in Keycloak CR (#26661 ) Closes #26456 Signed-off-by: Martin Bartoš <mabartos@redhat.com>	2024-02-15 13:38:41 +01:00
rmartinc	4ff4c3f897	Increase internal algorithm security using HS512 and 128 byte hmac keys Closes #13080 Signed-off-by: rmartinc <rmartinc@redhat.com>	2024-02-15 08:16:45 +01:00
Marek Posolda	16fca0118e	User profile - release notes and more migration instructions (#27003 ) closes #26917 closes #26932 Signed-off-by: mposolda <mposolda@gmail.com> Co-authored-by: Pedro Igor <pigor.craveiro@gmail.com> Co-authored-by: andymunro <48995441+andymunro@users.noreply.github.com>	2024-02-15 08:14:16 +01:00
Marek Posolda	e2fb8406a3	Fixing the docs about default hashing iterations (#27020 ) closes #26816 Signed-off-by: mposolda <mposolda@gmail.com> Co-authored-by: andymunro <48995441+andymunro@users.noreply.github.com>	2024-02-15 08:11:44 +01:00
Joshua Sorah	b81233a4af	[docs] Align OAuth 2.0 Security Best Current Practice links (#24706 ) Closes keycloak/keycloak#24705 Signed-off-by: Joshua Sorah <jsorah@gmail.com>	2024-02-13 13:53:56 +01:00
Pedro Igor	750bc2c09c	Reviewing references to user attribute management and UIs Closes #26155 Signed-off-by: Pedro Igor <pigor.craveiro@gmail.com>	2024-02-12 16:01:34 +01:00
mposolda	7af753e166	Documentation for AIA closes #25569 Signed-off-by: mposolda <mposolda@gmail.com> Co-authored-by: andymunro <48995441+andymunro@users.noreply.github.com>	2024-02-12 09:42:34 +01:00
Thomas Darimont	93fc6a6c54	Shorter lifespan for offline session cache entries in memory Closes #26810 Co-authored-by: Thomas Darimont <thomas.darimont@googlemail.com> Co-authored-by: Martin Kanis <mkanis@redhat.com> Signed-off-by: Thomas Darimont <thomas.darimont@googlemail.com> Signed-off-by: Martin Kanis <mkanis@redhat.com>	2024-02-09 19:44:04 +01:00
stianst	d2f74dd83d	Fix anchors in securing apps guide in prod profile Closes #26853 Signed-off-by: Alexander Schwartz <aschwart@redhat.com>	2024-02-09 12:31:30 +01:00
Pedro Igor	b91ad23b20	Update theme documentation about the considerations when deploying custom themes (#26885 ) Related #23907 Signed-off-by: Pedro Igor <pigor.craveiro@gmail.com>	2024-02-09 04:21:54 +01:00
Steven Hawkins	77581d2527	fix: change from operator. to kc.operator. keys (#26414 ) closes #12352 Signed-off-by: Steve Hawkins <shawkins@redhat.com>	2024-02-08 15:03:20 +01:00
Michal Hajas	de598577b1	Fix confusing SAML NameId mapper format tooltip Closes #26051 Signed-off-by: Michal Hajas <mhajas@redhat.com> Co-authored-by: Hynek Mlnařík <hmlnarik@users.noreply.github.com>	2024-02-08 11:21:11 +01:00
Stian Thorgersen	cd1e483134	Remove section on adding custom attributes with account v1 and custom themes (#26858 ) Closes #26856 Signed-off-by: stianst <stianst@gmail.com>	2024-02-08 07:28:32 +01:00
Michael Schnitzler	fdfe41bdda	fix documentation for resetting OTP in "reset credentials" flow (#26834 ) The former version stated that the "Reset OTP" step had to be disabled in the "reset credentials" authentication flow in order to keep the OTP unchanged. This leads to an error. More precisely, the "Reset - Conditional OTP" sub-flow has to be disabled. Fixex #26834 Signed-off-by: Michael Schnitzler <schnitzler.michael+github@gmail.com>	2024-02-07 11:57:58 -03:00
Tero Saarni	ac1780a54f	Added event for temporary lockout for brute force protector (#26630 ) This change adds event for brute force protector when user account is temporarily disabled. It also lowers the priority of free-text log for failed login attempts. Signed-off-by: Tero Saarni <tero.saarni@est.tech> Signed-off-by: Alexander Schwartz <aschwart@redhat.com> Co-authored-by: Alexander Schwartz <aschwart@redhat.com>	2024-02-07 14:13:33 +00:00
zak905	bcd423b270	rephrase sentence in changes-22_0_0.adoc for more clarity Signed-off-by: zak905 <zakaria.amine88@gmail.com>	2024-02-07 09:32:43 -03:00
zak905	c7db7bd528	Update custom rest endpoint documentation and example Add a mention about beans.xml and @Provider in the extending server documentation Add beans.xml in the rest provider example Add a mention about @Provider in the upgrading guides Closes #25882 Signed-off-by: zak905 <zakaria.amine88@gmail.com> Address suggested change for docs/documentation/server_development/topics/extensions.adoc Co-authored-by: Pedro Igor <pigor.craveiro@gmail.com> Address suggested change for docs/documentation/server_development/topics/extensions.adoc Co-authored-by: Pedro Igor <pigor.craveiro@gmail.com> Signed-off-by: zak905 <zakaria.amine88@gmail.com> Address suggested change for docs/documentation/upgrading/topics/keycloak/changes-22_0_0.adoc Co-authored-by: Pedro Igor <pigor.craveiro@gmail.com> Signed-off-by: zak905 <zakaria.amine88@gmail.com>	2024-02-07 09:32:43 -03:00
mposolda	ab7426b857	User profile migration documentation for default validations and strange attributes closes #26634 closes #25979 Signed-off-by: mposolda <mposolda@gmail.com> Co-authored-by: andymunro <48995441+andymunro@users.noreply.github.com>	2024-02-06 16:48:03 -03:00
Stian Thorgersen	c4b1fd092a	Use code from RestEasy to create and set cookies (#26558 ) Closes #26557 Signed-off-by: stianst <stianst@gmail.com>	2024-02-06 15:14:04 +01:00
Hynek Mlnarik	c866e8e6f9	Introduce index.ftl into base account theme Fixes: #26487 Signed-off-by: Hynek Mlnarik <hmlnarik@redhat.com>	2024-02-06 14:29:07 +01:00
Alexander Schwartz	43c200a8ce	Update migration guide Closes #26490 Signed-off-by: Alexander Schwartz <aschwart@redhat.com>	2024-02-05 14:41:44 +01:00
Pedro Igor	4338f44955	Reviewing the user profile documentation Closes #26154 Signed-off-by: Pedro Igor <pigor.craveiro@gmail.com>	2024-02-02 17:14:51 +01:00
christian-2	e14b523a8d	Fixes typo in Server Administration guide (#26543 ) Signed-off-by: Christian Hörtnagl <christian2@univie.ac.at>	2024-02-01 19:36:32 +01:00
mposolda	56a605fae7	Documentation for SuppressRefreshTokenRotationExecutor closes #26587 Signed-off-by: mposolda <mposolda@gmail.com> Co-authored-by: andymunro <48995441+andymunro@users.noreply.github.com>	2024-02-01 17:18:50 +01:00
Martin Bartoš	14d97ca9ea	Update Maven dependency versions for docs Update Maven Wrapper version Closes #26689 Fixes #26686 Signed-off-by: Martin Bartoš <mabartos@redhat.com>	2024-02-01 13:42:25 +01:00
Pedro Igor	3a7ce54266	Allow formating numbers when rendering attributes Closes keycloak#26320 Signed-off-by: Pedro Igor <pigor.craveiro@gmail.com>	2024-02-01 08:14:58 -03:00
Martin Kanis	a3fcacdab7	Map Store Removal: deprecate model legacy module Closes #26598 Signed-off-by: Martin Kanis <mkanis@redhat.com>	2024-01-31 17:40:45 +01:00
Steven Hawkins	f55e903092	Convert watching to polling and adding infinispan config file support (#26510 ) Signed-off-by: Steve Hawkins <shawkins@redhat.com>	2024-01-31 12:57:34 +00:00
Stian Thorgersen	bc3c27909e	Cookie Provider (#26499 ) Closes #26500 Signed-off-by: stianst <stianst@gmail.com>	2024-01-26 10:45:00 +01:00
Martin Kanis	7797f778d1	Map Store Removal: Rename legacy modules Closes #24107 Signed-off-by: Martin Kanis <mkanis@redhat.com>	2024-01-25 16:29:16 +01:00
Thomas Darimont	e7363905fa	Change password hashing defaults according to OWASP recommendations (#16629 ) Changes according to the latest [OWASP cheat sheet for secure Password Storage](https://cheatsheetseries.owasp.org/cheatsheets/Password_Storage_Cheat_Sheet.html#pbkdf2): - Changed default password hashing algorithm from pbkdf2-sha256 to pbkdf2-sha512 - Increased number of hash iterations for pbkdf2-sha1 from 20.000 to 1.300.000 - Increased number of hash iterations for pbkdf2-sha256 from 27.500 to 600.000 - Increased number of hash iterations for pbkdf2-sha512 from 30.000 to 210.000 - Adapt PasswordHashingTest to new defaults - The test testBenchmarkPasswordHashingConfigurations can be used to compare the different hashing configurations. - Document changes in changes document with note on performance and how to keep the old behaviour. - Log a warning at the first time when Pbkdf2PasswordHashProviderFactory is used directly Fixes #16629 Signed-off-by: Thomas Darimont <thomas.darimont@googlemail.com>	2024-01-24 18:35:51 +01:00
Stian Thorgersen	fea49765f0	Remove Jetty 9.4 adapters (#26261 ) Only removing the distribution of the Jetty adapter for now, and leaving the rest for now. This is due to the complexity of removing all Jetty adapter code due to Spring, OSGI, Fuse, testsuite, etc. and it will be better to leave the rest of the clean-up to after 24 when we are removing most adapters Closes #26255 Signed-off-by: stianst <stianst@gmail.com>	2024-01-24 11:17:29 +01:00
Martin Kanis	84603a9363	Map Store Removal: Rename Legacy* classes (#26273 ) Closes #24105 Signed-off-by: Martin Kanis <mkanis@redhat.com>	2024-01-23 13:50:31 +00:00
Jon Koops	5bf2d4b6ec	Enable PKCE by default for Keycloak JS (#26412 ) Closes #26411 Signed-off-by: Jon Koops <jonkoops@gmail.com>	2024-01-23 14:04:13 +01:00
rmartinc	2f0a0b6ad8	Remove deprecated mode for saml encryption Closes #26291 Signed-off-by: rmartinc <rmartinc@redhat.com>	2024-01-18 16:52:10 +01:00
Lex Cao	a960d0d8fa	Add upgrading docs for changes to send-verify-email API Closes #26146. Signed-off-by: Lex Cao <lexcao@foxmail.com>	2024-01-18 09:48:01 +01:00

... 6 7 8 9 10 ...

980 commits