Commit graph

177 commits

Author SHA1 Message Date
Thomas Darimont
93fc6a6c54 Shorter lifespan for offline session cache entries in memory
Closes #26810

Co-authored-by: Thomas Darimont <thomas.darimont@googlemail.com>
Co-authored-by: Martin Kanis <mkanis@redhat.com>

Signed-off-by: Thomas Darimont <thomas.darimont@googlemail.com>
Signed-off-by: Martin Kanis <mkanis@redhat.com>
2024-02-09 19:44:04 +01:00
Michal Hajas
de598577b1 Fix confusing SAML NameId mapper format tooltip
Closes #26051
Signed-off-by: Michal Hajas <mhajas@redhat.com>
Co-authored-by: Hynek Mlnařík <hmlnarik@users.noreply.github.com>
2024-02-08 11:21:11 +01:00
Tero Saarni
ac1780a54f
Added event for temporary lockout for brute force protector (#26630)
This change adds event for brute force protector when user account is
temporarily disabled.

It also lowers the priority of free-text log for failed login attempts.

Signed-off-by: Tero Saarni <tero.saarni@est.tech>
Signed-off-by: Alexander Schwartz <aschwart@redhat.com>
Co-authored-by: Alexander Schwartz <aschwart@redhat.com>
2024-02-07 14:13:33 +00:00
Steven Hawkins
f55e903092
Convert watching to polling and adding infinispan config file support (#26510)
Signed-off-by: Steve Hawkins <shawkins@redhat.com>
2024-01-31 12:57:34 +00:00
Stian Thorgersen
bc3c27909e
Cookie Provider (#26499)
Closes #26500

Signed-off-by: stianst <stianst@gmail.com>
2024-01-26 10:45:00 +01:00
Stian Thorgersen
fea49765f0
Remove Jetty 9.4 adapters (#26261)
Only removing the distribution of the Jetty adapter for now, and leaving the rest for now. This is due to the complexity of removing all Jetty adapter code due to Spring, OSGI, Fuse, testsuite, etc. and it will be better to leave the rest of the clean-up to after 24 when we are removing most adapters

Closes #26255

Signed-off-by: stianst <stianst@gmail.com>
2024-01-24 11:17:29 +01:00
Jon Koops
5bf2d4b6ec
Enable PKCE by default for Keycloak JS (#26412)
Closes #26411

Signed-off-by: Jon Koops <jonkoops@gmail.com>
2024-01-23 14:04:13 +01:00
Alexander Schwartz
b9498b91cb
Deprecating the offline session preloading (#26160)
Closes #25300

Signed-off-by: Alexander Schwartz <aschwart@redhat.com>
2024-01-16 09:29:01 +01:00
Alexander Schwartz
01939bcf34
Remove concurrent loading of remote sessions as at startup time only one node is up anyway. (#25709)
Closes #22082

Signed-off-by: Alexander Schwartz <aschwart@redhat.com>
Co-authored-by: Martin Kanis <martin-kanis@users.noreply.github.com>
2024-01-09 16:55:22 +01:00
Douglas Palmer
58d167fe59 Deleting a User or User Group might cause that all users suddenly get the permissions of the deleted user.
Closes #24651
Signed-off-by: Douglas Palmer <dpalmer@redhat.com>
2024-01-08 19:32:01 -03:00
Alexander Schwartz
badf3f461d Making metrics with labels for embedded Infinispan the default
Closes #25935

Signed-off-by: Alexander Schwartz <aschwart@redhat.com>
2024-01-08 21:29:03 +01:00
Jon Koops
ddcaa6dcbf
Add release announcement and migration for new welcome theme (#25895)
Closes #25894

Signed-off-by: Jon Koops <jonkoops@gmail.com>
2024-01-08 13:10:51 +00:00
Pedro Igor
8ff9e71eae Do not allow verifying email from a different account
Closes #14776

Signed-off-by: Pedro Igor <pigor.craveiro@gmail.com>
2024-01-05 12:45:07 +01:00
Steven Hawkins
667ce4be9e
enhance: supporting versioned features (#24811)
also adding a common PropertyMapper validation method

closes #24668

Co-authored-by: Václav Muzikář <vaclav@muzikari.cz>
Co-authored-by: Martin Bartoš <mabartos@redhat.com>
2024-01-03 17:56:31 +01:00
Pedro Igor
ceb085e7b8 Update the UPDATE_EMAIL feature to rely on the user profile configuration when rendering templates and validating the email
Closes #25704

Signed-off-by: Pedro Igor <pigor.craveiro@gmail.com>
2023-12-20 15:15:06 -03:00
Pedro Igor
778847a3ce Updating theme templates to render user attributes based on the user profile configuration
Closes #25149

Signed-off-by: Pedro Igor <pigor.craveiro@gmail.com>
2023-12-18 15:35:52 -03:00
Steven Hawkins
bee7595275
fix: adding the kube ca cert to the truststores
closes #10794

Signed-off-by: Steve Hawkins <shawkins@redhat.com>
Co-authored-by: Alexander Schwartz <alexander.schwartz@gmx.net>
2023-12-18 15:56:43 +01:00
Steven Hawkins
08751001db
enhance: adds truststores to the keycloak cr (#25215)
also generally correcting the misspelling trustore

closes: #24798

Signed-off-by: Steve Hawkins <shawkins@redhat.com>
2023-12-14 11:15:06 -03:00
Václav Muzikář
e4c348e99e
Add new --proxy-headers option (#25178)
* Add new `--proxy-headers` option

Closes #23431

Signed-off-by: Václav Muzikář <vmuzikar@redhat.com>

Co-authored-by: Martin Bartoš <mabartos@redhat.com>
Co-authored-by: Alexander Schwartz <aschwart@redhat.com>

* Address review comments vol. 03

Signed-off-by: Václav Muzikář <vmuzikar@redhat.com>

* Address review comments vol. 04

Signed-off-by: Václav Muzikář <vmuzikar@redhat.com>

---------

Signed-off-by: Václav Muzikář <vmuzikar@redhat.com>
Co-authored-by: Martin Bartoš <mabartos@redhat.com>
Co-authored-by: Alexander Schwartz <aschwart@redhat.com>
2023-12-13 10:48:12 -03:00
Pedro Igor
fa79b686b6 Refactoring user profile interfaces and consolidating user representation for both admin and account context
Signed-off-by: Pedro Igor <pigor.craveiro@gmail.com>
2023-12-13 08:27:55 +01:00
Steven Hawkins
4db4982e9d
enhance: adding a start optimized flag (#25216)
closes: #25015



Update docs/guides/operator/customizing-keycloak.adoc
Update docs/documentation/release_notes/topics/24_0_0.adoc
Update operator/src/main/java/org/keycloak/operator/crds/v2alpha1/deployment/KeycloakSpec.java

Signed-off-by: Václav Muzikář <vmuzikar@redhat.com>
Co-authored-by: Václav Muzikář <vaclav@muzikari.cz>
2023-12-11 16:15:16 +00:00
Alexander Schwartz
a08f112f79
Add links to guides and GitHub discussions (#25271)
This should increase the likelihood for feedback

Closes #25270

Signed-off-by: Alexander Schwartz <aschwart@redhat.com>
2023-12-05 08:57:52 +01:00
Michal Hajas
cafc238ff2
Add documentation for lb-check
Closes #25077

Signed-off-by: Michal Hajas <mhajas@redhat.com>
Signed-off-by: Alexander Schwartz <aschwart@redhat.com>
Co-authored-by: Alexander Schwartz <aschwart@redhat.com>
2023-11-30 12:47:06 +00:00
Steven Hawkins
8c3df19722
feature: add option for creating a global truststore (#24473)
closes #24148

Co-authored-by: Václav Muzikář <vaclav@muzikari.cz>
Co-authored-by: Martin Bartoš <mabartos@redhat.com>
2023-11-30 08:57:17 +01:00
rmartinc
16afecd6b4 Allow automatic download of SAML certificates in the identity provider
Closes https://github.com/keycloak/keycloak/issues/24424

Signed-off-by: rmartinc <rmartinc@redhat.com>
2023-11-29 18:03:31 +01:00
Jon Koops
48fc29a5c6
Use exports field for Keycloak JS (#24974)
Closes #24923

Signed-off-by: Jon Koops <jonkoops@gmail.com>
2023-11-24 10:50:02 +01:00
Stian Thorgersen
f41383a851
Release notes editorial for 23 (#24972)
Signed-off-by: stianst <stianst@gmail.com>
2023-11-23 13:34:45 +01:00
Alexander Schwartz
834ef79509
Adding a Keycloak High Availability section to Keycloak's docs
The content was moved over from the Keycloak Benchmark subproject.

Closes #24844

Signed-off-by: Alexander Schwartz <aschwart@redhat.com>
Co-authored-by: Pedro Ruivo <pruivo@redhat.com>
Co-authored-by: Michal Hajas <mhajas@redhat.com>
Co-authored-by: Kamesh Akella <kakella@redhat.com>
Co-authored-by: Ryan Emerson <remerson@redhat.com>
Co-authored-by: Anna Manukyan <amanukya@redhat.com>
Co-authored-by: Thomas Darimont <thomas.darimont@googlemail.com>
Co-authored-by: Stian Thorgersen <stian@redhat.com>
Co-authored-by: Thomas Darimont <thomas.darimont@googlemail.com>
Co-authored-by: AndyMunro <amunro@redhat.com>
2023-11-23 12:27:47 +00:00
mposolda
87c45437a5 Release notes for max auth age password policy
Signed-off-by: mposolda <mposolda@gmail.com>

Co-authored-by: andymunro <48995441+andymunro@users.noreply.github.com>
2023-11-22 07:35:09 +01:00
Marek Posolda
765e4838e9
Remove OIDC and SAML adapters for Wildfly/EAP ZIP downloads. Update documentation. (#24877)
* Update EAP documentation for OIDC and SAML (#24734)

Co-authored-by: andymunro <48995441+andymunro@users.noreply.github.com>

(cherry picked from commit d7f2ad747d90dd0475a016fcfd528fea4ebed043)

Signed-off-by: Stian Thorgersen <stianst@gmail.com>

* Remove OIDC and SAML adapters for Wildfly/EAP ZIP downloads. Update documentation.
Closes #24713

Signed-off-by: mposolda <mposolda@gmail.com>

Co-authored-by: Stian Thorgersen <stian@redhat.com>

---------

Signed-off-by: Stian Thorgersen <stianst@gmail.com>
Co-authored-by: Stian Thorgersen <stianst@gmail.com>
Co-authored-by: Stian Thorgersen <stian@redhat.com>
2023-11-21 14:22:00 +00:00
Václav Muzikář
15a83985b1 Implement load shedding
Closes #23340

Co-authored-by: Alexander Schwartz <aschwart@redhat.com>
Signed-off-by: Václav Muzikář <vmuzikar@redhat.com>
2023-11-21 13:43:09 +01:00
Alexander Schwartz
1b12fe132b Update documentation for removal of the map store
Signed-off-by: Alexander Schwartz <aschwart@redhat.com>

Closes #24092
2023-11-13 15:38:05 +01:00
mposolda
4ec85707f4 Upgrading notes for user profile
closes #24491

Signed-off-by: mposolda <mposolda@gmail.com>

Co-authored-by: andymunro <48995441+andymunro@users.noreply.github.com>
2023-11-06 02:19:26 -08:00
mposolda
70e820469a Updating release notes for Keycloak 23 with some 'core features' improvements
closes #23971

Co-authored-by: andymunro <48995441+andymunro@users.noreply.github.com>
2023-11-01 17:39:02 +01:00
Ivan Atanasov
7b0683879d Updated documentations to mention Resteasy reactive migration
Closes #23444
2023-10-31 20:59:12 +01:00
Hynek Mlnařík
3f55cd72d7 Docs: Fix account name
Closes: #24341
2023-10-27 09:32:27 +02:00
Takashi Norimatsu
1c8cddf145 passkeys: documentation
closes #23660
2023-10-24 14:48:13 +02:00
Pedro Igor
5958c7948d
Ignore attributes when they are not prefixed with user.attributes prefix (#23184)
Co-authored-by: mposolda <mposolda@gmail.com>
Co-authored-by: stianst <stianst@gmail.com>
2023-09-14 10:35:47 +02:00
Martin Bartoš
6ca78b7554 Return Oracle JDBC driver to the upstream
Closes #22999
2023-09-06 19:11:29 +02:00
mposolda
57e51e9dd4 Use an original domain name of Kerberos Principal in UserModel attribute instead of configured value of Kerberos realm in User federation
closes #20045
2023-08-30 13:24:48 +02:00
Marek Posolda
6f989fc132
Fallback to next LDAP/Kerberos provider when not able to find authenticated Kerberos principal (#22531)
closes #22352 #9422
2023-08-29 11:21:01 +00:00
Martin Bartoš
fcf65389ea
Remove Oracle Database JDBC driver from the Keycloak distribution (#22577)
* Remove Oracle Database JDBC driver from the Keycloak distribution

Closes #22452

* Remove profile for proprietary Oracle JDBC driver

---------

Co-authored-by: Alexander Schwartz <aschwart@redhat.com>
2023-08-21 15:13:49 +00:00
mposolda
710f28ce9e DPoP release notes and documentation polishing
closes #21922
2023-08-08 09:47:28 +02:00
Marek Posolda
d954dfec5e
Release notes and documentation for FAPI 2 (#22228)
Closes #21945


Co-authored-by: andymunro <48995441+andymunro@users.noreply.github.com>
2023-08-04 08:21:27 +02:00
Alexander Schwartz
748c53df7f
Use Java mechanisms to read language files and default to UTF-8 (#21755)
Closes #21753
2023-08-01 11:27:10 +02:00
Stian Thorgersen
3d33878c33
Update release notes for 22 (#21583)
* Updates to release notes

* Fix
2023-07-11 11:02:45 +02:00
rmartinc
09e30b3c99 Support for JWE IDToken and UserInfo tokens in OIDC brokers
Closes https://github.com/keycloak/keycloak/issues/21254
2023-07-03 21:25:46 -03:00
mposolda
0ea2891eee Remove support for OpenJDK 11 on the server side
closes #15014
2023-07-03 13:12:22 -03:00
Daniele Martinoli
e2ac9487f7
Conditional login through identity provider (#20188)
Closes #20191


Co-authored-by: Jon Koops <jonkoops@gmail.com>
Co-authored-by: andymunro <48995441+andymunro@users.noreply.github.com>
Co-authored-by: Marek Posolda <mposolda@gmail.com>
2023-06-29 18:44:15 +02:00
Steven Hawkins
88992dae19
widens status to be any type. (#21281)
this is to avoid olm complaining about an incompatible schema during
upgrade

Relates to #13074
2023-06-29 08:57:22 +02:00
Ricardo Martin
1973d0f0d4 Check the redirect URI is http(s) when used for a form Post (#22)
Closes https://github.com/keycloak/security/issues/22

Co-authored-by: Stian Thorgersen <stianst@gmail.com>
Signed-off-by: Peter Skopek <pskopek@redhat.com>
2023-06-28 17:52:48 -03:00
Hynek Mlnarik
c092c76ae8 Remove ldapsOnly (Java)
In `LDAPConstants.java`, the function to set the Truststore SPI system property was removed, as this is now handled by the `shouldUseTruststoreSpi` method in `LdapUtil`.

Closes: #9313
2023-06-28 08:30:09 +02:00
Stian Thorgersen
4fcb154d36
Add removal of account console v1 to release notes (#21212)
* Add removal of account console v1 to release notes

* Update docs/documentation/release_notes/topics/22_0_0.adoc

Co-authored-by: Jon Koops <jonkoops@gmail.com>

* Update docs/documentation/release_notes/topics/22_0_0.adoc

Co-authored-by: andymunro <48995441+andymunro@users.noreply.github.com>

* Update docs/documentation/release_notes/topics/22_0_0.adoc

Co-authored-by: andymunro <48995441+andymunro@users.noreply.github.com>

* Update docs/documentation/release_notes/topics/22_0_0.adoc

Co-authored-by: andymunro <48995441+andymunro@users.noreply.github.com>

---------

Co-authored-by: Jon Koops <jonkoops@gmail.com>
Co-authored-by: andymunro <48995441+andymunro@users.noreply.github.com>
2023-06-28 07:52:10 +02:00
Steve Hawkins
6a92669139 finishes the conversion away from createOrReplace
however this is a broader change given the implications of
serverSideApply vs createOrReplace - mostly the concern of only applying
the managed state not based upon an existing resource

Closes #20850
2023-06-23 11:55:47 -03:00
Steven Hawkins
fc0be1a65b Update docs/documentation/release_notes/topics/22_0_0.adoc
Co-authored-by: Peter Zaoral <pepo48@gmail.com>
2023-06-21 17:14:33 -03:00
Steve Hawkins
5701f70157 changes condition status to be a string, rather than a boolean
Closes #13074
2023-06-21 17:14:33 -03:00
Gilvan Filho
2493f11331 count users by custom user attribute
closes #14747
2023-06-21 11:56:22 -03:00
Stan Silvert
513c00bcd9
Remove unused feature flags. (#21039)
* Remove unused feature flags.
Fixes #20944
Fixes #20943

* Update release notes.

* Update docs/documentation/release_notes/topics/22_0_0.adoc

Co-authored-by: Jon Koops <jonkoops@gmail.com>

---------

Co-authored-by: Jon Koops <jonkoops@gmail.com>
2023-06-20 15:02:22 -04:00
Jon Koops
651a7f29fc
Promote Account Console v3 to preview (#20969) 2023-06-15 12:24:01 -04:00
Peter Zaoral
f4cc6d7b76 Update the docs
* updated the release notes
* updated the FIPS guide

Signed-off-by: Peter Zaoral <pzaoral@redhat.com>
2023-06-07 09:23:12 -03:00
Pedro Igor
53dfb44a8f
Migration guide for JAX-RS changes (#20659)
Closes #keycloak/keycloak#15454
2023-05-31 13:50:34 +00:00
stianst
0832992e59 Removing OpenShift integration and moving to separate extension
closes #20496

Co-authored-by: mposolda <mposolda@gmail.com>
2023-05-30 17:39:32 +02:00
Alexander Schwartz
943b8a37d9
Replace guide with a placeholder for downstream docs (#20266)
Closes #20256
2023-05-16 08:59:11 +02:00
Alexander Schwartz
8cfe8b1411
Update the docs on passthrough proxy (#20072)
Closes #20070
2023-05-15 15:44:47 +00:00
Martin Bartoš
b64260bce5
Jakarta EE and Quarkus 3 upgrade documentation (#20131)
Closes #16251

Co-authored-by: Václav Muzikář <vaclav@muzikari.cz>
Co-authored-by: Alexander Schwartz <aschwart@redhat.com>
2023-05-15 17:20:04 +02:00
Jon Koops
04ab848003
Rework merging of message bundles for localization of Admin Console (#20183)
Closes #20182
2023-05-11 14:23:10 -04:00
Martin Bartoš
39d24bd04d
Migration guide for Keycloak admin client (#20091) 2023-05-10 09:22:33 +02:00
Stian Thorgersen
19d7dc69f7
Fix links (#20147) 2023-05-04 10:27:52 +02:00
Jon Koops
5cfa4bedfd
Remove function-style constructor from Keycloak JS (#19912) 2023-04-24 12:24:33 +00:00
Alexander Schwartz
4f8d67c9fc All commands now auto-reaugment except show-config
Closes #15782
Closes #15898
Closes #17498
2023-04-21 15:06:51 +02:00
Stian Thorgersen
2484e87ffc
Update 21_1_0.adoc 2023-04-20 08:23:54 +02:00
Stian Thorgersen
feb20de2ef
Update release notes for 21.1 (#19718)
* Update release notes for 21.1

* Update docs/documentation/release_notes/topics/21_1_0.adoc

Co-authored-by: Pedro Igor <pigor.craveiro@gmail.com>

* Update docs/documentation/upgrading/topics/keycloak/changes-21_1_0.adoc

Co-authored-by: Jon Koops <jonkoops@gmail.com>

* Update docs/documentation/release_notes/topics/21_1_0.adoc

Co-authored-by: Jon Koops <jonkoops@gmail.com>

* Update docs/documentation/upgrading/topics/keycloak/changes-21_1_0.adoc

Co-authored-by: Jon Koops <jonkoops@gmail.com>

---------

Co-authored-by: Pedro Igor <pigor.craveiro@gmail.com>
Co-authored-by: Jon Koops <jonkoops@gmail.com>
2023-04-14 16:04:44 +02:00
Jon Koops
37e46f3551
Refer to Account Console features by version number (#19716) 2023-04-14 10:48:36 +00:00
Jon Koops
a2eb619e0e
Include Account Console version 3 as a theme (#19641) 2023-04-13 09:41:40 -04:00
mposolda
863d28e232 Promote FIPS 140-2 to supported in Keycloak 22
closes #17234
2023-04-12 15:29:54 +02:00
Jon Koops
8f627517cb
Remove legacy Promise APIs from Keycloak JS (#19389) 2023-03-29 16:29:27 +00:00
Alexander Schwartz
4dcb819c06 Moving docs to new folder
CIAM-5056
2023-03-20 09:07:58 +01:00