Commit graph

554 commits

Author SHA1 Message Date
andymunro
66cffca3d4
Simplify Upgrade Guide structure
Closes #27632

Signed-off-by: AndyMunro <amunro@redhat.com>
Signed-off-by: Alexander Schwartz <aschwart@redhat.com>
Co-authored-by: Alexander Schwartz <aschwart@redhat.com>
2024-03-11 16:22:46 +01:00
Alexander Schwartz
050acf0d94
Map Storage Removal: Remove deprecated model/legacy module (#27601)
Closes #26657

Signed-off-by: Alexander Schwartz <aschwart@redhat.com>
2024-03-08 15:17:24 +00:00
Martin Bartoš
c5553b46b4
Update Welcome page image in docs
Closes #27719

Signed-off-by: Martin Bartoš <mabartos@redhat.com>
2024-03-08 15:00:36 +01:00
rmartinc
dea15e25da Only add the nonce claim to the ID Token (mapper for backwards compatibility)
Closes #26893

Signed-off-by: rmartinc <rmartinc@redhat.com>
2024-03-07 09:56:57 +01:00
Alexander Schwartz
fa12b14a32 Update docs about when emails for changed credentials are sent
Closes #27620

Co-authored-by: andymunro <48995441+andymunro@users.noreply.github.com>
Signed-off-by: Alexander Schwartz <aschwart@redhat.com>
Signed-off-by: andymunro <48995441+andymunro@users.noreply.github.com>
2024-03-07 07:16:16 +01:00
Alexander Schwartz
2199d37879
Add multi-site active-passive support to the release notes (#27575)
Closes #27573

Signed-off-by: Alexander Schwartz <aschwart@redhat.com>
2024-03-06 12:59:22 +01:00
Alexander Schwartz
4b697009d3
Clean up feature IDs in the docs (#27418)
Closes #27416

Signed-off-by: Alexander Schwartz <aschwart@redhat.com>
2024-03-06 12:32:06 +01:00
Pedro Igor
d12711e858 Allow fetching roles when evaluating role licies
Closes #20736

Signed-off-by: Pedro Igor <pigor.craveiro@gmail.com>
2024-03-05 15:54:02 +01:00
Alexander Schwartz
aec6020750 URL change as liquibase.org now redirects
Closes #27540

Signed-off-by: Alexander Schwartz <aschwart@redhat.com>
2024-03-05 13:24:12 +01:00
Stian Thorgersen
d48ef8b507
Added release notes for 24.0.1 (#27524)
Signed-off-by: stianst <stianst@gmail.com>
2024-03-05 08:46:10 +01:00
Stian Thorgersen
d875a8f2b7
Delete broken images from release notes (#27492)
Signed-off-by: stianst <stianst@gmail.com>
2024-03-04 12:47:03 +01:00
Lucy Linder
84d48a9877 Update documentation for reCAPTCHA support
Signed-off-by: Lucy Linder <lucy.derlin@gmail.com>
2024-03-04 20:28:06 +09:00
Marek Posolda
f1e7c572da
Release notes 24: default password hashing updates (#27475)
Signed-off-by: mposolda <mposolda@gmail.com>
2024-03-04 09:55:03 +01:00
AndyMunro
14a12d106a Edit Keycloak 23.x release notes
Closes #27440

Signed-off-by: AndyMunro <amunro@redhat.com>
2024-03-02 21:20:58 +01:00
AndyMunro
405feb0bc2 Edit Keycloak 24 changes chapter
Closes 27452

Signed-off-by: AndyMunro <amunro@redhat.com>
2024-03-02 21:11:35 +01:00
Steven Hawkins
c2596849f9
doc: adding a note about not conflicting with built-in stuff (#27214)
closes: #24459

Signed-off-by: Steve Hawkins <shawkins@redhat.com>
2024-03-01 14:34:16 +01:00
Václav Muzikář
3e3cb2222d
Deprecate GELF (#27367)
Closes #27364

Signed-off-by: Václav Muzikář <vmuzikar@redhat.com>
2024-02-29 12:07:28 +01:00
Takashi Norimatsu
3db04d8d8d Replace Security Key with Passkey in WebAuthn UIs and their documents
closes #27147

Signed-off-by: Takashi Norimatsu <takashi.norimatsu.ws@hitachi.com>
2024-02-29 10:31:05 +01:00
Marek Posolda
8dd0eb451d
Additional release notes for Keycloak 24 (#27339)
closes #27142

Signed-off-by: mposolda <mposolda@gmail.com>


Co-authored-by: andymunro <48995441+andymunro@users.noreply.github.com>
2024-02-29 08:43:22 +01:00
Alexander Schwartz
3950b4ed46 Cleaning old product documentation from the upstream documentation
Closes #27324

Signed-off-by: Alexander Schwartz <aschwart@redhat.com>
2024-02-28 13:30:39 +01:00
AndyMunro
941e7cc3a5 notes about access and refresh tokens
Closes #26919

Signed-off-by: AndyMunro <amunro@redhat.com>
2024-02-28 12:12:48 +01:00
AndyMunro
ca0526f54d Edit Keycloak 24 release notes
Closes #27326

Signed-off-by: AndyMunro <amunro@redhat.com>
2024-02-28 10:43:17 +01:00
Alexander Schwartz
6de61f61f0 Adding missing explicit IDs for cross-references
Closes #27316

Signed-off-by: Alexander Schwartz <aschwart@redhat.com>
2024-02-28 08:37:52 +01:00
Gilvan Filho
83af01c4c0 Add failedLoginNotBefore to AttackDetectionResource
Closes #17574

Signed-off-by: Gilvan Filho <gfilho@redhat.com>
2024-02-26 09:35:51 +01:00
Pedro Igor
b98e115183 Updating docs and account message
Signed-off-by: Pedro Igor <pigor.craveiro@gmail.com>
2024-02-22 22:58:22 +09:00
Pedro Igor
604274fb76 Allow setting an attribute as multivalued
Closes #23539

Signed-off-by: Pedro Igor <pigor.craveiro@gmail.com>

Co-authored-by: Jon Koops <jonkoops@gmail.com>
Co-authored-by: Erik Jan de Wit <erikjan.dewit@gmail.com>
2024-02-22 12:56:44 +01:00
Takashi Norimatsu
1e12b15890 Supporting OAuth 2.1 for public clients
closes #25316

Co-authored-by: shigeyuki kabano <shigeyuki.kabano.sj@hitachi.com>
Signed-off-by: Takashi Norimatsu <takashi.norimatsu.ws@hitachi.com>
2024-02-22 10:57:29 +01:00
Douglas Palmer
b0ef746f39 Permanently lock users out after X temporary lockouts during a brute force attack
Closes #26172

Signed-off-by: Douglas Palmer <dpalmer@redhat.com>
2024-02-22 09:34:51 +01:00
Takashi Norimatsu
9ea679ff35 Supporting OAuth 2.1 for confidential clients
closes #25314

Co-authored-by: shigeyuki kabano <shigeyuki.kabano.sj@hitachi.com>
Signed-off-by: Takashi Norimatsu <takashi.norimatsu.ws@hitachi.com>
2024-02-22 08:34:21 +01:00
Jon Koops
89af9e3ffd
Write announcement and documentation for Account Console v3 (#26318)
Closes #26122

Signed-off-by: Jon Koops <jonkoops@gmail.com>
2024-02-21 13:42:33 -05:00
Alexander Schwartz
3b6886d970
Add warning about too long attribute values as it can exhaust caches (#27126)
Closes #27125

Signed-off-by: Alexander Schwartz <aschwart@redhat.com>
2024-02-21 13:47:58 +01:00
Václav Muzikář
33425dacd9
Add proxy-headers option to the Keycloak CR (#27092)
Closes #25179

Signed-off-by: Václav Muzikář <vmuzikar@redhat.com>
2024-02-21 12:19:37 +01:00
Václav Muzikář
de60c9b469
Tweak the default memory request and limit in the Operator (#27170)
Closes #27169

Signed-off-by: Václav Muzikář <vmuzikar@redhat.com>
2024-02-21 10:03:17 +01:00
Takashi Norimatsu
1bdbaa2ca5 Client policies: executor for validate and match a redirect URI
closes #25637

Signed-off-by: Takashi Norimatsu <takashi.norimatsu.ws@hitachi.com>
2024-02-20 08:37:33 +01:00
Joshua Sorah
018914d7fd Change Open ID Connect to OpenID Connect in UI and docs
Closes #27093

Signed-off-by: Joshua Sorah <jsorah@redhat.com>
2024-02-19 17:01:57 +01:00
Takashi Norimatsu
849a920955 Rename Resident key to Discoverable Credential
closes #9508

Signed-off-by: Takashi Norimatsu <takashi.norimatsu.ws@hitachi.com>
2024-02-19 14:12:15 +01:00
Marek Posolda
d8ab12eab7
Release notes for Keycloak 24 with OIDC contributions (#27047)
closes #25729

Signed-off-by: mposolda <mposolda@gmail.com>


Co-authored-by: andymunro <48995441+andymunro@users.noreply.github.com>
2024-02-16 08:34:20 +01:00
Vlasta Ramik
76453550a5
User attribute value length extension
Closes #9758

Signed-off-by: vramik <vramik@redhat.com>
Signed-off-by: Alexander Schwartz <aschwart@redhat.com>
Signed-off-by: Michal Hajas <mhajas@redhat.com>
Co-authored-by: Alexander Schwartz <aschwart@redhat.com>
Co-authored-by: Michal Hajas <mhajas@redhat.com>
2024-02-16 08:09:34 +01:00
Martin Bartoš
59007844d9
Supported option to specify resource management for pods in Keycloak CR (#26661)
Closes #26456

Signed-off-by: Martin Bartoš <mabartos@redhat.com>
2024-02-15 13:38:41 +01:00
rmartinc
4ff4c3f897 Increase internal algorithm security using HS512 and 128 byte hmac keys
Closes #13080

Signed-off-by: rmartinc <rmartinc@redhat.com>
2024-02-15 08:16:45 +01:00
Marek Posolda
16fca0118e
User profile - release notes and more migration instructions (#27003)
closes #26917
closes #26932

Signed-off-by: mposolda <mposolda@gmail.com>


Co-authored-by: Pedro Igor <pigor.craveiro@gmail.com>
Co-authored-by: andymunro <48995441+andymunro@users.noreply.github.com>
2024-02-15 08:14:16 +01:00
Marek Posolda
e2fb8406a3
Fixing the docs about default hashing iterations (#27020)
closes #26816

Signed-off-by: mposolda <mposolda@gmail.com>


Co-authored-by: andymunro <48995441+andymunro@users.noreply.github.com>
2024-02-15 08:11:44 +01:00
Joshua Sorah
b81233a4af
[docs] Align OAuth 2.0 Security Best Current Practice links (#24706)
Closes keycloak/keycloak#24705

Signed-off-by: Joshua Sorah <jsorah@gmail.com>
2024-02-13 13:53:56 +01:00
Pedro Igor
750bc2c09c Reviewing references to user attribute management and UIs
Closes #26155

Signed-off-by: Pedro Igor <pigor.craveiro@gmail.com>
2024-02-12 16:01:34 +01:00
mposolda
7af753e166 Documentation for AIA
closes #25569

Signed-off-by: mposolda <mposolda@gmail.com>

Co-authored-by: andymunro <48995441+andymunro@users.noreply.github.com>
2024-02-12 09:42:34 +01:00
Thomas Darimont
93fc6a6c54 Shorter lifespan for offline session cache entries in memory
Closes #26810

Co-authored-by: Thomas Darimont <thomas.darimont@googlemail.com>
Co-authored-by: Martin Kanis <mkanis@redhat.com>

Signed-off-by: Thomas Darimont <thomas.darimont@googlemail.com>
Signed-off-by: Martin Kanis <mkanis@redhat.com>
2024-02-09 19:44:04 +01:00
stianst
d2f74dd83d Fix anchors in securing apps guide in prod profile
Closes #26853

Signed-off-by: Alexander Schwartz <aschwart@redhat.com>
2024-02-09 12:31:30 +01:00
Pedro Igor
b91ad23b20
Update theme documentation about the considerations when deploying custom themes (#26885)
Related #23907

Signed-off-by: Pedro Igor <pigor.craveiro@gmail.com>
2024-02-09 04:21:54 +01:00
Steven Hawkins
77581d2527
fix: change from operator. to kc.operator. keys (#26414)
closes #12352

Signed-off-by: Steve Hawkins <shawkins@redhat.com>
2024-02-08 15:03:20 +01:00
Michal Hajas
de598577b1 Fix confusing SAML NameId mapper format tooltip
Closes #26051
Signed-off-by: Michal Hajas <mhajas@redhat.com>
Co-authored-by: Hynek Mlnařík <hmlnarik@users.noreply.github.com>
2024-02-08 11:21:11 +01:00
Stian Thorgersen
cd1e483134
Remove section on adding custom attributes with account v1 and custom themes (#26858)
Closes #26856

Signed-off-by: stianst <stianst@gmail.com>
2024-02-08 07:28:32 +01:00
Michael Schnitzler
fdfe41bdda fix documentation for resetting OTP in "reset credentials" flow (#26834)
The former version stated that the "Reset OTP" step had to be disabled in the "reset credentials" authentication flow in order to keep the OTP unchanged. This leads to an error. More precisely, the "Reset - Conditional OTP" sub-flow has to be disabled.

Fixex #26834

Signed-off-by: Michael Schnitzler <schnitzler.michael+github@gmail.com>
2024-02-07 11:57:58 -03:00
Tero Saarni
ac1780a54f
Added event for temporary lockout for brute force protector (#26630)
This change adds event for brute force protector when user account is
temporarily disabled.

It also lowers the priority of free-text log for failed login attempts.

Signed-off-by: Tero Saarni <tero.saarni@est.tech>
Signed-off-by: Alexander Schwartz <aschwart@redhat.com>
Co-authored-by: Alexander Schwartz <aschwart@redhat.com>
2024-02-07 14:13:33 +00:00
zak905
bcd423b270 rephrase sentence in changes-22_0_0.adoc for more clarity
Signed-off-by: zak905 <zakaria.amine88@gmail.com>
2024-02-07 09:32:43 -03:00
zak905
c7db7bd528 Update custom rest endpoint documentation and example
Add a mention about beans.xml and @Provider in the extending server documentation

Add beans.xml in the rest provider example

Add a mention about @Provider in the upgrading guides

Closes #25882

Signed-off-by: zak905 <zakaria.amine88@gmail.com>

Address suggested change for docs/documentation/server_development/topics/extensions.adoc

Co-authored-by: Pedro Igor <pigor.craveiro@gmail.com>

Address suggested change for docs/documentation/server_development/topics/extensions.adoc

Co-authored-by: Pedro Igor <pigor.craveiro@gmail.com>
Signed-off-by: zak905 <zakaria.amine88@gmail.com>

Address suggested change for docs/documentation/upgrading/topics/keycloak/changes-22_0_0.adoc

Co-authored-by: Pedro Igor <pigor.craveiro@gmail.com>
Signed-off-by: zak905 <zakaria.amine88@gmail.com>
2024-02-07 09:32:43 -03:00
mposolda
ab7426b857 User profile migration documentation for default validations and strange attributes
closes #26634
closes #25979

Signed-off-by: mposolda <mposolda@gmail.com>

Co-authored-by: andymunro <48995441+andymunro@users.noreply.github.com>
2024-02-06 16:48:03 -03:00
Stian Thorgersen
c4b1fd092a
Use code from RestEasy to create and set cookies (#26558)
Closes #26557

Signed-off-by: stianst <stianst@gmail.com>
2024-02-06 15:14:04 +01:00
Hynek Mlnarik
c866e8e6f9 Introduce index.ftl into base account theme
Fixes: #26487

Signed-off-by: Hynek Mlnarik <hmlnarik@redhat.com>
2024-02-06 14:29:07 +01:00
Alexander Schwartz
43c200a8ce Update migration guide
Closes #26490

Signed-off-by: Alexander Schwartz <aschwart@redhat.com>
2024-02-05 14:41:44 +01:00
Pedro Igor
4338f44955 Reviewing the user profile documentation
Closes #26154

Signed-off-by: Pedro Igor <pigor.craveiro@gmail.com>
2024-02-02 17:14:51 +01:00
christian-2
e14b523a8d
Fixes typo in Server Administration guide (#26543)
Signed-off-by: Christian Hörtnagl <christian2@univie.ac.at>
2024-02-01 19:36:32 +01:00
mposolda
56a605fae7 Documentation for SuppressRefreshTokenRotationExecutor
closes #26587

Signed-off-by: mposolda <mposolda@gmail.com>

Co-authored-by: andymunro <48995441+andymunro@users.noreply.github.com>
2024-02-01 17:18:50 +01:00
Martin Bartoš
14d97ca9ea Update Maven dependency versions for docs
Update Maven Wrapper version

Closes #26689

Fixes #26686

Signed-off-by: Martin Bartoš <mabartos@redhat.com>
2024-02-01 13:42:25 +01:00
Pedro Igor
3a7ce54266 Allow formating numbers when rendering attributes
Closes keycloak#26320

Signed-off-by: Pedro Igor <pigor.craveiro@gmail.com>
2024-02-01 08:14:58 -03:00
Martin Kanis
a3fcacdab7 Map Store Removal: deprecate model legacy module
Closes #26598

Signed-off-by: Martin Kanis <mkanis@redhat.com>
2024-01-31 17:40:45 +01:00
Steven Hawkins
f55e903092
Convert watching to polling and adding infinispan config file support (#26510)
Signed-off-by: Steve Hawkins <shawkins@redhat.com>
2024-01-31 12:57:34 +00:00
Stian Thorgersen
bc3c27909e
Cookie Provider (#26499)
Closes #26500

Signed-off-by: stianst <stianst@gmail.com>
2024-01-26 10:45:00 +01:00
Martin Kanis
7797f778d1 Map Store Removal: Rename legacy modules
Closes #24107

Signed-off-by: Martin Kanis <mkanis@redhat.com>
2024-01-25 16:29:16 +01:00
Thomas Darimont
e7363905fa Change password hashing defaults according to OWASP recommendations (#16629)
Changes according to the latest [OWASP cheat sheet for secure Password Storage](https://cheatsheetseries.owasp.org/cheatsheets/Password_Storage_Cheat_Sheet.html#pbkdf2):

- Changed default password hashing algorithm from pbkdf2-sha256 to pbkdf2-sha512
- Increased number of hash iterations for pbkdf2-sha1 from 20.000 to 1.300.000
- Increased number of hash iterations for pbkdf2-sha256 from 27.500 to 600.000
- Increased number of hash iterations for pbkdf2-sha512 from 30.000 to 210.000
- Adapt PasswordHashingTest to new defaults
- The test testBenchmarkPasswordHashingConfigurations can be used to compare the different hashing configurations.
- Document changes in changes document with note on performance and how
  to keep the old behaviour.
- Log a warning at the first time when Pbkdf2PasswordHashProviderFactory is used directly

Fixes #16629

Signed-off-by: Thomas Darimont <thomas.darimont@googlemail.com>
2024-01-24 18:35:51 +01:00
Stian Thorgersen
fea49765f0
Remove Jetty 9.4 adapters (#26261)
Only removing the distribution of the Jetty adapter for now, and leaving the rest for now. This is due to the complexity of removing all Jetty adapter code due to Spring, OSGI, Fuse, testsuite, etc. and it will be better to leave the rest of the clean-up to after 24 when we are removing most adapters

Closes #26255

Signed-off-by: stianst <stianst@gmail.com>
2024-01-24 11:17:29 +01:00
Martin Kanis
84603a9363
Map Store Removal: Rename Legacy* classes (#26273)
Closes #24105

Signed-off-by: Martin Kanis <mkanis@redhat.com>
2024-01-23 13:50:31 +00:00
Jon Koops
5bf2d4b6ec
Enable PKCE by default for Keycloak JS (#26412)
Closes #26411

Signed-off-by: Jon Koops <jonkoops@gmail.com>
2024-01-23 14:04:13 +01:00
rmartinc
2f0a0b6ad8 Remove deprecated mode for saml encryption
Closes #26291

Signed-off-by: rmartinc <rmartinc@redhat.com>
2024-01-18 16:52:10 +01:00
Lex Cao
a960d0d8fa Add upgrading docs for changes to send-verify-email API
Closes #26146.

Signed-off-by: Lex Cao <lexcao@foxmail.com>
2024-01-18 09:48:01 +01:00
Alexander Schwartz
b9498b91cb
Deprecating the offline session preloading (#26160)
Closes #25300

Signed-off-by: Alexander Schwartz <aschwart@redhat.com>
2024-01-16 09:29:01 +01:00
Luca Orlandi
d70dd9db67
Update placeholders for hostname and port (#24153)
Signed-off-by: Alexander Schwartz <aschwart@redhat.com>
Co-authored-by: Alexander Schwartz <aschwart@redhat.com>
2024-01-11 12:05:05 +01:00
Kévin Martins
16dddfa49c
Complete the documentation for the use case of a resource from an email template. (#25705)
Signed-off-by: Kevin MARTINS <k.martins@ubitransport.com>
2024-01-10 18:08:04 -03:00
AndyMunro
b875acbc20 Change RHDG to Infinispan
Closes #26083

Signed-off-by: AndyMunro <amunro@redhat.com>
2024-01-10 17:18:50 +01:00
rmartinc
179ca3fa3a Sanitize logs in JBossLoggingEventListenerProvider
Closes #25078

Signed-off-by: rmartinc <rmartinc@redhat.com>
2024-01-10 16:50:27 +01:00
Alexander Schwartz
4be4212dca
Remove conditionals about Linux vs. Windows (#26031)
Closes #26028

Signed-off-by: Alexander Schwartz <aschwart@redhat.com>
2024-01-10 16:03:38 +01:00
Alexander Schwartz
01939bcf34
Remove concurrent loading of remote sessions as at startup time only one node is up anyway. (#25709)
Closes #22082

Signed-off-by: Alexander Schwartz <aschwart@redhat.com>
Co-authored-by: Martin Kanis <martin-kanis@users.noreply.github.com>
2024-01-09 16:55:22 +01:00
shigeyuki kabano
8b65e6727b Creating documentation for Lightweight access token(#25743)
Closes keycloak#23725

Signed-off-by: shigeyuki kabano <shigeyuki.kabano.sj@hitachi.com>
2024-01-09 09:48:20 +01:00
Pedro Igor
7fad0e805e
Improve brute force documentation around how the effective wait time is calculated
Closes #25915

Signed-off-by: Pedro Igor <pigor.craveiro@gmail.com>
Co-authored-by: Alexander Schwartz <alexander.schwartz@gmx.net>
Co-authored-by: andymunro <48995441+andymunro@users.noreply.github.com>
2024-01-09 07:50:17 +00:00
Sebastian Schuster
92d6da437b
Fixed tiny doc typo (#26012)
Signed-off-by: Sebastian Schuster <sebastian.schuster@bosch.io>
2024-01-09 08:02:02 +01:00
Douglas Palmer
58d167fe59 Deleting a User or User Group might cause that all users suddenly get the permissions of the deleted user.
Closes #24651
Signed-off-by: Douglas Palmer <dpalmer@redhat.com>
2024-01-08 19:32:01 -03:00
Alexander Schwartz
badf3f461d Making metrics with labels for embedded Infinispan the default
Closes #25935

Signed-off-by: Alexander Schwartz <aschwart@redhat.com>
2024-01-08 21:29:03 +01:00
Jon Koops
ddcaa6dcbf
Add release announcement and migration for new welcome theme (#25895)
Closes #25894

Signed-off-by: Jon Koops <jonkoops@gmail.com>
2024-01-08 13:10:51 +00:00
Steven Hawkins
7bde7c30cc
fix: do not split on space for option errors (#25876)
closes #25783

Signed-off-by: Steve Hawkins <shawkins@redhat.com>
2024-01-05 13:01:17 +01:00
Pedro Igor
8ff9e71eae Do not allow verifying email from a different account
Closes #14776

Signed-off-by: Pedro Igor <pigor.craveiro@gmail.com>
2024-01-05 12:45:07 +01:00
Ben Cresitello-Dittmar
057d8a00ac Implement Authentication Method Reference (AMR) claim from OIDC specification
This implements a method for configuring authenticator reference values for Keycloak authenticator executions and a protocol mapper for populating the AMR claim in the resulting OIDC tokens.

This implementation adds a default configuration item to each authenticator execution, allowing administrators to configure an authenticator reference value. Upon successful completion of an authenticator during an authentication flow, Keycloak tracks the execution ID in a user session note.

The protocol mapper pulls the list of completed authenticators from the user session notes and loads the associated configurations for each authenticator execution. It then captures the list of authenticator references from these configs and sets it in the AMR claim of the resulting tokens.

Closes #19190

Signed-off-by: Ben Cresitello-Dittmar <bcresitellodittmar@mitre.org>
2024-01-03 14:59:05 -03:00
Steven Hawkins
667ce4be9e
enhance: supporting versioned features (#24811)
also adding a common PropertyMapper validation method

closes #24668

Co-authored-by: Václav Muzikář <vaclav@muzikari.cz>
Co-authored-by: Martin Bartoš <mabartos@redhat.com>
2024-01-03 17:56:31 +01:00
Pedro Igor
ceb085e7b8 Update the UPDATE_EMAIL feature to rely on the user profile configuration when rendering templates and validating the email
Closes #25704

Signed-off-by: Pedro Igor <pigor.craveiro@gmail.com>
2023-12-20 15:15:06 -03:00
Takashi Norimatsu
751cadc514 Documentation about Australia Consumer Data Right security profile
closes #25236

Signed-off-by: Takashi Norimatsu <takashi.norimatsu.ws@hitachi.com>
2023-12-19 21:06:03 +01:00
Konstantinos Georgilakis
ba8c22eaf0 Scope parameter in Oauth 2.0 token exchange
Closes #21578

Signed-off-by: cgeorgilakis-grnet <cgeorgilakis@admin.grnet.gr>
2023-12-18 15:44:26 -03:00
Pedro Igor
778847a3ce Updating theme templates to render user attributes based on the user profile configuration
Closes #25149

Signed-off-by: Pedro Igor <pigor.craveiro@gmail.com>
2023-12-18 15:35:52 -03:00
Steven Hawkins
bee7595275
fix: adding the kube ca cert to the truststores
closes #10794

Signed-off-by: Steve Hawkins <shawkins@redhat.com>
Co-authored-by: Alexander Schwartz <alexander.schwartz@gmx.net>
2023-12-18 15:56:43 +01:00
Steven Hawkins
e148021a67
fix: adding filtering to ignore anything runtime during a build (#25434)
fix: adding filtering to ignore anything runtime during a build

closes: #25166

Signed-off-by: Steve Hawkins <shawkins@redhat.com>
Co-authored-by: Martin Bartoš <mabartos@redhat.com>
2023-12-18 12:50:47 +00:00
Marek Posolda
be935c2763
Incorrect version of the fix in release notes (#25661)
closes #25660

Signed-off-by: mposolda <mposolda@gmail.com>
2023-12-18 11:56:58 +01:00
Takashi Norimatsu
59536becec Client policies : executor for enforcing DPoP
closes #25315

Signed-off-by: Takashi Norimatsu <takashi.norimatsu.ws@hitachi.com>
2023-12-18 10:45:18 +01:00
AndyMunro
2853136bbb Remove topic on user attributes in Account Console
Closes #22555

Signed-off-by: AndyMunro <amunro@redhat.com>
2023-12-15 12:07:35 +01:00
Erwin Rooijakkers
860978b15a Change arg of getSubGroups to briefRepresentation
Parameter name briefRepresentation should mean briefRepresentation,
   not full. This way callers will by default get the full
   representation, unless true is passed as value for
   briefRepresentation.

   Fixes #25096

Signed-off-by: Erwin Rooijakkers <erwin@rooijakkers.software>
2023-12-14 17:23:27 +01:00
Steven Hawkins
08751001db
enhance: adds truststores to the keycloak cr (#25215)
also generally correcting the misspelling trustore

closes: #24798

Signed-off-by: Steve Hawkins <shawkins@redhat.com>
2023-12-14 11:15:06 -03:00
Václav Muzikář
e4c348e99e
Add new --proxy-headers option (#25178)
* Add new `--proxy-headers` option

Closes #23431

Signed-off-by: Václav Muzikář <vmuzikar@redhat.com>

Co-authored-by: Martin Bartoš <mabartos@redhat.com>
Co-authored-by: Alexander Schwartz <aschwart@redhat.com>

* Address review comments vol. 03

Signed-off-by: Václav Muzikář <vmuzikar@redhat.com>

* Address review comments vol. 04

Signed-off-by: Václav Muzikář <vmuzikar@redhat.com>

---------

Signed-off-by: Václav Muzikář <vmuzikar@redhat.com>
Co-authored-by: Martin Bartoš <mabartos@redhat.com>
Co-authored-by: Alexander Schwartz <aschwart@redhat.com>
2023-12-13 10:48:12 -03:00
Pedro Igor
fa79b686b6 Refactoring user profile interfaces and consolidating user representation for both admin and account context
Signed-off-by: Pedro Igor <pigor.craveiro@gmail.com>
2023-12-13 08:27:55 +01:00
Steven Hawkins
4db4982e9d
enhance: adding a start optimized flag (#25216)
closes: #25015



Update docs/guides/operator/customizing-keycloak.adoc
Update docs/documentation/release_notes/topics/24_0_0.adoc
Update operator/src/main/java/org/keycloak/operator/crds/v2alpha1/deployment/KeycloakSpec.java

Signed-off-by: Václav Muzikář <vmuzikar@redhat.com>
Co-authored-by: Václav Muzikář <vaclav@muzikari.cz>
2023-12-11 16:15:16 +00:00
Steven Hawkins
ba3451ff2e
doc: adding a note about removing the (#25436)
closes: #25307

Signed-off-by: Steve Hawkins <shawkins@redhat.com>
2023-12-08 17:47:33 +01:00
Alexander Schwartz
a08f112f79
Add links to guides and GitHub discussions (#25271)
This should increase the likelihood for feedback

Closes #25270

Signed-off-by: Alexander Schwartz <aschwart@redhat.com>
2023-12-05 08:57:52 +01:00
Michal Hajas
cafc238ff2
Add documentation for lb-check
Closes #25077

Signed-off-by: Michal Hajas <mhajas@redhat.com>
Signed-off-by: Alexander Schwartz <aschwart@redhat.com>
Co-authored-by: Alexander Schwartz <aschwart@redhat.com>
2023-11-30 12:47:06 +00:00
Steven Hawkins
8c3df19722
feature: add option for creating a global truststore (#24473)
closes #24148

Co-authored-by: Václav Muzikář <vaclav@muzikari.cz>
Co-authored-by: Martin Bartoš <mabartos@redhat.com>
2023-11-30 08:57:17 +01:00
rmartinc
16afecd6b4 Allow automatic download of SAML certificates in the identity provider
Closes https://github.com/keycloak/keycloak/issues/24424

Signed-off-by: rmartinc <rmartinc@redhat.com>
2023-11-29 18:03:31 +01:00
rmartinc
3bc028fe2d Remove lowercase for the hostname as recommended/advised by OAuth spec
Closes https://github.com/keycloak/keycloak/issues/25001

Signed-off-by: rmartinc <rmartinc@redhat.com>
2023-11-29 10:26:00 -03:00
Takashi Norimatsu
29aec9c5b5 Documentation Inconsistency about Open Banking(Finance) Brasil FAPI security profile
closes #25108

Signed-off-by: Takashi Norimatsu <takashi.norimatsu.ws@hitachi.com>
2023-11-29 07:39:51 -03:00
Steven Hawkins
dacee3a36b
doc: adding a note that quoting all of the arguments no longer works (#25083)
closes #25018

Signed-off-by: Steve Hawkins <shawkins@redhat.com>
2023-11-28 14:31:47 +01:00
Jon Koops
48fc29a5c6
Use exports field for Keycloak JS (#24974)
Closes #24923

Signed-off-by: Jon Koops <jonkoops@gmail.com>
2023-11-24 10:50:02 +01:00
Stian Thorgersen
f41383a851
Release notes editorial for 23 (#24972)
Signed-off-by: stianst <stianst@gmail.com>
2023-11-23 13:34:45 +01:00
Alexander Schwartz
834ef79509
Adding a Keycloak High Availability section to Keycloak's docs
The content was moved over from the Keycloak Benchmark subproject.

Closes #24844

Signed-off-by: Alexander Schwartz <aschwart@redhat.com>
Co-authored-by: Pedro Ruivo <pruivo@redhat.com>
Co-authored-by: Michal Hajas <mhajas@redhat.com>
Co-authored-by: Kamesh Akella <kakella@redhat.com>
Co-authored-by: Ryan Emerson <remerson@redhat.com>
Co-authored-by: Anna Manukyan <amanukya@redhat.com>
Co-authored-by: Thomas Darimont <thomas.darimont@googlemail.com>
Co-authored-by: Stian Thorgersen <stian@redhat.com>
Co-authored-by: Thomas Darimont <thomas.darimont@googlemail.com>
Co-authored-by: AndyMunro <amunro@redhat.com>
2023-11-23 12:27:47 +00:00
Martin Ledvinka
da260b386c Fix incorrect preview feature reference (keycloak#24966).
Closes #24966.

Signed-off-by: Martin Ledvinka <martin.ledvinka@fel.cvut.cz>
2023-11-23 12:48:00 +01:00
Jon Koops
e13d3264a2
Stop copying resources from Account v2 theme into 'common' (#24929)
Closes #24928

Signed-off-by: Jon Koops <jonkoops@gmail.com>
2023-11-22 17:03:52 +01:00
mposolda
87c45437a5 Release notes for max auth age password policy
Signed-off-by: mposolda <mposolda@gmail.com>

Co-authored-by: andymunro <48995441+andymunro@users.noreply.github.com>
2023-11-22 07:35:09 +01:00
Marek Posolda
765e4838e9
Remove OIDC and SAML adapters for Wildfly/EAP ZIP downloads. Update documentation. (#24877)
* Update EAP documentation for OIDC and SAML (#24734)

Co-authored-by: andymunro <48995441+andymunro@users.noreply.github.com>

(cherry picked from commit d7f2ad747d90dd0475a016fcfd528fea4ebed043)

Signed-off-by: Stian Thorgersen <stianst@gmail.com>

* Remove OIDC and SAML adapters for Wildfly/EAP ZIP downloads. Update documentation.
Closes #24713

Signed-off-by: mposolda <mposolda@gmail.com>

Co-authored-by: Stian Thorgersen <stian@redhat.com>

---------

Signed-off-by: Stian Thorgersen <stianst@gmail.com>
Co-authored-by: Stian Thorgersen <stianst@gmail.com>
Co-authored-by: Stian Thorgersen <stian@redhat.com>
2023-11-21 14:22:00 +00:00
Václav Muzikář
15a83985b1 Implement load shedding
Closes #23340

Co-authored-by: Alexander Schwartz <aschwart@redhat.com>
Signed-off-by: Václav Muzikář <vmuzikar@redhat.com>
2023-11-21 13:43:09 +01:00
Tomas Ondrusko
8ac6120274
Social Identity Providers documentation adjustments (#24840)
Closes #24601

Signed-off-by: Tomas Ondrusko <tondrusk@redhat.com>
2023-11-20 22:26:11 +01:00
Thomas Darimont
d30d692335 Introduce MaxAuthAge Password policy (#12943)
This policy allows to specify the maximum age of an authentication
with which a password may be changed without re-authentication.

Defaults to 300 seconds (default taken from Constants.KC_ACTION_MAX_AGE) to remain backwards compatible.
A value of 0 will always require reauthentication to update the password.
Add documentation for MaxAuthAgePasswordPolicy to server_admin

Fixes #12943

Signed-off-by: Thomas Darimont <thomas.darimont@googlemail.com>
2023-11-20 14:48:17 +01:00
Erik Jan de Wit
44a95c72f1
added namespace migration documentation (#24497)
fixes: #23061

Signed-off-by: Erik Jan de Wit <erikjan.dewit@gmail.com>
2023-11-20 14:11:38 +01:00
rmartinc
5fad76070a Use LinkedIn instead of LinkedIn OpenID Connect for better UI experience
Closes https://github.com/keycloak/keycloak/issues/24659

Signed-off-by: rmartinc <rmartinc@redhat.com>
2023-11-16 18:22:16 +01:00
Tomas Ondrusko
fe48afc1dc Update Social Identity Providers documentation (#24601)
Signed-off-by: Tomas Ondrusko <tondrusk@redhat.com>
2023-11-16 17:58:53 +01:00
andymunro
d4cee15c3a
Correct Securing Apps Guide (#24730)
* Correcting Securing Apps guide

Closes #24729

Signed-off-by: AndyMunro <amunro@redhat.com>

* Update docs/documentation/securing_apps/topics/saml/java/general-config/sp_role_mappings_provider_element.adoc

Co-authored-by: Stian Thorgersen <stian@redhat.com>

---------

Signed-off-by: AndyMunro <amunro@redhat.com>
Co-authored-by: Stian Thorgersen <stian@redhat.com>
2023-11-14 11:04:55 +01:00
AndyMunro
20f5edc708 Addressing Server Admin review comments
Closes #24643

Signed-off-by: AndyMunro <amunro@redhat.com>
2023-11-13 15:48:02 +01:00
Alexander Schwartz
1b12fe132b Update documentation for removal of the map store
Signed-off-by: Alexander Schwartz <aschwart@redhat.com>

Closes #24092
2023-11-13 15:38:05 +01:00
vramik
71b6757c2f Remove quarkus options related to map store
Signed-off-by: vramik <vramik@redhat.com>

Closes #24098
2023-11-13 12:34:52 +01:00
Alexander Schwartz
8acb6c1845 Fix broken link to node.js and internal anchor
Closes #24699

Signed-off-by: Alexander Schwartz <aschwart@redhat.com>
2023-11-13 12:20:54 +01:00
andymunro
bf17fcc0be
Fix broken links (#24476) 2023-11-13 09:17:34 +01:00
Stian Thorgersen
565bc7d664
Add attributes.adoc for guides to share common attributes (#24519) 2023-11-08 15:09:04 +01:00
mposolda
4ec85707f4 Upgrading notes for user profile
closes #24491

Signed-off-by: mposolda <mposolda@gmail.com>

Co-authored-by: andymunro <48995441+andymunro@users.noreply.github.com>
2023-11-06 02:19:26 -08:00
vramik
593c14cd26 Data too long for column 'DETAILS_JSON'
Closes #17258
2023-11-02 20:29:35 +01:00
AndyMunro
9ef9c944d0 Minor changes to documentation
Closes #24456
2023-11-01 22:14:11 +01:00
mposolda
70e820469a Updating release notes for Keycloak 23 with some 'core features' improvements
closes #23971

Co-authored-by: andymunro <48995441+andymunro@users.noreply.github.com>
2023-11-01 17:39:02 +01:00
rokkiter
e1735138cb
clean util * (#24174)
Signed-off-by: rokkiter <yongen.pan@daocloud.io>
2023-11-01 17:14:11 +01:00
Ivan Atanasov
7b0683879d Updated documentations to mention Resteasy reactive migration
Closes #23444
2023-10-31 20:59:12 +01:00
Justin Tay
3ff0476cc3 Allow customization of aud claim with JWT Authentication
Closes #21445
2023-10-31 11:33:47 -07:00
rmartinc
7deb4ca545 Group count and PartialExport permission fixes
Closes https://github.com/keycloak/keycloak/issues/12171
2023-10-31 01:40:21 -07:00
Jon Koops
5464205ab2
Cache Node.js installation and PNPM store
Closes #23695
2023-10-30 07:50:06 -04:00
Axel Bocciarelli
427f7230f3
Fix typo in available-endpoints.adoc (#24378) 2023-10-30 09:53:33 +00:00
rmartinc
ea398c21da Add a property to the User Profile Email Validator for max length of the local part
Closes https://github.com/keycloak/keycloak/issues/24273
2023-10-27 15:09:42 +02:00
Hynek Mlnařík
3f55cd72d7 Docs: Fix account name
Closes: #24341
2023-10-27 09:32:27 +02:00
Alice
69497382d8
Group scalability upgrades (#22700)
closes #22372 


Co-authored-by: Erik Jan de Wit <erikjan.dewit@gmail.com>
Co-authored-by: Pedro Igor <pigor.craveiro@gmail.com>
Co-authored-by: Michal Hajas <mhajas@redhat.com>
2023-10-26 16:50:45 +02:00
Thomas Darimont
d56baa80b3
Add support for passing acr_values in auth requests in keycloak.js (#9383) (#24259)
Fixes #9383
2023-10-25 15:33:39 +02:00
Marek Posolda
1bd6aca629
Remove RegistrationProfile class and handle migration (#24215)
closes #24182


Co-authored-by: andymunro <48995441+andymunro@users.noreply.github.com>
2023-10-24 20:19:33 +02:00
Takashi Norimatsu
1c8cddf145 passkeys: documentation
closes #23660
2023-10-24 14:48:13 +02:00
Joshua Sorah
e889d0f12c
[docs] Update Docker Registry links to new locations. (#24193)
Closes keycloak/keycloak#24179
2023-10-23 08:27:36 +02:00
Alexander Schwartz
a3c29b8880
Tidy up documentation around Windows/Linux usage (#23859)
Closes #23856
2023-10-17 10:41:44 +02:00
Jon Koops
d32aac9dee
Remove unused GitHub workflow files from docs (#24011) 2023-10-16 13:15:43 +02:00
andymunro
6074cbf311
Limit Admin CLI windows support to upstream
Closes #23946

Co-authored-by: Alexander Schwartz <aschwart@redhat.com>
2023-10-13 12:08:11 +02:00
Steven Hawkins
478ceb0b34
modification of kc.sh to remove param eval (#22585)
* test

* modification of kc.sh to remove eval of env/args

Closes #22337

---------

Co-authored-by: rmartinc <rmartinc@redhat.com>
2023-10-12 17:10:53 +02:00
Yoshikazu Nojima
058d00fea8 Rewrite mention to add-user-keycloak since it was already removed 2023-10-05 16:56:31 -03:00
andymunro
1332e53a97
Code certain features as upstream only (#23603)
Closes #23581
2023-10-03 14:50:23 -04:00
Martin Bartoš
c9d93019c2
Remove deprecated auto-build CLI option (#23361)
Closes #23360
2023-09-27 18:56:38 +02:00
Marek Posolda
69466777c0
Clarify transient sessions documentation (#23328)
Closes #23044


Co-authored-by: andymunro <48995441+andymunro@users.noreply.github.com>
2023-09-27 15:14:52 +02:00
Joshua Sorah
778abf8597 Add references to OAuth 2.0 Security Best Practices for Implicit and
ROPC flow, reformat Device Auth section.

Apply suggestions from code review

Co-authored-by: andymunro <48995441+andymunro@users.noreply.github.com>

Closes keycloak/keycloak#23480
2023-09-27 11:43:57 +02:00
Steven Hawkins
7d1e9a783f
adds a default domain on openshift if one is not specified (#23324)
Closes #21741
2023-09-21 14:43:29 +02:00
Alexander Schwartz
5070f41007
Ignoring link for stackapps registration (#23347)
It now requires authentication.

Closes #23345
2023-09-21 12:44:45 +02:00
Alexander Schwartz
227b841c4a
Show images in the documentation in the IDE's preview (#23055)
Closes #23054
2023-09-19 11:28:48 +02:00
Alexander Schwartz
41fd12d20a
Prevent exception in the log (#22201)
Also speed up the external link check by avoiding checking each bug submission link in the rendered docs which only differs by its parameter.

Closes #22200
2023-09-19 11:04:01 +02:00
MorgeMoensch
95ecf446ca
Link to AdminGuide from REST-API Doc instead of just referencing it by text (#23286) 2023-09-15 14:43:29 +02:00
Martin Bartoš
3a3df50f74
Improve documentation about manual database migration (#23247)
Closes #23246
2023-09-15 10:41:33 +02:00
ImFlog
f4ec14c3fe doc(js-providers): Add OIDC object mapper documentation 2023-09-14 11:42:06 -03:00
Andreas Blaettlinger
86c0e338d9 Toggle visibility of password input fields in login-ftl-based pages
Closes #22067
2023-09-14 08:04:35 -03:00
Stian Thorgersen
1194c2507d
Add 22.0.3 to release notes (#23238)
Closes #23235
2023-09-14 11:06:06 +02:00
Pedro Igor
5958c7948d
Ignore attributes when they are not prefixed with user.attributes prefix (#23184)
Co-authored-by: mposolda <mposolda@gmail.com>
Co-authored-by: stianst <stianst@gmail.com>
2023-09-14 10:35:47 +02:00
mposolda
b10da3d3b5 Move email validation change docs to migration guide of 22.0.4
closes #23177
2023-09-13 08:39:30 +02:00
Marek Posolda
56b94148a0
Remove bearer-only occurences in the documentation when possible. Mak… (#23148)
closes #23066


Co-authored-by: andymunro <48995441+andymunro@users.noreply.github.com>
2023-09-12 09:38:19 +02:00
mposolda
36dd9cb937 Move email validation change docs to migration guide of 22.0.3
closes #23124
2023-09-11 21:03:34 +02:00
Jon Koops
82bf84eb6b Fix broken redirect in con-advanced-settings.adoc
Closes #23134
2023-09-11 11:46:54 +02:00
kaustubh-rh
62927433dc
Fix for Keycloak 22.0.1 unable to create user with long email address (#23109)
Closes #22825
2023-09-11 08:56:13 +02:00
rmartinc
7da52a43bd Add old LinkedIn provider to the deprecated profile
Closes https://github.com/keycloak/keycloak/issues/23067
2023-09-08 10:05:17 +02:00
Christoph Schulz
51d19c505b
Add indent mentioned beforehand in Preface (#23036) 2023-09-07 08:14:23 +02:00
Martin Bartoš
6ca78b7554 Return Oracle JDBC driver to the upstream
Closes #22999
2023-09-06 19:11:29 +02:00
rmartinc
8887be7887 Add a new identity provider for LinkedIn based on OIDC
Closes https://github.com/keycloak/keycloak/issues/22383
2023-09-06 16:13:31 +02:00
Pedro Igor
13e5a02b9f Role mappers must return a single value when they are not multivalued
Closes #20218
2023-08-31 19:16:12 +02:00
andymunro
228da84385
Blank Java section in Securing Apps
Closes #22800
2023-08-30 13:48:12 +02:00
mposolda
57e51e9dd4 Use an original domain name of Kerberos Principal in UserModel attribute instead of configured value of Kerberos realm in User federation
closes #20045
2023-08-30 13:24:48 +02:00
Marek Posolda
6f989fc132
Fallback to next LDAP/Kerberos provider when not able to find authenticated Kerberos principal (#22531)
closes #22352 #9422
2023-08-29 11:21:01 +00:00
Martin Bartoš
fcf65389ea
Remove Oracle Database JDBC driver from the Keycloak distribution (#22577)
* Remove Oracle Database JDBC driver from the Keycloak distribution

Closes #22452

* Remove profile for proprietary Oracle JDBC driver

---------

Co-authored-by: Alexander Schwartz <aschwart@redhat.com>
2023-08-21 15:13:49 +00:00
Marek Posolda
4900165691 Update docs/documentation/server_admin/topics/clients/oidc/con-advanced-settings.adoc
Co-authored-by: andymunro <48995441+andymunro@users.noreply.github.com>
2023-08-08 09:47:28 +02:00
mposolda
710f28ce9e DPoP release notes and documentation polishing
closes #21922
2023-08-08 09:47:28 +02:00
Takashi Norimatsu
e46de8afeb DPoP documentation
closes #21917
2023-08-04 09:24:21 +02:00
Marek Posolda
d954dfec5e
Release notes and documentation for FAPI 2 (#22228)
Closes #21945


Co-authored-by: andymunro <48995441+andymunro@users.noreply.github.com>
2023-08-04 08:21:27 +02:00
Peter Zaoral
c5d9e222db Update OCP4 Social IdP example setup in the latest docs
* improved openshift.adoc

Closes #22159

Signed-off-by: Peter Zaoral <pzaoral@redhat.com>
2023-08-03 18:57:08 +02:00
rmartinc
05bac4ff0e Remove option Nerver Expires for tokens in Advanced OIDC client configuration
Closes https://github.com/keycloak/keycloak/issues/21927
2023-08-03 12:16:08 +02:00
Alexander Schwartz
5c6df3d26e
Ignore new NodeJS redirect (#22187)
Closes #22186
2023-08-03 11:01:33 +02:00
Alexander Schwartz
748c53df7f
Use Java mechanisms to read language files and default to UTF-8 (#21755)
Closes #21753
2023-08-01 11:27:10 +02:00
aghArdeshir
e64269de70
Remove duplicated description of Scope in JavaScriptAdapter docs (#22084)
The first one had more information than the second one, so I removed the second one altogether
2023-07-31 08:23:41 +00:00
Alexander Schwartz
08dfdffbfb
Fixed updated links for freeipa (#22040)
Closes #22039
2023-07-28 07:31:03 +02:00
Vlasta Ramik
29b67fc8df
Inconsistent Wildcard handling for JPA (#21671)
* Inconsistent Wildcard handling for JPA

Closes #20610

Co-authored-by: Alexander Schwartz <aschwart@redhat.com>
2023-07-27 17:03:22 +02:00
Takashi Norimatsu
2efd79f982 FAPI 2.0 security profile - supporting RFC 9207 OAuth 2.0 Authorization Server Issuer Identification
Closes #20584
2023-07-24 09:11:30 +02:00
David Bister
9420670f14 Update regex password policy to state the specific type of regex to be used.
Closes #21652
2023-07-14 16:32:37 +02:00
Stian Thorgersen
304897b226
Fix links to quickstarts (#21639)
Closes #21637
2023-07-12 14:03:49 +02:00
stianst
a2100d18d4 Enable 22 migration docs
Closes #21629
2023-07-12 13:27:40 +02:00
Pedro Igor
702495fe22
Remove adapters from product documentation (#21177)
Closes #21176
Co-authored-by: andymunro <48995441+andymunro@users.noreply.github.com>
Co-authored-by: Stian Thorgersen <stianst@gmail.com>
2023-07-11 13:32:52 +02:00
Stian Thorgersen
1e7fbd1312
Fix links in docs (#21585) 2023-07-11 11:04:46 +00:00
Stian Thorgersen
3d33878c33
Update release notes for 22 (#21583)
* Updates to release notes

* Fix
2023-07-11 11:02:45 +02:00
Alexander Schwartz
8bdfb8e1b6 Updating performance information on export/import
Closes: #20703
2023-07-07 09:43:59 -03:00
Justin Stephenson
4ece83dd3d
Update freeipa container image to quay.io (#19729) 2023-07-06 14:04:05 +02:00
Ronald Petty
9e68f80377
Update keys.adoc as Field is in prior section (#21012) 2023-07-06 12:50:10 +02:00
Thomas Darimont
637fa741b0
Align naming of OTP policy window setting with actual semantics (#20469) (#21316)
Closes #20469
2023-07-04 12:41:21 +02:00
rmartinc
09e30b3c99 Support for JWE IDToken and UserInfo tokens in OIDC brokers
Closes https://github.com/keycloak/keycloak/issues/21254
2023-07-03 21:25:46 -03:00
Kibubu
51b3906f9d Fix docs to create IAT
The docs mention an outdated path to create initial access tokens.

Fixed by guiding users to the right page
2023-07-03 20:47:41 -03:00
mposolda
0ea2891eee Remove support for OpenJDK 11 on the server side
closes #15014
2023-07-03 13:12:22 -03:00
Martin Bartoš
ee205c8fbc
Enable IPv6 dualstack support by default (#21340)
Closes #15003
2023-07-03 13:35:33 +00:00
Daniele Martinoli
e2ac9487f7
Conditional login through identity provider (#20188)
Closes #20191


Co-authored-by: Jon Koops <jonkoops@gmail.com>
Co-authored-by: andymunro <48995441+andymunro@users.noreply.github.com>
Co-authored-by: Marek Posolda <mposolda@gmail.com>
2023-06-29 18:44:15 +02:00
Joshua Sorah
e945a056bb [docs] Update saml.xml.org link from http to https
closes keycloak/keycloak#21317
2023-06-29 18:24:14 +02:00
Joshua Sorah
8323e91f56 [docs] Update Native App redirect URI recommendtation from localhost to
127.0.0.1

Closes keycloak/keycloak#21300
2023-06-29 11:05:33 +02:00
Steven Hawkins
88992dae19
widens status to be any type. (#21281)
this is to avoid olm complaining about an incompatible schema during
upgrade

Relates to #13074
2023-06-29 08:57:22 +02:00
Ricardo Martin
1973d0f0d4 Check the redirect URI is http(s) when used for a form Post (#22)
Closes https://github.com/keycloak/security/issues/22

Co-authored-by: Stian Thorgersen <stianst@gmail.com>
Signed-off-by: Peter Skopek <pskopek@redhat.com>
2023-06-28 17:52:48 -03:00
Steven Hawkins
e9c9f80e8d
adds an instance label to support multiple instances (#20906)
Closes #10562 #14220
2023-06-28 18:05:23 +02:00
Hynek Mlnarik
b8149d66ca Remove ldapsOnly (console and docs)
Closes: #9313
2023-06-28 08:30:09 +02:00
Hynek Mlnarik
c092c76ae8 Remove ldapsOnly (Java)
In `LDAPConstants.java`, the function to set the Truststore SPI system property was removed, as this is now handled by the `shouldUseTruststoreSpi` method in `LdapUtil`.

Closes: #9313
2023-06-28 08:30:09 +02:00
Douglas Palmer
59e1a5d992 Custom theme - url.resourcesCommonPath references wrong theme
closes #20085
2023-06-28 08:25:44 +02:00
Stian Thorgersen
4fcb154d36
Add removal of account console v1 to release notes (#21212)
* Add removal of account console v1 to release notes

* Update docs/documentation/release_notes/topics/22_0_0.adoc

Co-authored-by: Jon Koops <jonkoops@gmail.com>

* Update docs/documentation/release_notes/topics/22_0_0.adoc

Co-authored-by: andymunro <48995441+andymunro@users.noreply.github.com>

* Update docs/documentation/release_notes/topics/22_0_0.adoc

Co-authored-by: andymunro <48995441+andymunro@users.noreply.github.com>

* Update docs/documentation/release_notes/topics/22_0_0.adoc

Co-authored-by: andymunro <48995441+andymunro@users.noreply.github.com>

---------

Co-authored-by: Jon Koops <jonkoops@gmail.com>
Co-authored-by: andymunro <48995441+andymunro@users.noreply.github.com>
2023-06-28 07:52:10 +02:00
Joshua Sorah
c28eba6382 Fix failing External Link Checks
Update URLs that are just redirects to another page.
Point to RFC 7517 for JWK draft docs that were hosted on personal site

Closes keycloak/keycloak#21263
2023-06-27 20:58:17 +02:00
zyairzy
bdb4dd8070
Support passing in locale option to init() (#11760)
Closes #11759
2023-06-27 07:19:13 +00:00
Steve Hawkins
6a92669139 finishes the conversion away from createOrReplace
however this is a broader change given the implications of
serverSideApply vs createOrReplace - mostly the concern of only applying
the managed state not based upon an existing resource

Closes #20850
2023-06-23 11:55:47 -03:00
Steven Hawkins
fc0be1a65b Update docs/documentation/release_notes/topics/22_0_0.adoc
Co-authored-by: Peter Zaoral <pepo48@gmail.com>
2023-06-21 17:14:33 -03:00
Steve Hawkins
5701f70157 changes condition status to be a string, rather than a boolean
Closes #13074
2023-06-21 17:14:33 -03:00
Gilvan Filho
2493f11331 count users by custom user attribute
closes #14747
2023-06-21 11:56:22 -03:00
Stan Silvert
513c00bcd9
Remove unused feature flags. (#21039)
* Remove unused feature flags.
Fixes #20944
Fixes #20943

* Update release notes.

* Update docs/documentation/release_notes/topics/22_0_0.adoc

Co-authored-by: Jon Koops <jonkoops@gmail.com>

---------

Co-authored-by: Jon Koops <jonkoops@gmail.com>
2023-06-20 15:02:22 -04:00
Marek Posolda
a6ad701b5e
Update securing_applications guide for latest adapter changes (community) (#20995)
closes #20994


Co-authored-by: Pedro Igor <pigor.craveiro@gmail.com>
Co-authored-by: andymunro <48995441+andymunro@users.noreply.github.com>
2023-06-20 09:21:47 +02:00
rmartinc
20121ee9da Update docs and tooltips for lifespan and idle timeout changes
Closes https://github.com/keycloak/keycloak/issues/20791
2023-06-20 09:01:32 +02:00
Daniele Martinoli
d9b271c22a
Extends the conditional user attribute authenticator to check the attributes of the joined groups (#20189)
Closes #20007
2023-06-19 15:22:35 +02:00
Jon Koops
651a7f29fc
Promote Account Console v3 to preview (#20969) 2023-06-15 12:24:01 -04:00
vramik
535bba5792 Update UserQueryProvider methods
Closes #20438
2023-06-12 16:04:26 +02:00
Vlasta Ramik
ed473da22b
Clean-up of deprecated methods and interfaces
Fixes #20877

Co-authored-by: andymunro <48995441+andymunro@users.noreply.github.com>
2023-06-09 17:11:20 +00:00
Réda Housni Alaoui
eb9bb281ec Require user to agree to 'terms and conditions' during registration 2023-06-08 10:39:00 -03:00
Marek Posolda
8080085cc1
Removing 'http challenge' authentication flow and related authenticators (#20731)
closes #20497


Co-authored-by: andymunro <48995441+andymunro@users.noreply.github.com>
2023-06-08 14:52:34 +02:00
Peter Zaoral
f4cc6d7b76 Update the docs
* updated the release notes
* updated the FIPS guide

Signed-off-by: Peter Zaoral <pzaoral@redhat.com>
2023-06-07 09:23:12 -03:00
Václav Muzikář
0c2ac4f776
Remove mentions of temporary support for Java EE Admin Client (#20807) 2023-06-06 15:39:56 -03:00
Matthew Helmke
6ce9676d68 Update docs/documentation/internal_resources/contributing.adoc
Co-authored-by: andymunro <48995441+andymunro@users.noreply.github.com>
2023-06-02 07:58:59 -03:00
Matthew Helmke
4761ac1587 Update contributing.adoc
Just fixed a link that went stale when the docs moved from their own repo into the main one.

Oh, and hello!! :D
2023-06-02 07:58:59 -03:00
Martin Kanis
43a2eb40f1 Documentation for User Storage Spi is incorrect
Closes #19763
2023-06-01 10:05:57 +02:00
Pedro Igor
53dfb44a8f
Migration guide for JAX-RS changes (#20659)
Closes #keycloak/keycloak#15454
2023-05-31 13:50:34 +00:00
Takashi Norimatsu
a29c30ccd5 FAPI 2.0 security profile - not allow an authorization request whose parameters were not included in PAR request
closes #20623
2023-05-31 14:02:44 +02:00
vramik
a175efcb72 Split UserQueryProvider into UserQueryMethods and UserCountMethods and make LdapStorageProvider implement only UserQueryMethods
Co-authored-by: mhajas <mhajas@redhat.com>

Closed #20156
2023-05-31 11:47:54 +02:00
stianst
0832992e59 Removing OpenShift integration and moving to separate extension
closes #20496

Co-authored-by: mposolda <mposolda@gmail.com>
2023-05-30 17:39:32 +02:00
Stefan Guilhen
27e79fb025 Fix LDAP user synchronization documentation
Closes #16833
2023-05-30 13:36:34 +02:00
Pedro Igor
b41904bf04 Update release notes on adapter deprecation 2023-05-29 09:47:33 -03:00
Yoshiyuki Tabata
bd37875a66 allow specifying format of "permission" parameter in the UMA grant token
endpoint (#15947)
2023-05-29 08:56:39 -03:00
Peter Zaoral
72b238fb48
Keystore vault (#19644)
* KeystoreVault SPI

* added KeystoreVault - a Vault SPI implementation (#19281)

Closes #17252

Signed-off-by: Peter Zaoral <pzaoral@redhat.com>
2023-05-24 16:20:30 +00:00
Andre Nascimento
c8d418d50b Update of the Server Development doc about how 'User Storage Providers' must adhere to Quarkus.
Closes #19156
2023-05-24 08:41:17 -03:00
mposolda
2672c47bc8 Docs note about manually delete themes cache
closes #19675
2023-05-23 08:53:27 +02:00
Marek Posolda
d7d6b83bd6
Fix the documentation about default themes (#20488)
closes #17130


Co-authored-by: andymunro <48995441+andymunro@users.noreply.github.com>
2023-05-22 19:09:01 +02:00
vramik
fd6a6ec3ad Make LDAP searchForUsersStream consistent with other storages
Co-authored-by: mhajas <mhajas@redhat.com>

Closes #17294
2023-05-19 08:40:41 +02:00
Marek Posolda
908ba027b6
More docs clarification for script authenticator (#20444)
* More docs clarification for script authenticator
closes #20009


Co-authored-by: andymunro <48995441+andymunro@users.noreply.github.com>
2023-05-18 17:41:28 +02:00
Hynek Mlnařík
41cf72d57f
Add note about preserving ID in imports
Co-authored-by: andymunro <48995441+andymunro@users.noreply.github.com>
2023-05-18 13:23:07 +02:00
danielFesenmeyer
d543ba5b56 Consistent message resolving regarding language fallbacks for all themes
- the prio of messages is now as follows for all themes (RL = realm localization, T = Theme i18n files): RL <variant> > T <variant> > RL <region> > T <region> > RL <language> > T <language> > RL en > T en
- centralize the message resolving logic in helper methods in LocaleUtil and use it for all themes, add unit tests in LocaleUtilTest
- add basic integration tests to check whether realm localization can be used in all supported contexts:
  - Account UI V2: org.keycloak.testsuite.ui.account2.InternationalizationTest
  - Login theme: LoginPageTest
  - Email theme: EmailTest
- deprecate the param useRealmDefaultLocaleFallback=true of endpoint /admin/realms/{realm}/localization/{locale}, because it does not resolve fallbacks as expected and is no longer used in admin-ui v2
- fix locale selection in DefaultLocaleSelectorProvider that a supported region (like "de-CH") will no longer selected instead of a supported language (like "de"), when just the language is requested, add corresponding unit tests
- improvements regarding message resolving in Admin UI V2:
  - add cypress test i18n_test.spec.ts, which checks the fallback implementation
  - log a warning instead of an error, when messages for some languages/namespaces cannot be loaded (the page will probably work with fallbacks in that case)

Closes #15845
2023-05-17 15:00:32 +02:00
rmartinc
fdd5e51dbc SSSD documentation updated for quarkus distribution
Closes https://github.com/keycloak/keycloak/issues/20263
2023-05-16 14:26:04 +02:00
Takashi Norimatsu
7f5e94db87 KEYCLOAK-19539 FAPI 2.0 Baseline : Reject Implicit Grant 2023-05-16 14:17:29 +02:00
Martin Kanis
31557f649f Update documentation on user storage provider in Quarkus
Closes #17394
2023-05-16 11:57:26 +02:00
Alexander Schwartz
943b8a37d9
Replace guide with a placeholder for downstream docs (#20266)
Closes #20256
2023-05-16 08:59:11 +02:00
Alexander Schwartz
8cfe8b1411
Update the docs on passthrough proxy (#20072)
Closes #20070
2023-05-15 15:44:47 +00:00
Martin Bartoš
b64260bce5
Jakarta EE and Quarkus 3 upgrade documentation (#20131)
Closes #16251

Co-authored-by: Václav Muzikář <vaclav@muzikari.cz>
Co-authored-by: Alexander Schwartz <aschwart@redhat.com>
2023-05-15 17:20:04 +02:00
AndyMunro
3443739336 Fix headings in Server Developer guide
Closes #20216
2023-05-15 16:49:29 +02:00
Jon Koops
04ab848003
Rework merging of message bundles for localization of Admin Console (#20183)
Closes #20182
2023-05-11 14:23:10 -04:00
Martin Bartoš
39d24bd04d
Migration guide for Keycloak admin client (#20091) 2023-05-10 09:22:33 +02:00
Joshua Sorah
67cc6bfa7c [docs] Add Keycloak JIRA login redirect to allow list.
Modify the ignored-link-redirects to include a regex that covers the Keycloak JIRA login redirect.

This will prevent the tests from failing due to seeing the login redirect.

Closes keycloak/keycloak#20259
2023-05-09 21:08:57 +02:00
vibrown
5aef59acd8 Changed references to Jira issues to Github issues
Closes #19136
2023-05-09 08:54:25 +02:00
Jon Koops
1d2a98d747
Modernize documentation of JavaScript adapter (#20081)
Closes #19792

Co-authored-by: Andrew Munro <amunro@redhat.com>
2023-05-08 08:21:53 -04:00
Martin Bartoš
960e3503ec
Artifact SLF4J LOG4J-12 has been relocated (#20113) 2023-05-05 13:57:45 +02:00
Stian Thorgersen
19d7dc69f7
Fix links (#20147) 2023-05-04 10:27:52 +02:00
Alexander Schwartz
75ea22bad2
Remove latest vs. archive document header (#20103)
This is done as the docs are no longer built twice.

Closes #19974
2023-05-03 09:16:34 +00:00
Alexander Schwartz
ff284182ba
Fix the links to the docs which have three groups starting from KC19 (#20035)
Relates to #19974
2023-05-03 08:58:52 +02:00
mposolda
a3f2ebb193 Ability to override default/built-in providers with same providerId. Using ProviderFactory.order() for choosing priority providers
Closes #19867
2023-04-25 18:04:58 +02:00
Jon Koops
5cfa4bedfd
Remove function-style constructor from Keycloak JS (#19912) 2023-04-24 12:24:33 +00:00
Alexander Schwartz
4f8d67c9fc All commands now auto-reaugment except show-config
Closes #15782
Closes #15898
Closes #17498
2023-04-21 15:06:51 +02:00
Stian Thorgersen
6b3eb46314
Fix setting versions for docs (#19826)
Closes #19801
2023-04-20 09:07:05 +02:00
Stian Thorgersen
2484e87ffc
Update 21_1_0.adoc 2023-04-20 08:23:54 +02:00
andymunro
30ce2d1e5b
Improve key rotation section (#19168)
Co-authored-by: Bruno Oliveira da Silva <bruno@abstractj.com>
2023-04-19 11:04:13 -03:00
buti1021
8a4af59ccb
new link for edit this section button (#19680) 2023-04-18 08:42:51 +02:00
Stian Thorgersen
feb20de2ef
Update release notes for 21.1 (#19718)
* Update release notes for 21.1

* Update docs/documentation/release_notes/topics/21_1_0.adoc

Co-authored-by: Pedro Igor <pigor.craveiro@gmail.com>

* Update docs/documentation/upgrading/topics/keycloak/changes-21_1_0.adoc

Co-authored-by: Jon Koops <jonkoops@gmail.com>

* Update docs/documentation/release_notes/topics/21_1_0.adoc

Co-authored-by: Jon Koops <jonkoops@gmail.com>

* Update docs/documentation/upgrading/topics/keycloak/changes-21_1_0.adoc

Co-authored-by: Jon Koops <jonkoops@gmail.com>

---------

Co-authored-by: Pedro Igor <pigor.craveiro@gmail.com>
Co-authored-by: Jon Koops <jonkoops@gmail.com>
2023-04-14 16:04:44 +02:00
Jon Koops
37e46f3551
Refer to Account Console features by version number (#19716) 2023-04-14 10:48:36 +00:00
Jon Koops
a2eb619e0e
Include Account Console version 3 as a theme (#19641) 2023-04-13 09:41:40 -04:00
mposolda
863d28e232 Promote FIPS 140-2 to supported in Keycloak 22
closes #17234
2023-04-12 15:29:54 +02:00
mposolda
087d1a3be8 Remove unused and outdated page for user federation mapper
closes #19128
2023-04-12 15:21:41 +02:00
mposolda
d89c81fec4 Authentication flows first paragraph seems incomplete
closes #19126
2023-04-12 15:21:03 +02:00
little-pinecone
783cf00f3e Add example for mapping role names between Keycloak and Spring Boot
* use SimpleAuthorityMapper as an example mapper
* show how to convert role names to upper case
* document that the default prefix for that mapper maps role names properly

Closes #19535
2023-04-05 11:04:54 -03:00
mposolda
c6f13363b9 Add nashorn javascript engine to Keycloak server
closes #17671
2023-04-04 14:56:46 +02:00
Jon Koops
bdc019b02c
Fully deprecate function-style constructor for Keycloak JS (#19438) 2023-04-03 14:45:55 +02:00
Jon Koops
8f627517cb
Remove legacy Promise APIs from Keycloak JS (#19389) 2023-03-29 16:29:27 +00:00
Michal Hajas
e49dfe534e Fix missing migration when reading TERMS_AND_CONDITIONS required action in legacy store
Closes #17277
2023-03-29 16:43:01 +02:00
Pedro Hos
142bb30f66
Incorrect documentation around password policies (#19364)
closes #19363


Co-authored-by: andymunro <48995441+andymunro@users.noreply.github.com>
2023-03-29 10:09:40 +02:00
Marek Posolda
032ece9f7b
Clarify user session limits documentation and test SSO scenario (#19372)
Closes #17374


Co-authored-by: andymunro <48995441+andymunro@users.noreply.github.com>
2023-03-29 10:08:45 +02:00
Alexander Schwartz
6e30e09cca
Run tests for the moved documentation (#19278)
Closes #19272
2023-03-28 12:35:27 +02:00
Thomas Darimont
ad05557321 Revise password blacklist documentation
Closes #19279

Co-authored-by: Alexander Schwartz <aschwart@redhat.com>
Co-authored-by: Andy Munro <amunro@redhat.com>
2023-03-28 08:01:39 +02:00
Alexander Schwartz
23d82ea4ed Fix token exchange required features in the docs
Closes #19291

Co-authored-by: alcidesmig@gmail.com
2023-03-27 10:19:36 -03:00
rmartinc
c1afd3f99f Docs changes for running the adapters with EAP7 and jdk-17
Closes https://github.com/keycloak/keycloak/issues/19273
2023-03-27 11:32:33 +02:00
Konstantinos Georgilakis
fd28cd2d4b Service Accounts Client must create the Client ID mapper with Token Claim Name as client_id
closes #16329
2023-03-23 11:45:34 +01:00
mposolda
9ed5e56fd5 Updating name of the provider in the docs
closes #19122
2023-03-23 07:41:57 -03:00
Marek Posolda
74429e8855
Explicitly add note to the docs that admin user needs to be created be created before using admin REST API (#19246)
closes #19145


Co-authored-by: andymunro <48995441+andymunro@users.noreply.github.com>
2023-03-22 21:19:09 +01:00
Denis Richtarik
5e92fb9008 Skip on deploy plugin in documentation tests module 2023-03-22 12:40:32 +01:00
Miquel Simon
38b351b2e0 Generate jar file for documentation test artifact. 2023-03-22 12:36:47 +01:00
Stian Thorgersen
70bad90455
Skip GPG signing for docs test module (#19197) 2023-03-21 08:49:08 +01:00