Commit graph

677 commits

Author SHA1 Message Date
AndyMunro
941e7cc3a5 notes about access and refresh tokens
Closes #26919

Signed-off-by: AndyMunro <amunro@redhat.com>
2024-02-28 12:12:48 +01:00
AndyMunro
ca0526f54d Edit Keycloak 24 release notes
Closes #27326

Signed-off-by: AndyMunro <amunro@redhat.com>
2024-02-28 10:43:17 +01:00
Stian Thorgersen
693aa1710f
Added documentation for bug triage process (#27227)
Signed-off-by: stianst <stianst@gmail.com>
2024-02-28 09:41:52 +01:00
Alexander Schwartz
6de61f61f0 Adding missing explicit IDs for cross-references
Closes #27316

Signed-off-by: Alexander Schwartz <aschwart@redhat.com>
2024-02-28 08:37:52 +01:00
Michal Hajas
eadd1c45c4
Document using AWS JDBC Wrapper in HA guide
Closes #27211

Signed-off-by: Michal Hajas <mhajas@redhat.com>
Signed-off-by: Alexander Schwartz <aschwart@redhat.com>
Co-authored-by: Alexander Schwartz <aschwart@redhat.com>
2024-02-26 12:15:04 +00:00
Gilvan Filho
83af01c4c0 Add failedLoginNotBefore to AttackDetectionResource
Closes #17574

Signed-off-by: Gilvan Filho <gfilho@redhat.com>
2024-02-26 09:35:51 +01:00
Pedro Igor
b98e115183 Updating docs and account message
Signed-off-by: Pedro Igor <pigor.craveiro@gmail.com>
2024-02-22 22:58:22 +09:00
Pedro Igor
604274fb76 Allow setting an attribute as multivalued
Closes #23539

Signed-off-by: Pedro Igor <pigor.craveiro@gmail.com>

Co-authored-by: Jon Koops <jonkoops@gmail.com>
Co-authored-by: Erik Jan de Wit <erikjan.dewit@gmail.com>
2024-02-22 12:56:44 +01:00
Takashi Norimatsu
1e12b15890 Supporting OAuth 2.1 for public clients
closes #25316

Co-authored-by: shigeyuki kabano <shigeyuki.kabano.sj@hitachi.com>
Signed-off-by: Takashi Norimatsu <takashi.norimatsu.ws@hitachi.com>
2024-02-22 10:57:29 +01:00
Douglas Palmer
b0ef746f39 Permanently lock users out after X temporary lockouts during a brute force attack
Closes #26172

Signed-off-by: Douglas Palmer <dpalmer@redhat.com>
2024-02-22 09:34:51 +01:00
Takashi Norimatsu
9ea679ff35 Supporting OAuth 2.1 for confidential clients
closes #25314

Co-authored-by: shigeyuki kabano <shigeyuki.kabano.sj@hitachi.com>
Signed-off-by: Takashi Norimatsu <takashi.norimatsu.ws@hitachi.com>
2024-02-22 08:34:21 +01:00
Alexander Schwartz
25f2b52afd Remove the preview note from Keycloak's HA guide
Closes #27084

Signed-off-by: Alexander Schwartz <aschwart@redhat.com>
2024-02-21 19:59:15 +01:00
Jon Koops
89af9e3ffd
Write announcement and documentation for Account Console v3 (#26318)
Closes #26122

Signed-off-by: Jon Koops <jonkoops@gmail.com>
2024-02-21 13:42:33 -05:00
Alexander Schwartz
5f56a9b356
Keycloak users should not need to understand the depths of Quarkus configuration to implement Keycloak HA (#27122)
Closes #27121

Signed-off-by: Alexander Schwartz <aschwart@redhat.com>
2024-02-21 13:49:14 +01:00
Alexander Schwartz
3b6886d970
Add warning about too long attribute values as it can exhaust caches (#27126)
Closes #27125

Signed-off-by: Alexander Schwartz <aschwart@redhat.com>
2024-02-21 13:47:58 +01:00
Václav Muzikář
33425dacd9
Add proxy-headers option to the Keycloak CR (#27092)
Closes #25179

Signed-off-by: Václav Muzikář <vmuzikar@redhat.com>
2024-02-21 12:19:37 +01:00
Václav Muzikář
de60c9b469
Tweak the default memory request and limit in the Operator (#27170)
Closes #27169

Signed-off-by: Václav Muzikář <vmuzikar@redhat.com>
2024-02-21 10:03:17 +01:00
Takashi Norimatsu
1bdbaa2ca5 Client policies: executor for validate and match a redirect URI
closes #25637

Signed-off-by: Takashi Norimatsu <takashi.norimatsu.ws@hitachi.com>
2024-02-20 08:37:33 +01:00
Joshua Sorah
018914d7fd Change Open ID Connect to OpenID Connect in UI and docs
Closes #27093

Signed-off-by: Joshua Sorah <jsorah@redhat.com>
2024-02-19 17:01:57 +01:00
Václav Muzikář
fb49c21f90
Fix docs around --config-file option (#27129)
Closes #22540

Signed-off-by: Václav Muzikář <vmuzikar@redhat.com>
2024-02-19 15:13:09 +01:00
Takashi Norimatsu
849a920955 Rename Resident key to Discoverable Credential
closes #9508

Signed-off-by: Takashi Norimatsu <takashi.norimatsu.ws@hitachi.com>
2024-02-19 14:12:15 +01:00
Alexander Schwartz
5f797e3e71
Update Keycloak HA Guide new resource limit settings (#27079)
Closes #27078

Signed-off-by: Alexander Schwartz <aschwart@redhat.com>
2024-02-19 10:41:49 +01:00
Alexander Schwartz
7135b4ec4c
Add Amazon Aurora PostgreSQL to the list of tested databases (#27049)
Closes #27048

Signed-off-by: Alexander Schwartz <aschwart@redhat.com>
2024-02-19 09:16:49 +01:00
Marek Posolda
d8ab12eab7
Release notes for Keycloak 24 with OIDC contributions (#27047)
closes #25729

Signed-off-by: mposolda <mposolda@gmail.com>


Co-authored-by: andymunro <48995441+andymunro@users.noreply.github.com>
2024-02-16 08:34:20 +01:00
Vlasta Ramik
76453550a5
User attribute value length extension
Closes #9758

Signed-off-by: vramik <vramik@redhat.com>
Signed-off-by: Alexander Schwartz <aschwart@redhat.com>
Signed-off-by: Michal Hajas <mhajas@redhat.com>
Co-authored-by: Alexander Schwartz <aschwart@redhat.com>
Co-authored-by: Michal Hajas <mhajas@redhat.com>
2024-02-16 08:09:34 +01:00
Martin Bartoš
59007844d9
Supported option to specify resource management for pods in Keycloak CR (#26661)
Closes #26456

Signed-off-by: Martin Bartoš <mabartos@redhat.com>
2024-02-15 13:38:41 +01:00
rmartinc
4ff4c3f897 Increase internal algorithm security using HS512 and 128 byte hmac keys
Closes #13080

Signed-off-by: rmartinc <rmartinc@redhat.com>
2024-02-15 08:16:45 +01:00
Marek Posolda
16fca0118e
User profile - release notes and more migration instructions (#27003)
closes #26917
closes #26932

Signed-off-by: mposolda <mposolda@gmail.com>


Co-authored-by: Pedro Igor <pigor.craveiro@gmail.com>
Co-authored-by: andymunro <48995441+andymunro@users.noreply.github.com>
2024-02-15 08:14:16 +01:00
Marek Posolda
e2fb8406a3
Fixing the docs about default hashing iterations (#27020)
closes #26816

Signed-off-by: mposolda <mposolda@gmail.com>


Co-authored-by: andymunro <48995441+andymunro@users.noreply.github.com>
2024-02-15 08:11:44 +01:00
Joshua Sorah
b81233a4af
[docs] Align OAuth 2.0 Security Best Current Practice links (#24706)
Closes keycloak/keycloak#24705

Signed-off-by: Joshua Sorah <jsorah@gmail.com>
2024-02-13 13:53:56 +01:00
Michal Hajas
83f3e91e4f
Use http-pool-max-threads in HA guides
Closes #26849

Signed-off-by: Michal Hajas <mhajas@redhat.com>
Signed-off-by: Alexander Schwartz <aschwart@redhat.com>
Co-authored-by: Alexander Schwartz <aschwart@redhat.com>
2024-02-13 10:01:59 +00:00
Pedro Igor
750bc2c09c Reviewing references to user attribute management and UIs
Closes #26155

Signed-off-by: Pedro Igor <pigor.craveiro@gmail.com>
2024-02-12 16:01:34 +01:00
mposolda
7af753e166 Documentation for AIA
closes #25569

Signed-off-by: mposolda <mposolda@gmail.com>

Co-authored-by: andymunro <48995441+andymunro@users.noreply.github.com>
2024-02-12 09:42:34 +01:00
Thomas Darimont
93fc6a6c54 Shorter lifespan for offline session cache entries in memory
Closes #26810

Co-authored-by: Thomas Darimont <thomas.darimont@googlemail.com>
Co-authored-by: Martin Kanis <mkanis@redhat.com>

Signed-off-by: Thomas Darimont <thomas.darimont@googlemail.com>
Signed-off-by: Martin Kanis <mkanis@redhat.com>
2024-02-09 19:44:04 +01:00
stianst
d2f74dd83d Fix anchors in securing apps guide in prod profile
Closes #26853

Signed-off-by: Alexander Schwartz <aschwart@redhat.com>
2024-02-09 12:31:30 +01:00
Pedro Igor
b91ad23b20
Update theme documentation about the considerations when deploying custom themes (#26885)
Related #23907

Signed-off-by: Pedro Igor <pigor.craveiro@gmail.com>
2024-02-09 04:21:54 +01:00
Steven Hawkins
77581d2527
fix: change from operator. to kc.operator. keys (#26414)
closes #12352

Signed-off-by: Steve Hawkins <shawkins@redhat.com>
2024-02-08 15:03:20 +01:00
Michal Hajas
de598577b1 Fix confusing SAML NameId mapper format tooltip
Closes #26051
Signed-off-by: Michal Hajas <mhajas@redhat.com>
Co-authored-by: Hynek Mlnařík <hmlnarik@users.noreply.github.com>
2024-02-08 11:21:11 +01:00
Stian Thorgersen
cd1e483134
Remove section on adding custom attributes with account v1 and custom themes (#26858)
Closes #26856

Signed-off-by: stianst <stianst@gmail.com>
2024-02-08 07:28:32 +01:00
Alexander Schwartz
786023fd06
Update HA guide about non-blocking probes (#26783)
Closes #26781

Signed-off-by: Alexander Schwartz <aschwart@redhat.com>
2024-02-07 16:16:50 +01:00
Michael Schnitzler
fdfe41bdda fix documentation for resetting OTP in "reset credentials" flow (#26834)
The former version stated that the "Reset OTP" step had to be disabled in the "reset credentials" authentication flow in order to keep the OTP unchanged. This leads to an error. More precisely, the "Reset - Conditional OTP" sub-flow has to be disabled.

Fixex #26834

Signed-off-by: Michael Schnitzler <schnitzler.michael+github@gmail.com>
2024-02-07 11:57:58 -03:00
Tero Saarni
ac1780a54f
Added event for temporary lockout for brute force protector (#26630)
This change adds event for brute force protector when user account is
temporarily disabled.

It also lowers the priority of free-text log for failed login attempts.

Signed-off-by: Tero Saarni <tero.saarni@est.tech>
Signed-off-by: Alexander Schwartz <aschwart@redhat.com>
Co-authored-by: Alexander Schwartz <aschwart@redhat.com>
2024-02-07 14:13:33 +00:00
zak905
bcd423b270 rephrase sentence in changes-22_0_0.adoc for more clarity
Signed-off-by: zak905 <zakaria.amine88@gmail.com>
2024-02-07 09:32:43 -03:00
zak905
c7db7bd528 Update custom rest endpoint documentation and example
Add a mention about beans.xml and @Provider in the extending server documentation

Add beans.xml in the rest provider example

Add a mention about @Provider in the upgrading guides

Closes #25882

Signed-off-by: zak905 <zakaria.amine88@gmail.com>

Address suggested change for docs/documentation/server_development/topics/extensions.adoc

Co-authored-by: Pedro Igor <pigor.craveiro@gmail.com>

Address suggested change for docs/documentation/server_development/topics/extensions.adoc

Co-authored-by: Pedro Igor <pigor.craveiro@gmail.com>
Signed-off-by: zak905 <zakaria.amine88@gmail.com>

Address suggested change for docs/documentation/upgrading/topics/keycloak/changes-22_0_0.adoc

Co-authored-by: Pedro Igor <pigor.craveiro@gmail.com>
Signed-off-by: zak905 <zakaria.amine88@gmail.com>
2024-02-07 09:32:43 -03:00
mposolda
ab7426b857 User profile migration documentation for default validations and strange attributes
closes #26634
closes #25979

Signed-off-by: mposolda <mposolda@gmail.com>

Co-authored-by: andymunro <48995441+andymunro@users.noreply.github.com>
2024-02-06 16:48:03 -03:00
Alexander Schwartz
486b199548 Make label for Keycloak container images configurable
Closes #26819

Signed-off-by: Alexander Schwartz <aschwart@redhat.com>
2024-02-06 16:16:00 +01:00
Stian Thorgersen
c4b1fd092a
Use code from RestEasy to create and set cookies (#26558)
Closes #26557

Signed-off-by: stianst <stianst@gmail.com>
2024-02-06 15:14:04 +01:00
Hynek Mlnarik
c866e8e6f9 Introduce index.ftl into base account theme
Fixes: #26487

Signed-off-by: Hynek Mlnarik <hmlnarik@redhat.com>
2024-02-06 14:29:07 +01:00
Alexander Schwartz
43c200a8ce Update migration guide
Closes #26490

Signed-off-by: Alexander Schwartz <aschwart@redhat.com>
2024-02-05 14:41:44 +01:00
Kamesh Akella
4459ed66ad update cpu sizing based on the hashing changes
Closes #26490

Signed-off-by: Kamesh Akella <kamesh.asp@gmail.com>
2024-02-05 14:41:44 +01:00
Michal Hajas
80de12d59a Update HA guides to use the new ISPN config options
Closes #26776

Signed-off-by: Michal Hajas <mhajas@redhat.com>
2024-02-05 11:40:08 +01:00
Pascal Paulis
2785bbd29b
added comment about MySQL Server parameter sql_generate_invisible_primary_key
Closes #23268

Signed-off-by: Pascal Paulis <ppaulis@gmail.com>
2024-02-05 10:36:31 +01:00
Pedro Igor
4338f44955 Reviewing the user profile documentation
Closes #26154

Signed-off-by: Pedro Igor <pigor.craveiro@gmail.com>
2024-02-02 17:14:51 +01:00
christian-2
e14b523a8d
Fixes typo in Server Administration guide (#26543)
Signed-off-by: Christian Hörtnagl <christian2@univie.ac.at>
2024-02-01 19:36:32 +01:00
mposolda
56a605fae7 Documentation for SuppressRefreshTokenRotationExecutor
closes #26587

Signed-off-by: mposolda <mposolda@gmail.com>

Co-authored-by: andymunro <48995441+andymunro@users.noreply.github.com>
2024-02-01 17:18:50 +01:00
Martin Bartoš
14d97ca9ea Update Maven dependency versions for docs
Update Maven Wrapper version

Closes #26689

Fixes #26686

Signed-off-by: Martin Bartoš <mabartos@redhat.com>
2024-02-01 13:42:25 +01:00
Pedro Igor
3a7ce54266 Allow formating numbers when rendering attributes
Closes keycloak#26320

Signed-off-by: Pedro Igor <pigor.craveiro@gmail.com>
2024-02-01 08:14:58 -03:00
Martin Kanis
a3fcacdab7 Map Store Removal: deprecate model legacy module
Closes #26598

Signed-off-by: Martin Kanis <mkanis@redhat.com>
2024-01-31 17:40:45 +01:00
Steven Hawkins
66e45a335e
doc: noting the formats apply to spi options as well (#26648)
closes: #26468

Signed-off-by: Steve Hawkins <shawkins@redhat.com>
2024-01-31 16:09:47 +00:00
Steven Hawkins
f55e903092
Convert watching to polling and adding infinispan config file support (#26510)
Signed-off-by: Steve Hawkins <shawkins@redhat.com>
2024-01-31 12:57:34 +00:00
Alexander Schwartz
c1ae9a0817
Prevent blank after backslash which breaks shell execution (#26632)
Closes #26631

Signed-off-by: Alexander Schwartz <aschwart@redhat.com>
2024-01-31 13:17:31 +01:00
Stian Thorgersen
bc3c27909e
Cookie Provider (#26499)
Closes #26500

Signed-off-by: stianst <stianst@gmail.com>
2024-01-26 10:45:00 +01:00
Martin Kanis
7797f778d1 Map Store Removal: Rename legacy modules
Closes #24107

Signed-off-by: Martin Kanis <mkanis@redhat.com>
2024-01-25 16:29:16 +01:00
Thomas Darimont
e7363905fa Change password hashing defaults according to OWASP recommendations (#16629)
Changes according to the latest [OWASP cheat sheet for secure Password Storage](https://cheatsheetseries.owasp.org/cheatsheets/Password_Storage_Cheat_Sheet.html#pbkdf2):

- Changed default password hashing algorithm from pbkdf2-sha256 to pbkdf2-sha512
- Increased number of hash iterations for pbkdf2-sha1 from 20.000 to 1.300.000
- Increased number of hash iterations for pbkdf2-sha256 from 27.500 to 600.000
- Increased number of hash iterations for pbkdf2-sha512 from 30.000 to 210.000
- Adapt PasswordHashingTest to new defaults
- The test testBenchmarkPasswordHashingConfigurations can be used to compare the different hashing configurations.
- Document changes in changes document with note on performance and how
  to keep the old behaviour.
- Log a warning at the first time when Pbkdf2PasswordHashProviderFactory is used directly

Fixes #16629

Signed-off-by: Thomas Darimont <thomas.darimont@googlemail.com>
2024-01-24 18:35:51 +01:00
Stian Thorgersen
fea49765f0
Remove Jetty 9.4 adapters (#26261)
Only removing the distribution of the Jetty adapter for now, and leaving the rest for now. This is due to the complexity of removing all Jetty adapter code due to Spring, OSGI, Fuse, testsuite, etc. and it will be better to leave the rest of the clean-up to after 24 when we are removing most adapters

Closes #26255

Signed-off-by: stianst <stianst@gmail.com>
2024-01-24 11:17:29 +01:00
Martin Kanis
84603a9363
Map Store Removal: Rename Legacy* classes (#26273)
Closes #24105

Signed-off-by: Martin Kanis <mkanis@redhat.com>
2024-01-23 13:50:31 +00:00
Jon Koops
5bf2d4b6ec
Enable PKCE by default for Keycloak JS (#26412)
Closes #26411

Signed-off-by: Jon Koops <jonkoops@gmail.com>
2024-01-23 14:04:13 +01:00
Thomas Darimont
cc7d6a9b79
Improve wording for Concepts for configuring thread pools in docs
Closes #26402

Signed-off-by: Thomas Darimont <thomas.darimont@googlemail.com>
Signed-off-by: Alexander Schwartz <aschwart@redhat.com>
Co-authored-by: Alexander Schwartz <aschwart@redhat.com>
2024-01-23 12:56:55 +00:00
Alexander Schwartz
e6cd9a2987
Remove product specific content about Linux only (#26222)
Closes #26220

Signed-off-by: Alexander Schwartz <aschwart@redhat.com>
2024-01-22 10:38:07 +01:00
Pedro Ruivo
70b4c6bf52
Encrypt network communication in JGroups
Closes #25702 

Signed-off-by: Pedro Ruivo <pruivo@redhat.com>
Signed-off-by: Alexander Schwartz <aschwart@redhat.com>
Co-authored-by: Alexander Schwartz <aschwart@redhat.com>
2024-01-18 17:24:27 +00:00
rmartinc
2f0a0b6ad8 Remove deprecated mode for saml encryption
Closes #26291

Signed-off-by: rmartinc <rmartinc@redhat.com>
2024-01-18 16:52:10 +01:00
Lex Cao
a960d0d8fa Add upgrading docs for changes to send-verify-email API
Closes #26146.

Signed-off-by: Lex Cao <lexcao@foxmail.com>
2024-01-18 09:48:01 +01:00
Ryan Emerson
ba76682590
Use the http-max-queued-requests option for load shedding in HA docs
Resolves #26223

Signed-off-by: Ryan Emerson <remerson@redhat.com>
2024-01-17 15:44:08 +01:00
Alexander Schwartz
b9498b91cb
Deprecating the offline session preloading (#26160)
Closes #25300

Signed-off-by: Alexander Schwartz <aschwart@redhat.com>
2024-01-16 09:29:01 +01:00
Luca Orlandi
d70dd9db67
Update placeholders for hostname and port (#24153)
Signed-off-by: Alexander Schwartz <aschwart@redhat.com>
Co-authored-by: Alexander Schwartz <aschwart@redhat.com>
2024-01-11 12:05:05 +01:00
Kévin Martins
16dddfa49c
Complete the documentation for the use case of a resource from an email template. (#25705)
Signed-off-by: Kevin MARTINS <k.martins@ubitransport.com>
2024-01-10 18:08:04 -03:00
Alexander Schwartz
0f48027ffb Reduce internal unsupported options in the Keycloak HA documentation
Closes #26068

Signed-off-by: Alexander Schwartz <aschwart@redhat.com>
2024-01-10 17:38:15 +01:00
AndyMunro
b875acbc20 Change RHDG to Infinispan
Closes #26083

Signed-off-by: AndyMunro <amunro@redhat.com>
2024-01-10 17:18:50 +01:00
rmartinc
179ca3fa3a Sanitize logs in JBossLoggingEventListenerProvider
Closes #25078

Signed-off-by: rmartinc <rmartinc@redhat.com>
2024-01-10 16:50:27 +01:00
Alexander Schwartz
4be4212dca
Remove conditionals about Linux vs. Windows (#26031)
Closes #26028

Signed-off-by: Alexander Schwartz <aschwart@redhat.com>
2024-01-10 16:03:38 +01:00
Steven Hawkins
41dd1d2161
doc: adding notes about header priority (#25959)
closes: keycloak#23023

Signed-off-by: Steve Hawkins <shawkins@redhat.com>
2024-01-10 09:21:49 +01:00
Alexander Schwartz
01939bcf34
Remove concurrent loading of remote sessions as at startup time only one node is up anyway. (#25709)
Closes #22082

Signed-off-by: Alexander Schwartz <aschwart@redhat.com>
Co-authored-by: Martin Kanis <martin-kanis@users.noreply.github.com>
2024-01-09 16:55:22 +01:00
andymunro
70e15bdaa4
Clarify note about containers
Closes #26006

Signed-off-by: AndyMunro <amunro@redhat.com>
2024-01-09 15:20:18 +01:00
shigeyuki kabano
8b65e6727b Creating documentation for Lightweight access token(#25743)
Closes keycloak#23725

Signed-off-by: shigeyuki kabano <shigeyuki.kabano.sj@hitachi.com>
2024-01-09 09:48:20 +01:00
Pedro Igor
7fad0e805e
Improve brute force documentation around how the effective wait time is calculated
Closes #25915

Signed-off-by: Pedro Igor <pigor.craveiro@gmail.com>
Co-authored-by: Alexander Schwartz <alexander.schwartz@gmx.net>
Co-authored-by: andymunro <48995441+andymunro@users.noreply.github.com>
2024-01-09 07:50:17 +00:00
Sebastian Schuster
92d6da437b
Fixed tiny doc typo (#26012)
Signed-off-by: Sebastian Schuster <sebastian.schuster@bosch.io>
2024-01-09 08:02:02 +01:00
Douglas Palmer
58d167fe59 Deleting a User or User Group might cause that all users suddenly get the permissions of the deleted user.
Closes #24651
Signed-off-by: Douglas Palmer <dpalmer@redhat.com>
2024-01-08 19:32:01 -03:00
Alexander Schwartz
badf3f461d Making metrics with labels for embedded Infinispan the default
Closes #25935

Signed-off-by: Alexander Schwartz <aschwart@redhat.com>
2024-01-08 21:29:03 +01:00
Jon Koops
ddcaa6dcbf
Add release announcement and migration for new welcome theme (#25895)
Closes #25894

Signed-off-by: Jon Koops <jonkoops@gmail.com>
2024-01-08 13:10:51 +00:00
Steven Hawkins
7bde7c30cc
fix: do not split on space for option errors (#25876)
closes #25783

Signed-off-by: Steve Hawkins <shawkins@redhat.com>
2024-01-05 13:01:17 +01:00
Pedro Igor
8ff9e71eae Do not allow verifying email from a different account
Closes #14776

Signed-off-by: Pedro Igor <pigor.craveiro@gmail.com>
2024-01-05 12:45:07 +01:00
Ryan Emerson
60f80ce0c8
Update Route53 HA guide to be compatible with ROSA and OpenShift 4.14.x (#25900)
Closes #25733

Signed-off-by: Ryan Emerson <remerson@redhat.com>
Signed-off-by: Alexander Schwartz <aschwart@redhat.com>
Co-authored-by: Alexander Schwartz <aschwart@redhat.com>
2024-01-04 17:45:32 +00:00
Pedro Ruivo
2c70b45205
High Availability Docs: use unbounded token for cross-site connection
Expirable tokens are more secure but it requires manual intervention to
create and share them when they expire.

I have updated the documentation to use non-expirable tokens.

Closes #25909

Signed-off-by: Pedro Ruivo <pruivo@redhat.com>
Signed-off-by: Alexander Schwartz <aschwart@redhat.com>
Co-authored-by: Alexander Schwartz <aschwart@redhat.com>
2024-01-04 17:12:17 +00:00
Ben Cresitello-Dittmar
057d8a00ac Implement Authentication Method Reference (AMR) claim from OIDC specification
This implements a method for configuring authenticator reference values for Keycloak authenticator executions and a protocol mapper for populating the AMR claim in the resulting OIDC tokens.

This implementation adds a default configuration item to each authenticator execution, allowing administrators to configure an authenticator reference value. Upon successful completion of an authenticator during an authentication flow, Keycloak tracks the execution ID in a user session note.

The protocol mapper pulls the list of completed authenticators from the user session notes and loads the associated configurations for each authenticator execution. It then captures the list of authenticator references from these configs and sets it in the AMR claim of the resulting tokens.

Closes #19190

Signed-off-by: Ben Cresitello-Dittmar <bcresitellodittmar@mitre.org>
2024-01-03 14:59:05 -03:00
Steven Hawkins
667ce4be9e
enhance: supporting versioned features (#24811)
also adding a common PropertyMapper validation method

closes #24668

Co-authored-by: Václav Muzikář <vaclav@muzikari.cz>
Co-authored-by: Martin Bartoš <mabartos@redhat.com>
2024-01-03 17:56:31 +01:00
Pedro Igor
ceb085e7b8 Update the UPDATE_EMAIL feature to rely on the user profile configuration when rendering templates and validating the email
Closes #25704

Signed-off-by: Pedro Igor <pigor.craveiro@gmail.com>
2023-12-20 15:15:06 -03:00
Takashi Norimatsu
751cadc514 Documentation about Australia Consumer Data Right security profile
closes #25236

Signed-off-by: Takashi Norimatsu <takashi.norimatsu.ws@hitachi.com>
2023-12-19 21:06:03 +01:00
Konstantinos Georgilakis
ba8c22eaf0 Scope parameter in Oauth 2.0 token exchange
Closes #21578

Signed-off-by: cgeorgilakis-grnet <cgeorgilakis@admin.grnet.gr>
2023-12-18 15:44:26 -03:00
Pedro Igor
778847a3ce Updating theme templates to render user attributes based on the user profile configuration
Closes #25149

Signed-off-by: Pedro Igor <pigor.craveiro@gmail.com>
2023-12-18 15:35:52 -03:00
Steven Hawkins
bee7595275
fix: adding the kube ca cert to the truststores
closes #10794

Signed-off-by: Steve Hawkins <shawkins@redhat.com>
Co-authored-by: Alexander Schwartz <alexander.schwartz@gmx.net>
2023-12-18 15:56:43 +01:00
Steven Hawkins
e148021a67
fix: adding filtering to ignore anything runtime during a build (#25434)
fix: adding filtering to ignore anything runtime during a build

closes: #25166

Signed-off-by: Steve Hawkins <shawkins@redhat.com>
Co-authored-by: Martin Bartoš <mabartos@redhat.com>
2023-12-18 12:50:47 +00:00
Marek Posolda
be935c2763
Incorrect version of the fix in release notes (#25661)
closes #25660

Signed-off-by: mposolda <mposolda@gmail.com>
2023-12-18 11:56:58 +01:00
Takashi Norimatsu
59536becec Client policies : executor for enforcing DPoP
closes #25315

Signed-off-by: Takashi Norimatsu <takashi.norimatsu.ws@hitachi.com>
2023-12-18 10:45:18 +01:00
AndyMunro
2853136bbb Remove topic on user attributes in Account Console
Closes #22555

Signed-off-by: AndyMunro <amunro@redhat.com>
2023-12-15 12:07:35 +01:00
Erwin Rooijakkers
860978b15a Change arg of getSubGroups to briefRepresentation
Parameter name briefRepresentation should mean briefRepresentation,
   not full. This way callers will by default get the full
   representation, unless true is passed as value for
   briefRepresentation.

   Fixes #25096

Signed-off-by: Erwin Rooijakkers <erwin@rooijakkers.software>
2023-12-14 17:23:27 +01:00
Steven Hawkins
08751001db
enhance: adds truststores to the keycloak cr (#25215)
also generally correcting the misspelling trustore

closes: #24798

Signed-off-by: Steve Hawkins <shawkins@redhat.com>
2023-12-14 11:15:06 -03:00
Václav Muzikář
e4c348e99e
Add new --proxy-headers option (#25178)
* Add new `--proxy-headers` option

Closes #23431

Signed-off-by: Václav Muzikář <vmuzikar@redhat.com>

Co-authored-by: Martin Bartoš <mabartos@redhat.com>
Co-authored-by: Alexander Schwartz <aschwart@redhat.com>

* Address review comments vol. 03

Signed-off-by: Václav Muzikář <vmuzikar@redhat.com>

* Address review comments vol. 04

Signed-off-by: Václav Muzikář <vmuzikar@redhat.com>

---------

Signed-off-by: Václav Muzikář <vmuzikar@redhat.com>
Co-authored-by: Martin Bartoš <mabartos@redhat.com>
Co-authored-by: Alexander Schwartz <aschwart@redhat.com>
2023-12-13 10:48:12 -03:00
Pedro Igor
fa79b686b6 Refactoring user profile interfaces and consolidating user representation for both admin and account context
Signed-off-by: Pedro Igor <pigor.craveiro@gmail.com>
2023-12-13 08:27:55 +01:00
Ryan Emerson
fc2120c881
Add docs for automating Infinispan CLI commands
Add docs for automating Infinispan CLI commands, Move Batch CR to its own concept

Signed-off-by: Ryan Emerson <remerson@redhat.com>
Signed-off-by: Alexander Schwartz <aschwart@redhat.com>
Co-authored-by: Alexander Schwartz <aschwart@redhat.com>
2023-12-11 17:48:28 +01:00
Steven Hawkins
4db4982e9d
enhance: adding a start optimized flag (#25216)
closes: #25015



Update docs/guides/operator/customizing-keycloak.adoc
Update docs/documentation/release_notes/topics/24_0_0.adoc
Update operator/src/main/java/org/keycloak/operator/crds/v2alpha1/deployment/KeycloakSpec.java

Signed-off-by: Václav Muzikář <vmuzikar@redhat.com>
Co-authored-by: Václav Muzikář <vaclav@muzikari.cz>
2023-12-11 16:15:16 +00:00
Steven Hawkins
ba3451ff2e
doc: adding a note about removing the (#25436)
closes: #25307

Signed-off-by: Steve Hawkins <shawkins@redhat.com>
2023-12-08 17:47:33 +01:00
Steven Hawkins
a04613e7ea
doc: adding a note about config expressions
Closes: #19831

Signed-off-by: Steve Hawkins <shawkins@redhat.com>
Co-authored-by: Václav Muzikář <vaclav@muzikari.cz>
Co-authored-by: Alexander Schwartz <aschwart@redhat.com>
Co-authored-by: andymunro <48995441+andymunro@users.noreply.github.com>
2023-12-06 19:29:47 +00:00
Alexander Schwartz
a08f112f79
Add links to guides and GitHub discussions (#25271)
This should increase the likelihood for feedback

Closes #25270

Signed-off-by: Alexander Schwartz <aschwart@redhat.com>
2023-12-05 08:57:52 +01:00
Michal Hajas
d387f13525
Add tests for lb-check endpoint
Added documentation why the check retries and updated outdated docs

Closes #25113

Signed-off-by: Michal Hajas <mhajas@redhat.com>
Signed-off-by: Alexander Schwartz <aschwart@redhat.com>
Co-authored-by: Alexander Schwartz <aschwart@redhat.com>
2023-12-04 08:53:37 +01:00
Michal Hajas
cafc238ff2
Add documentation for lb-check
Closes #25077

Signed-off-by: Michal Hajas <mhajas@redhat.com>
Signed-off-by: Alexander Schwartz <aschwart@redhat.com>
Co-authored-by: Alexander Schwartz <aschwart@redhat.com>
2023-11-30 12:47:06 +00:00
Steven Hawkins
8c3df19722
feature: add option for creating a global truststore (#24473)
closes #24148

Co-authored-by: Václav Muzikář <vaclav@muzikari.cz>
Co-authored-by: Martin Bartoš <mabartos@redhat.com>
2023-11-30 08:57:17 +01:00
Alexander Schwartz
dd5b9b1c36
Fix cross-links in guides and remove unprocessed content in include (#25126)
Closes #25090

Signed-off-by: Alexander Schwartz <aschwart@redhat.com>
2023-11-30 08:17:23 +01:00
rmartinc
16afecd6b4 Allow automatic download of SAML certificates in the identity provider
Closes https://github.com/keycloak/keycloak/issues/24424

Signed-off-by: rmartinc <rmartinc@redhat.com>
2023-11-29 18:03:31 +01:00
rmartinc
3bc028fe2d Remove lowercase for the hostname as recommended/advised by OAuth spec
Closes https://github.com/keycloak/keycloak/issues/25001

Signed-off-by: rmartinc <rmartinc@redhat.com>
2023-11-29 10:26:00 -03:00
Takashi Norimatsu
29aec9c5b5 Documentation Inconsistency about Open Banking(Finance) Brasil FAPI security profile
closes #25108

Signed-off-by: Takashi Norimatsu <takashi.norimatsu.ws@hitachi.com>
2023-11-29 07:39:51 -03:00
Stian Thorgersen
ccf9a50d4d
Add a doc with relevant links around CNCF (#24227)
* Add a doc with relevant links around CNCF

* Update docs/cnfc.md

* Update docs/cnfc.md

Co-authored-by: Václav Muzikář <vaclav@muzikari.cz>

---------

Co-authored-by: Václav Muzikář <vaclav@muzikari.cz>
2023-11-29 05:51:56 +01:00
Steven Hawkins
dacee3a36b
doc: adding a note that quoting all of the arguments no longer works (#25083)
closes #25018

Signed-off-by: Steve Hawkins <shawkins@redhat.com>
2023-11-28 14:31:47 +01:00
Jon Koops
48fc29a5c6
Use exports field for Keycloak JS (#24974)
Closes #24923

Signed-off-by: Jon Koops <jonkoops@gmail.com>
2023-11-24 10:50:02 +01:00
Alexander Schwartz
68b33be655 Adress keycloak high-availability guide follow-up items
Closes #24975

Signed-off-by: Alexander Schwartz <aschwart@redhat.com>
2023-11-23 17:12:46 +01:00
Stian Thorgersen
f41383a851
Release notes editorial for 23 (#24972)
Signed-off-by: stianst <stianst@gmail.com>
2023-11-23 13:34:45 +01:00
Alexander Schwartz
834ef79509
Adding a Keycloak High Availability section to Keycloak's docs
The content was moved over from the Keycloak Benchmark subproject.

Closes #24844

Signed-off-by: Alexander Schwartz <aschwart@redhat.com>
Co-authored-by: Pedro Ruivo <pruivo@redhat.com>
Co-authored-by: Michal Hajas <mhajas@redhat.com>
Co-authored-by: Kamesh Akella <kakella@redhat.com>
Co-authored-by: Ryan Emerson <remerson@redhat.com>
Co-authored-by: Anna Manukyan <amanukya@redhat.com>
Co-authored-by: Thomas Darimont <thomas.darimont@googlemail.com>
Co-authored-by: Stian Thorgersen <stian@redhat.com>
Co-authored-by: Thomas Darimont <thomas.darimont@googlemail.com>
Co-authored-by: AndyMunro <amunro@redhat.com>
2023-11-23 12:27:47 +00:00
Martin Ledvinka
da260b386c Fix incorrect preview feature reference (keycloak#24966).
Closes #24966.

Signed-off-by: Martin Ledvinka <martin.ledvinka@fel.cvut.cz>
2023-11-23 12:48:00 +01:00
Jon Koops
e13d3264a2
Stop copying resources from Account v2 theme into 'common' (#24929)
Closes #24928

Signed-off-by: Jon Koops <jonkoops@gmail.com>
2023-11-22 17:03:52 +01:00
mposolda
87c45437a5 Release notes for max auth age password policy
Signed-off-by: mposolda <mposolda@gmail.com>

Co-authored-by: andymunro <48995441+andymunro@users.noreply.github.com>
2023-11-22 07:35:09 +01:00
Marek Posolda
765e4838e9
Remove OIDC and SAML adapters for Wildfly/EAP ZIP downloads. Update documentation. (#24877)
* Update EAP documentation for OIDC and SAML (#24734)

Co-authored-by: andymunro <48995441+andymunro@users.noreply.github.com>

(cherry picked from commit d7f2ad747d90dd0475a016fcfd528fea4ebed043)

Signed-off-by: Stian Thorgersen <stianst@gmail.com>

* Remove OIDC and SAML adapters for Wildfly/EAP ZIP downloads. Update documentation.
Closes #24713

Signed-off-by: mposolda <mposolda@gmail.com>

Co-authored-by: Stian Thorgersen <stian@redhat.com>

---------

Signed-off-by: Stian Thorgersen <stianst@gmail.com>
Co-authored-by: Stian Thorgersen <stianst@gmail.com>
Co-authored-by: Stian Thorgersen <stian@redhat.com>
2023-11-21 14:22:00 +00:00
Václav Muzikář
15a83985b1 Implement load shedding
Closes #23340

Co-authored-by: Alexander Schwartz <aschwart@redhat.com>
Signed-off-by: Václav Muzikář <vmuzikar@redhat.com>
2023-11-21 13:43:09 +01:00
Steven Hawkins
4968c35536
fix: correcting the realmrepresentation link (#24869)
closes #22194

Signed-off-by: Steve Hawkins <shawkins@redhat.com>
2023-11-21 09:09:00 +01:00
Tomas Ondrusko
8ac6120274
Social Identity Providers documentation adjustments (#24840)
Closes #24601

Signed-off-by: Tomas Ondrusko <tondrusk@redhat.com>
2023-11-20 22:26:11 +01:00
Thomas Darimont
d30d692335 Introduce MaxAuthAge Password policy (#12943)
This policy allows to specify the maximum age of an authentication
with which a password may be changed without re-authentication.

Defaults to 300 seconds (default taken from Constants.KC_ACTION_MAX_AGE) to remain backwards compatible.
A value of 0 will always require reauthentication to update the password.
Add documentation for MaxAuthAgePasswordPolicy to server_admin

Fixes #12943

Signed-off-by: Thomas Darimont <thomas.darimont@googlemail.com>
2023-11-20 14:48:17 +01:00
Erik Jan de Wit
44a95c72f1
added namespace migration documentation (#24497)
fixes: #23061

Signed-off-by: Erik Jan de Wit <erikjan.dewit@gmail.com>
2023-11-20 14:11:38 +01:00
andymunro
7d62f6308d
Create an attribute for Getting Started (#24825)
* Create an attribute for Getting Started

Closes #24824

Signed-off-by: AndyMunro <amunro@redhat.com>
Signed-off-by: Alexander Schwartz <aschwart@redhat.com>
Co-authored-by: Alexander Schwartz <aschwart@redhat.com>
2023-11-20 13:16:35 +01:00
Alexander Schwartz
2bb31b1bfc Fix DocsBuildDebugUtil signatures, and ensure it can be called from an IDE
Closes #24817

Signed-off-by: Alexander Schwartz <aschwart@redhat.com>

Signed-off-by: Alexander Schwartz <aschwart@redhat.com>
2023-11-20 09:14:57 -03:00
rmartinc
5fad76070a Use LinkedIn instead of LinkedIn OpenID Connect for better UI experience
Closes https://github.com/keycloak/keycloak/issues/24659

Signed-off-by: rmartinc <rmartinc@redhat.com>
2023-11-16 18:22:16 +01:00
Tomas Ondrusko
fe48afc1dc Update Social Identity Providers documentation (#24601)
Signed-off-by: Tomas Ondrusko <tondrusk@redhat.com>
2023-11-16 17:58:53 +01:00
andymunro
d4cee15c3a
Correct Securing Apps Guide (#24730)
* Correcting Securing Apps guide

Closes #24729

Signed-off-by: AndyMunro <amunro@redhat.com>

* Update docs/documentation/securing_apps/topics/saml/java/general-config/sp_role_mappings_provider_element.adoc

Co-authored-by: Stian Thorgersen <stian@redhat.com>

---------

Signed-off-by: AndyMunro <amunro@redhat.com>
Co-authored-by: Stian Thorgersen <stian@redhat.com>
2023-11-14 11:04:55 +01:00
AndyMunro
20f5edc708 Addressing Server Admin review comments
Closes #24643

Signed-off-by: AndyMunro <amunro@redhat.com>
2023-11-13 15:48:02 +01:00
Alexander Schwartz
1b12fe132b Update documentation for removal of the map store
Signed-off-by: Alexander Schwartz <aschwart@redhat.com>

Closes #24092
2023-11-13 15:38:05 +01:00
vramik
71b6757c2f Remove quarkus options related to map store
Signed-off-by: vramik <vramik@redhat.com>

Closes #24098
2023-11-13 12:34:52 +01:00
Alexander Schwartz
8acb6c1845 Fix broken link to node.js and internal anchor
Closes #24699

Signed-off-by: Alexander Schwartz <aschwart@redhat.com>
2023-11-13 12:20:54 +01:00
andymunro
bf17fcc0be
Fix broken links (#24476) 2023-11-13 09:17:34 +01:00
Hynek Mlnarik
f557b2c88c Transient sessions: Documentation
Closes: #24278
Signed-off-by: Hynek Mlnarik <hmlnarik@redhat.com>
2023-11-10 11:22:04 +01:00
Stian Thorgersen
565bc7d664
Add attributes.adoc for guides to share common attributes (#24519) 2023-11-08 15:09:04 +01:00
mposolda
4ec85707f4 Upgrading notes for user profile
closes #24491

Signed-off-by: mposolda <mposolda@gmail.com>

Co-authored-by: andymunro <48995441+andymunro@users.noreply.github.com>
2023-11-06 02:19:26 -08:00
AndyMunro
a4b5d66aa0 Minor fixes for FIPS and Operator Guide
Closes #24513
2023-11-03 11:00:55 +01:00
vramik
593c14cd26 Data too long for column 'DETAILS_JSON'
Closes #17258
2023-11-02 20:29:35 +01:00