upstream/keycloak
1
0
Fork 0
mirror of https://github.com/keycloak/keycloak.git synced 2026-03-09 09:52:35 -04:00
Code Issues Projects Releases Packages Wiki Activity Actions 3
28698 commits 27 branches 298 tags 885 MiB
Commit graph

259 commits

Author SHA1 Message Date
rmartinc
e0bba39da0 Allow configure encryption details for SAML clients 
Closes #40933

Signed-off-by: rmartinc <rmartinc@redhat.com>
 2025-07-18 20:13:40 +02:00
Martin Kanis
85b494ec51
Review and update the documentation regarding the UPDATE EMAIL feature 
Closes #40226

Signed-off-by: Martin Kanis <mkanis@redhat.com>
 2025-07-17 15:27:09 +00:00
Alexander Schwartz
180745b65f
Fix em-dash in SPI options in the docs 
Closes #41152

Signed-off-by: Alexander Schwartz <aschwart@redhat.com>
Signed-off-by: Alexander Schwartz <alexander.schwartz@gmx.net>
Co-authored-by: Steven Hawkins <shawkins@redhat.com>
 2025-07-16 12:18:09 -03:00
Pedro Igor
87f30a6285
Adding a config to the UPDATE_EMAIL action to force users to verify email 
Closes #32569

Signed-off-by: Pedro Igor <pigor.craveiro@gmail.com>
 2025-07-16 16:21:08 +02:00
mposolda
274afa88fa Add option 'Requires short state parameter' to OIDC IDP 
closes #40237

Signed-off-by: mposolda <mposolda@gmail.com>
 2025-07-11 16:17:03 +02:00
Pascal Knüppel
f39a37d8d1
[OID4VCI] Move realm attributes to clientScope and protocol-mappers (#39768) 
fixes #39527


Signed-off-by: Pascal Knüppel <pascal.knueppel@governikus.de>
Signed-off-by: Captain-P-Goldfish <captain.p.goldfish@gmx.de>
 2025-07-10 14:46:36 +02:00
Pedro Ruivo
9322d71d61
UserSession Offline removed from DB if not in cache 
Fixes #40754

Signed-off-by: Pedro Ruivo <pruivo@redhat.com>
Signed-off-by: Alexander Schwartz <alexander.schwartz@gmx.net>
Co-authored-by: Alexander Schwartz <alexander.schwartz@gmx.net>
 2025-07-07 20:52:06 +02:00
Ricardo Martin
8624101701
Documentation changes for Passkeys (#40728) 
Closes #40705

Signed-off-by: rmartinc <rmartinc@redhat.com>


Co-authored-by: Alexander Schwartz <alexander.schwartz@gmx.net>
Signed-off-by: Ricardo Martin <rmartinc@redhat.com>
 2025-06-27 14:59:46 +02:00
andymunro
e7b4f745ad
Clarify OpenShift instructions (#40488) 
Closes #40487

Signed-off-by: AndyMunro <amunro@redhat.com>
 2025-06-20 17:07:48 +02:00
Henrik S.
c952cb66ad
Update authentication flows documentation to match new GUI 
Closes #40514

Signed-off-by: Henrik S. <henrik.strath@volvocars.com>
Signed-off-by: Alexander Schwartz <aschwart@redhat.com>
Co-authored-by: Alexander Schwartz <aschwart@redhat.com>
 2025-06-16 08:24:43 +00:00
Steven Hawkins
76bc9fadcb
fix: adding a -- separator for spi options (#40005) 
* fix: adding a -- separator for spi options

closes: #39063

Signed-off-by: Steve Hawkins <shawkins@redhat.com>

* adding a warning for ambiguous spi options

also adding a note about the change

Signed-off-by: Steve Hawkins <shawkins@redhat.com>
# Conflicts:
#	docs/documentation/upgrading/topics/changes/changes-26_3_0.adoc

* updating docs to the new format

Signed-off-by: Steve Hawkins <shawkins@redhat.com>
# Conflicts:
#	docs/guides/high-availability/examples/generated/keycloak-ispn.yaml
#	docs/guides/high-availability/examples/generated/keycloak.yaml

* internally using the new spi options

also adding a deprecation notice

Signed-off-by: Steve Hawkins <shawkins@redhat.com>

* Apply suggestions from code review

Co-authored-by: Martin Bartoš <mabartos@redhat.com>
Signed-off-by: Steven Hawkins <shawkins@redhat.com>

* correcting options output

adding + + inlining where needed

Signed-off-by: Steve Hawkins <shawkins@redhat.com>

* adding test showing the env mapping with __

Signed-off-by: Steve Hawkins <shawkins@redhat.com>

---------

Signed-off-by: Steve Hawkins <shawkins@redhat.com>
Signed-off-by: Steven Hawkins <shawkins@redhat.com>
Co-authored-by: Martin Bartoš <mabartos@redhat.com>
 2025-06-13 16:13:53 +02:00
Ricardo Martin
b89f8a0225
Documentation changes for the 2FA additions 
Closes #40001

Signed-off-by: rmartinc <rmartinc@redhat.com>
 2025-06-12 09:30:27 +02:00
mposolda
b03b9f9e3a Improve documentation of service-accounts and make it more clear. Delete the unused file service-accounts.adoc 
closes #39748

Signed-off-by: mposolda <mposolda@gmail.com>
 2025-06-05 08:45:12 +02:00
Pedro Igor
7cc055f8a6 Verify brokered user email based on the email_verified claim from the ID Token returned by the OP 
Closes #39885

Signed-off-by: Pedro Igor <pigor.craveiro@gmail.com>
 2025-05-29 10:45:18 -03:00
Pedro Igor
e6e6fa60fa Adding OAuth2-based identity broker 
Closes #35266

Signed-off-by: Pedro Igor <pigor.craveiro@gmail.com>
 2025-05-27 12:07:01 -03:00
rmartinc
3c511635ba Skip AIA for webauthn register if a crendential of teh correct type already exists 
Closes #39191

Signed-off-by: rmartinc <rmartinc@redhat.com>
 2025-05-20 18:09:12 +02:00
Kai J. Witt
c76bb0683c
Make max auth age configurable for all required actions by default 
Moved the current configuration implementation for the update password

Closes #39408

Signed-off-by: Kai Josef Witt <KWitt@vhv.de>
Signed-off-by: Marek Posolda <mposolda@gmail.com>
Co-authored-by: Kai Josef Witt <KWitt@vhv.de>
Co-authored-by: Marek Posolda <mposolda@gmail.com>
 2025-05-15 08:44:38 +02:00
Awambeng
ea4ef74917
Fix doc(oid4vc): Correct realm-attributes example and update HTTP method in docs (#39409) 
Closes #39264

Signed-off-by: Awambeng Rodrick <awambengrodrick@gmail.com>
 2025-05-13 10:09:14 +02:00
rmartinc
4730dbdd8d Make recovery codes supported 
Closes #38994

Signed-off-by: rmartinc <rmartinc@redhat.com>
 2025-04-29 10:25:46 +02:00
mposolda
e9283ee71d Documentation for recovery codes (deprecation of password policy and required action config) 
closes #39245

Signed-off-by: mposolda <mposolda@gmail.com>
 2025-04-29 09:29:38 +02:00
Emmanuel Lécharny
a48469896e
Added a link to the ApacheDS doc for server side password hashing 
Closes #39136

Signed-off-by: Emmanuel Lécharny <elecharny@gmail.com>
 2025-04-24 09:25:03 +00:00
Emmanuel Lécharny
1dc97d5d4d
Update ldap.adoc with ApacheDS details 
Added some precision about ApacheDS password management.

Closes #39136

Signed-off-by: Emmanuel Lécharny <elecharny@apache.org>
Signed-off-by: Alexander Schwartz <alexander.schwartz@gmx.net>
Co-authored-by: Alexander Schwartz <alexander.schwartz@gmx.net>
 2025-04-23 07:55:59 +02:00
Marek Posolda
f8a4a8da86
Unexpected AIA Cause Server Errors 
closes #37526

Signed-off-by: mposolda <mposolda@gmail.com>
 2025-04-17 14:15:07 +00:00
Pedro Igor
1ba8fe16ac
Deprecate for removal Instagram Identity Broker (#38998) 
Closes #37967
Closes #36562

Signed-off-by: Pedro Igor <pigor.craveiro@gmail.com>
 2025-04-17 09:07:06 +02:00
Pedro Igor
288b6dae12
More information to docs 
Closes #38798

Signed-off-by: Pedro Igor <pigor.craveiro@gmail.com>
 2025-04-10 20:03:05 +02:00
Pedro Igor
ae88d7921f
Improvements to partial evaluation 
Closes #38732

Signed-off-by: Pedro Igor <pigor.craveiro@gmail.com>
 2025-04-09 18:15:28 +02:00
Pedro Igor
87430fc181
Add impersonate-members scope to group resource type 
Closes #38566

Signed-off-by: Pedro Igor <pigor.craveiro@gmail.com>
 2025-04-07 14:56:27 +00:00
vramik
6488890585 [FGAP:V2] remove configure scope from Client resource type 
Closes #38567

Signed-off-by: vramik <vramik@redhat.com>
 2025-04-07 07:05:02 -03:00
Stefan Guilhen
c4c3e2eee6 Allow redirection to idp when user email matches any of the org domains 
Signed-off-by: Stefan Guilhen <sguilhen@redhat.com>
Co-authored-by: Martin Panzer <martin.panzer@active-logistics.com>

Closes #33804
 2025-04-04 11:28:04 -03:00
Vlasta Ramik
18c8308bb4
[FGAP] Remove redundant sentense from fine grained admin permissions docs 
Closes #38677

Signed-off-by: vramik <vramik@redhat.com>
 2025-04-04 09:41:17 +02:00
vramik
f076b99407 FGAP documentation 
Closes #37245

Signed-off-by: vramik <vramik@redhat.com>
 2025-04-03 09:44:32 -03:00
Marek Posolda
6654e56a7c
Polish documentation for audience and client scopes (#38484) 
closes #19127

Signed-off-by: mposolda <mposolda@gmail.com>


Co-authored-by: Bruno Oliveira da Silva <bruno@abstractj.com>
Signed-off-by: Marek Posolda <mposolda@gmail.com>
 2025-04-03 08:43:06 +02:00
rmartinc
a10c8119d4 Define a max expiration window for Signed JWT client authentication 
Closes #38576

Signed-off-by: rmartinc <rmartinc@redhat.com>
 2025-04-02 18:32:54 +02:00
Alexander Schwartz
e7474646ee
Explicit target for cross-reference 2FA in server admin guide (#38573) 
Closes #38572

Signed-off-by: Alexander Schwartz <aschwart@redhat.com>
 2025-04-01 13:29:30 +02:00
mposolda
cd4e5bc784 Release notes for oid4vci docs 
closes #38485

Signed-off-by: mposolda <mposolda@gmail.com>
 2025-03-29 19:25:24 +01:00
Stefan Guilhen
89d659ee36 Add section about support for federated members in the organization documentation 
Signed-off-by: Stefan Guilhen <sguilhen@redhat.com>

Closes #38471
 2025-03-27 08:03:35 -03:00
Ricardo Martin
a7e63837db
Recovery codes documentation (#38407) 
Closes #30702

Signed-off-by: rmartinc <rmartinc@redhat.com>


Co-authored-by: andymunro <48995441+andymunro@users.noreply.github.com>
 2025-03-27 09:59:14 +01:00
Awambeng
27a7a301e7
Add documentation for configuring Keycloak as a VC issuer 
closes #38256

Signed-off-by: Awambeng Rodrick <awambengrodrick@gmail.com>
 2025-03-26 20:50:43 +01:00
Marek Posolda
db23d8e665
Clarify that XOAUTH2 configuration with Microsoft Office365 is community contributed 
Closes #38376

Signed-off-by: mposolda <mposolda@gmail.com>
Signed-off-by: Marek Posolda <mposolda@gmail.com>
Co-authored-by: Alexander Schwartz <alexander.schwartz@gmx.net>
Co-authored-by: andymunro <48995441+andymunro@users.noreply.github.com>
 2025-03-26 15:54:38 +01:00
Sebastian Rose
4fb1c41155 Sending Mails via SMTP and XOAUTH2 authentication mechanism 
Closes #17432

Signed-off-by: Sebastian Rose <sebastian.rose@gmail.com>
 2025-03-21 10:12:18 +01:00
Takashi Norimatsu
eb2153379a
DPoP: Refresh token created with DPoP can be refreshed without proof 
closes #36475

Signed-off-by: Takashi Norimatsu <takashi.norimatsu.ws@hitachi.com>
 2025-03-17 12:53:19 +01:00
andymunro
1f6f1571fd
update screens for new realm selector 
Closes #37083

Signed-off-by: AndyMunro <amunro@redhat.com>
 2025-03-15 10:54:00 +01:00
Marek Posolda
290905c9cf
Documentation for supported token-exchange (#38008) 
closes #37126

Signed-off-by: Marek Posolda <mposolda@gmail.com>


Co-authored-by: Bruno Oliveira da Silva <bruno@abstractj.com>
Co-authored-by: andymunro <48995441+andymunro@users.noreply.github.com>
 2025-03-14 09:55:44 +01:00
Mihir Vadalia
11a20a2eb3
Documentation for Optional Email Events 
Closes #37998

Signed-off-by: Mihir Vadalia <mihir@defensepoint.com>
Co-authored-by: Mihir Vadalia <mihir@defensepoint.com>
 2025-03-11 21:21:45 +01:00
Stefan Guilhen
86b2a6a95c Fix docs to also mention roles 
Signed-off-by: Stefan Guilhen <sguilhen@redhat.com>

Closes #28569

Signed-off-by: Jakob Overrein <jakob.overrein@basefarm-orange.com>
 2025-03-10 16:13:36 -03:00
Stefan Guilhen
d44ebfd4d1 Document the addition of the Relative User Creation DN 
Signed-off-by: Stefan Guilhen <sguilhen@redhat.com>
 2025-03-10 16:13:36 -03:00
Giuseppe Graziano
690b5ecb25
Grant Type condition for client policies (#37665) 
Closes #37124

Signed-off-by: Giuseppe Graziano <g.graziano94@gmail.com>
 2025-02-27 11:51:06 +01:00
Jon Koops
3ccc88628f
Fix broken external link in Gitlab IdP docs (#37435) 
Closes #37434

Signed-off-by: Jon Koops <jonkoops@gmail.com>
 2025-02-18 11:03:53 +00:00
rmartinc
6850f41060 Force login in reset-credentials to federated users 
Closes #37207

Signed-off-by: rmartinc <rmartinc@redhat.com>
 2025-02-12 13:47:39 -03:00
Pedro Igor
bf3dcda87b Updating messages 
Signed-off-by: Pedro Igor <pigor.craveiro@gmail.com>
 2025-02-07 10:42:45 -03:00