Pedro Igor
3a7ce54266
Allow formating numbers when rendering attributes
...
Closes keycloak#26320
Signed-off-by: Pedro Igor <pigor.craveiro@gmail.com>
2024-02-01 08:14:58 -03:00
Martin Kanis
a3fcacdab7
Map Store Removal: deprecate model legacy module
...
Closes #26598
Signed-off-by: Martin Kanis <mkanis@redhat.com>
2024-01-31 17:40:45 +01:00
Steven Hawkins
f55e903092
Convert watching to polling and adding infinispan config file support ( #26510 )
...
Signed-off-by: Steve Hawkins <shawkins@redhat.com>
2024-01-31 12:57:34 +00:00
Stian Thorgersen
bc3c27909e
Cookie Provider ( #26499 )
...
Closes #26500
Signed-off-by: stianst <stianst@gmail.com>
2024-01-26 10:45:00 +01:00
Martin Kanis
7797f778d1
Map Store Removal: Rename legacy modules
...
Closes #24107
Signed-off-by: Martin Kanis <mkanis@redhat.com>
2024-01-25 16:29:16 +01:00
Thomas Darimont
e7363905fa
Change password hashing defaults according to OWASP recommendations ( #16629 )
...
Changes according to the latest [OWASP cheat sheet for secure Password Storage](https://cheatsheetseries.owasp.org/cheatsheets/Password_Storage_Cheat_Sheet.html#pbkdf2 ):
- Changed default password hashing algorithm from pbkdf2-sha256 to pbkdf2-sha512
- Increased number of hash iterations for pbkdf2-sha1 from 20.000 to 1.300.000
- Increased number of hash iterations for pbkdf2-sha256 from 27.500 to 600.000
- Increased number of hash iterations for pbkdf2-sha512 from 30.000 to 210.000
- Adapt PasswordHashingTest to new defaults
- The test testBenchmarkPasswordHashingConfigurations can be used to compare the different hashing configurations.
- Document changes in changes document with note on performance and how
to keep the old behaviour.
- Log a warning at the first time when Pbkdf2PasswordHashProviderFactory is used directly
Fixes #16629
Signed-off-by: Thomas Darimont <thomas.darimont@googlemail.com>
2024-01-24 18:35:51 +01:00
Stian Thorgersen
fea49765f0
Remove Jetty 9.4 adapters ( #26261 )
...
Only removing the distribution of the Jetty adapter for now, and leaving the rest for now. This is due to the complexity of removing all Jetty adapter code due to Spring, OSGI, Fuse, testsuite, etc. and it will be better to leave the rest of the clean-up to after 24 when we are removing most adapters
Closes #26255
Signed-off-by: stianst <stianst@gmail.com>
2024-01-24 11:17:29 +01:00
Martin Kanis
84603a9363
Map Store Removal: Rename Legacy* classes ( #26273 )
...
Closes #24105
Signed-off-by: Martin Kanis <mkanis@redhat.com>
2024-01-23 13:50:31 +00:00
Jon Koops
5bf2d4b6ec
Enable PKCE by default for Keycloak JS ( #26412 )
...
Closes #26411
Signed-off-by: Jon Koops <jonkoops@gmail.com>
2024-01-23 14:04:13 +01:00
rmartinc
2f0a0b6ad8
Remove deprecated mode for saml encryption
...
Closes #26291
Signed-off-by: rmartinc <rmartinc@redhat.com>
2024-01-18 16:52:10 +01:00
Lex Cao
a960d0d8fa
Add upgrading docs for changes to send-verify-email API
...
Closes #26146 .
Signed-off-by: Lex Cao <lexcao@foxmail.com>
2024-01-18 09:48:01 +01:00
Alexander Schwartz
b9498b91cb
Deprecating the offline session preloading ( #26160 )
...
Closes #25300
Signed-off-by: Alexander Schwartz <aschwart@redhat.com>
2024-01-16 09:29:01 +01:00
Luca Orlandi
d70dd9db67
Update placeholders for hostname and port ( #24153 )
...
Signed-off-by: Alexander Schwartz <aschwart@redhat.com>
Co-authored-by: Alexander Schwartz <aschwart@redhat.com>
2024-01-11 12:05:05 +01:00
Kévin Martins
16dddfa49c
Complete the documentation for the use case of a resource from an email template. ( #25705 )
...
Signed-off-by: Kevin MARTINS <k.martins@ubitransport.com>
2024-01-10 18:08:04 -03:00
AndyMunro
b875acbc20
Change RHDG to Infinispan
...
Closes #26083
Signed-off-by: AndyMunro <amunro@redhat.com>
2024-01-10 17:18:50 +01:00
rmartinc
179ca3fa3a
Sanitize logs in JBossLoggingEventListenerProvider
...
Closes #25078
Signed-off-by: rmartinc <rmartinc@redhat.com>
2024-01-10 16:50:27 +01:00
Alexander Schwartz
4be4212dca
Remove conditionals about Linux vs. Windows ( #26031 )
...
Closes #26028
Signed-off-by: Alexander Schwartz <aschwart@redhat.com>
2024-01-10 16:03:38 +01:00
Alexander Schwartz
01939bcf34
Remove concurrent loading of remote sessions as at startup time only one node is up anyway. ( #25709 )
...
Closes #22082
Signed-off-by: Alexander Schwartz <aschwart@redhat.com>
Co-authored-by: Martin Kanis <martin-kanis@users.noreply.github.com>
2024-01-09 16:55:22 +01:00
shigeyuki kabano
8b65e6727b
Creating documentation for Lightweight access token( #25743 )
...
Closes keycloak#23725
Signed-off-by: shigeyuki kabano <shigeyuki.kabano.sj@hitachi.com>
2024-01-09 09:48:20 +01:00
Pedro Igor
7fad0e805e
Improve brute force documentation around how the effective wait time is calculated
...
Closes #25915
Signed-off-by: Pedro Igor <pigor.craveiro@gmail.com>
Co-authored-by: Alexander Schwartz <alexander.schwartz@gmx.net>
Co-authored-by: andymunro <48995441+andymunro@users.noreply.github.com>
2024-01-09 07:50:17 +00:00
Sebastian Schuster
92d6da437b
Fixed tiny doc typo ( #26012 )
...
Signed-off-by: Sebastian Schuster <sebastian.schuster@bosch.io>
2024-01-09 08:02:02 +01:00
Douglas Palmer
58d167fe59
Deleting a User or User Group might cause that all users suddenly get the permissions of the deleted user.
...
Closes #24651
Signed-off-by: Douglas Palmer <dpalmer@redhat.com>
2024-01-08 19:32:01 -03:00
Alexander Schwartz
badf3f461d
Making metrics with labels for embedded Infinispan the default
...
Closes #25935
Signed-off-by: Alexander Schwartz <aschwart@redhat.com>
2024-01-08 21:29:03 +01:00
Jon Koops
ddcaa6dcbf
Add release announcement and migration for new welcome theme ( #25895 )
...
Closes #25894
Signed-off-by: Jon Koops <jonkoops@gmail.com>
2024-01-08 13:10:51 +00:00
Steven Hawkins
7bde7c30cc
fix: do not split on space for option errors ( #25876 )
...
closes #25783
Signed-off-by: Steve Hawkins <shawkins@redhat.com>
2024-01-05 13:01:17 +01:00
Pedro Igor
8ff9e71eae
Do not allow verifying email from a different account
...
Closes #14776
Signed-off-by: Pedro Igor <pigor.craveiro@gmail.com>
2024-01-05 12:45:07 +01:00
Ben Cresitello-Dittmar
057d8a00ac
Implement Authentication Method Reference (AMR) claim from OIDC specification
...
This implements a method for configuring authenticator reference values for Keycloak authenticator executions and a protocol mapper for populating the AMR claim in the resulting OIDC tokens.
This implementation adds a default configuration item to each authenticator execution, allowing administrators to configure an authenticator reference value. Upon successful completion of an authenticator during an authentication flow, Keycloak tracks the execution ID in a user session note.
The protocol mapper pulls the list of completed authenticators from the user session notes and loads the associated configurations for each authenticator execution. It then captures the list of authenticator references from these configs and sets it in the AMR claim of the resulting tokens.
Closes #19190
Signed-off-by: Ben Cresitello-Dittmar <bcresitellodittmar@mitre.org>
2024-01-03 14:59:05 -03:00
Steven Hawkins
667ce4be9e
enhance: supporting versioned features ( #24811 )
...
also adding a common PropertyMapper validation method
closes #24668
Co-authored-by: Václav Muzikář <vaclav@muzikari.cz>
Co-authored-by: Martin Bartoš <mabartos@redhat.com>
2024-01-03 17:56:31 +01:00
Pedro Igor
ceb085e7b8
Update the UPDATE_EMAIL feature to rely on the user profile configuration when rendering templates and validating the email
...
Closes #25704
Signed-off-by: Pedro Igor <pigor.craveiro@gmail.com>
2023-12-20 15:15:06 -03:00
Takashi Norimatsu
751cadc514
Documentation about Australia Consumer Data Right security profile
...
closes #25236
Signed-off-by: Takashi Norimatsu <takashi.norimatsu.ws@hitachi.com>
2023-12-19 21:06:03 +01:00
Konstantinos Georgilakis
ba8c22eaf0
Scope parameter in Oauth 2.0 token exchange
...
Closes #21578
Signed-off-by: cgeorgilakis-grnet <cgeorgilakis@admin.grnet.gr>
2023-12-18 15:44:26 -03:00
Pedro Igor
778847a3ce
Updating theme templates to render user attributes based on the user profile configuration
...
Closes #25149
Signed-off-by: Pedro Igor <pigor.craveiro@gmail.com>
2023-12-18 15:35:52 -03:00
Steven Hawkins
bee7595275
fix: adding the kube ca cert to the truststores
...
closes #10794
Signed-off-by: Steve Hawkins <shawkins@redhat.com>
Co-authored-by: Alexander Schwartz <alexander.schwartz@gmx.net>
2023-12-18 15:56:43 +01:00
Steven Hawkins
e148021a67
fix: adding filtering to ignore anything runtime during a build ( #25434 )
...
fix: adding filtering to ignore anything runtime during a build
closes : #25166
Signed-off-by: Steve Hawkins <shawkins@redhat.com>
Co-authored-by: Martin Bartoš <mabartos@redhat.com>
2023-12-18 12:50:47 +00:00
Marek Posolda
be935c2763
Incorrect version of the fix in release notes ( #25661 )
...
closes #25660
Signed-off-by: mposolda <mposolda@gmail.com>
2023-12-18 11:56:58 +01:00
Takashi Norimatsu
59536becec
Client policies : executor for enforcing DPoP
...
closes #25315
Signed-off-by: Takashi Norimatsu <takashi.norimatsu.ws@hitachi.com>
2023-12-18 10:45:18 +01:00
AndyMunro
2853136bbb
Remove topic on user attributes in Account Console
...
Closes #22555
Signed-off-by: AndyMunro <amunro@redhat.com>
2023-12-15 12:07:35 +01:00
Erwin Rooijakkers
860978b15a
Change arg of getSubGroups to briefRepresentation
...
Parameter name briefRepresentation should mean briefRepresentation,
not full. This way callers will by default get the full
representation, unless true is passed as value for
briefRepresentation.
Fixes #25096
Signed-off-by: Erwin Rooijakkers <erwin@rooijakkers.software>
2023-12-14 17:23:27 +01:00
Steven Hawkins
08751001db
enhance: adds truststores to the keycloak cr ( #25215 )
...
also generally correcting the misspelling trustore
closes : #24798
Signed-off-by: Steve Hawkins <shawkins@redhat.com>
2023-12-14 11:15:06 -03:00
Václav Muzikář
e4c348e99e
Add new --proxy-headers
option ( #25178 )
...
* Add new `--proxy-headers` option
Closes #23431
Signed-off-by: Václav Muzikář <vmuzikar@redhat.com>
Co-authored-by: Martin Bartoš <mabartos@redhat.com>
Co-authored-by: Alexander Schwartz <aschwart@redhat.com>
* Address review comments vol. 03
Signed-off-by: Václav Muzikář <vmuzikar@redhat.com>
* Address review comments vol. 04
Signed-off-by: Václav Muzikář <vmuzikar@redhat.com>
---------
Signed-off-by: Václav Muzikář <vmuzikar@redhat.com>
Co-authored-by: Martin Bartoš <mabartos@redhat.com>
Co-authored-by: Alexander Schwartz <aschwart@redhat.com>
2023-12-13 10:48:12 -03:00
Pedro Igor
fa79b686b6
Refactoring user profile interfaces and consolidating user representation for both admin and account context
...
Signed-off-by: Pedro Igor <pigor.craveiro@gmail.com>
2023-12-13 08:27:55 +01:00
Steven Hawkins
4db4982e9d
enhance: adding a start optimized flag ( #25216 )
...
closes : #25015
Update docs/guides/operator/customizing-keycloak.adoc
Update docs/documentation/release_notes/topics/24_0_0.adoc
Update operator/src/main/java/org/keycloak/operator/crds/v2alpha1/deployment/KeycloakSpec.java
Signed-off-by: Václav Muzikář <vmuzikar@redhat.com>
Co-authored-by: Václav Muzikář <vaclav@muzikari.cz>
2023-12-11 16:15:16 +00:00
Steven Hawkins
ba3451ff2e
doc: adding a note about removing the ( #25436 )
...
closes : #25307
Signed-off-by: Steve Hawkins <shawkins@redhat.com>
2023-12-08 17:47:33 +01:00
Alexander Schwartz
a08f112f79
Add links to guides and GitHub discussions ( #25271 )
...
This should increase the likelihood for feedback
Closes #25270
Signed-off-by: Alexander Schwartz <aschwart@redhat.com>
2023-12-05 08:57:52 +01:00
Michal Hajas
cafc238ff2
Add documentation for lb-check
...
Closes #25077
Signed-off-by: Michal Hajas <mhajas@redhat.com>
Signed-off-by: Alexander Schwartz <aschwart@redhat.com>
Co-authored-by: Alexander Schwartz <aschwart@redhat.com>
2023-11-30 12:47:06 +00:00
Steven Hawkins
8c3df19722
feature: add option for creating a global truststore ( #24473 )
...
closes #24148
Co-authored-by: Václav Muzikář <vaclav@muzikari.cz>
Co-authored-by: Martin Bartoš <mabartos@redhat.com>
2023-11-30 08:57:17 +01:00
rmartinc
16afecd6b4
Allow automatic download of SAML certificates in the identity provider
...
Closes https://github.com/keycloak/keycloak/issues/24424
Signed-off-by: rmartinc <rmartinc@redhat.com>
2023-11-29 18:03:31 +01:00
rmartinc
3bc028fe2d
Remove lowercase for the hostname as recommended/advised by OAuth spec
...
Closes https://github.com/keycloak/keycloak/issues/25001
Signed-off-by: rmartinc <rmartinc@redhat.com>
2023-11-29 10:26:00 -03:00
Takashi Norimatsu
29aec9c5b5
Documentation Inconsistency about Open Banking(Finance) Brasil FAPI security profile
...
closes #25108
Signed-off-by: Takashi Norimatsu <takashi.norimatsu.ws@hitachi.com>
2023-11-29 07:39:51 -03:00
Steven Hawkins
dacee3a36b
doc: adding a note that quoting all of the arguments no longer works ( #25083 )
...
closes #25018
Signed-off-by: Steve Hawkins <shawkins@redhat.com>
2023-11-28 14:31:47 +01:00