andymunro
66cffca3d4
Simplify Upgrade Guide structure
...
Closes #27632
Signed-off-by: AndyMunro <amunro@redhat.com>
Signed-off-by: Alexander Schwartz <aschwart@redhat.com>
Co-authored-by: Alexander Schwartz <aschwart@redhat.com>
2024-03-11 16:22:46 +01:00
Alexander Schwartz
050acf0d94
Map Storage Removal: Remove deprecated model/legacy module ( #27601 )
...
Closes #26657
Signed-off-by: Alexander Schwartz <aschwart@redhat.com>
2024-03-08 15:17:24 +00:00
Martin Bartoš
c5553b46b4
Update Welcome page image in docs
...
Closes #27719
Signed-off-by: Martin Bartoš <mabartos@redhat.com>
2024-03-08 15:00:36 +01:00
rmartinc
dea15e25da
Only add the nonce claim to the ID Token (mapper for backwards compatibility)
...
Closes #26893
Signed-off-by: rmartinc <rmartinc@redhat.com>
2024-03-07 09:56:57 +01:00
Alexander Schwartz
fa12b14a32
Update docs about when emails for changed credentials are sent
...
Closes #27620
Co-authored-by: andymunro <48995441+andymunro@users.noreply.github.com>
Signed-off-by: Alexander Schwartz <aschwart@redhat.com>
Signed-off-by: andymunro <48995441+andymunro@users.noreply.github.com>
2024-03-07 07:16:16 +01:00
Alexander Schwartz
2199d37879
Add multi-site active-passive support to the release notes ( #27575 )
...
Closes #27573
Signed-off-by: Alexander Schwartz <aschwart@redhat.com>
2024-03-06 12:59:22 +01:00
Alexander Schwartz
4b697009d3
Clean up feature IDs in the docs ( #27418 )
...
Closes #27416
Signed-off-by: Alexander Schwartz <aschwart@redhat.com>
2024-03-06 12:32:06 +01:00
Pedro Igor
d12711e858
Allow fetching roles when evaluating role licies
...
Closes #20736
Signed-off-by: Pedro Igor <pigor.craveiro@gmail.com>
2024-03-05 15:54:02 +01:00
Alexander Schwartz
aec6020750
URL change as liquibase.org now redirects
...
Closes #27540
Signed-off-by: Alexander Schwartz <aschwart@redhat.com>
2024-03-05 13:24:12 +01:00
Stian Thorgersen
d48ef8b507
Added release notes for 24.0.1 ( #27524 )
...
Signed-off-by: stianst <stianst@gmail.com>
2024-03-05 08:46:10 +01:00
Stian Thorgersen
d875a8f2b7
Delete broken images from release notes ( #27492 )
...
Signed-off-by: stianst <stianst@gmail.com>
2024-03-04 12:47:03 +01:00
Lucy Linder
84d48a9877
Update documentation for reCAPTCHA support
...
Signed-off-by: Lucy Linder <lucy.derlin@gmail.com>
2024-03-04 20:28:06 +09:00
Marek Posolda
f1e7c572da
Release notes 24: default password hashing updates ( #27475 )
...
Signed-off-by: mposolda <mposolda@gmail.com>
2024-03-04 09:55:03 +01:00
AndyMunro
14a12d106a
Edit Keycloak 23.x release notes
...
Closes #27440
Signed-off-by: AndyMunro <amunro@redhat.com>
2024-03-02 21:20:58 +01:00
AndyMunro
405feb0bc2
Edit Keycloak 24 changes chapter
...
Closes 27452
Signed-off-by: AndyMunro <amunro@redhat.com>
2024-03-02 21:11:35 +01:00
Steven Hawkins
c2596849f9
doc: adding a note about not conflicting with built-in stuff ( #27214 )
...
closes : #24459
Signed-off-by: Steve Hawkins <shawkins@redhat.com>
2024-03-01 14:34:16 +01:00
Václav Muzikář
3e3cb2222d
Deprecate GELF ( #27367 )
...
Closes #27364
Signed-off-by: Václav Muzikář <vmuzikar@redhat.com>
2024-02-29 12:07:28 +01:00
Takashi Norimatsu
3db04d8d8d
Replace Security Key with Passkey in WebAuthn UIs and their documents
...
closes #27147
Signed-off-by: Takashi Norimatsu <takashi.norimatsu.ws@hitachi.com>
2024-02-29 10:31:05 +01:00
Marek Posolda
8dd0eb451d
Additional release notes for Keycloak 24 ( #27339 )
...
closes #27142
Signed-off-by: mposolda <mposolda@gmail.com>
Co-authored-by: andymunro <48995441+andymunro@users.noreply.github.com>
2024-02-29 08:43:22 +01:00
Alexander Schwartz
3950b4ed46
Cleaning old product documentation from the upstream documentation
...
Closes #27324
Signed-off-by: Alexander Schwartz <aschwart@redhat.com>
2024-02-28 13:30:39 +01:00
AndyMunro
941e7cc3a5
notes about access and refresh tokens
...
Closes #26919
Signed-off-by: AndyMunro <amunro@redhat.com>
2024-02-28 12:12:48 +01:00
AndyMunro
ca0526f54d
Edit Keycloak 24 release notes
...
Closes #27326
Signed-off-by: AndyMunro <amunro@redhat.com>
2024-02-28 10:43:17 +01:00
Alexander Schwartz
6de61f61f0
Adding missing explicit IDs for cross-references
...
Closes #27316
Signed-off-by: Alexander Schwartz <aschwart@redhat.com>
2024-02-28 08:37:52 +01:00
Gilvan Filho
83af01c4c0
Add failedLoginNotBefore to AttackDetectionResource
...
Closes #17574
Signed-off-by: Gilvan Filho <gfilho@redhat.com>
2024-02-26 09:35:51 +01:00
Pedro Igor
b98e115183
Updating docs and account message
...
Signed-off-by: Pedro Igor <pigor.craveiro@gmail.com>
2024-02-22 22:58:22 +09:00
Pedro Igor
604274fb76
Allow setting an attribute as multivalued
...
Closes #23539
Signed-off-by: Pedro Igor <pigor.craveiro@gmail.com>
Co-authored-by: Jon Koops <jonkoops@gmail.com>
Co-authored-by: Erik Jan de Wit <erikjan.dewit@gmail.com>
2024-02-22 12:56:44 +01:00
Takashi Norimatsu
1e12b15890
Supporting OAuth 2.1 for public clients
...
closes #25316
Co-authored-by: shigeyuki kabano <shigeyuki.kabano.sj@hitachi.com>
Signed-off-by: Takashi Norimatsu <takashi.norimatsu.ws@hitachi.com>
2024-02-22 10:57:29 +01:00
Douglas Palmer
b0ef746f39
Permanently lock users out after X temporary lockouts during a brute force attack
...
Closes #26172
Signed-off-by: Douglas Palmer <dpalmer@redhat.com>
2024-02-22 09:34:51 +01:00
Takashi Norimatsu
9ea679ff35
Supporting OAuth 2.1 for confidential clients
...
closes #25314
Co-authored-by: shigeyuki kabano <shigeyuki.kabano.sj@hitachi.com>
Signed-off-by: Takashi Norimatsu <takashi.norimatsu.ws@hitachi.com>
2024-02-22 08:34:21 +01:00
Jon Koops
89af9e3ffd
Write announcement and documentation for Account Console v3 ( #26318 )
...
Closes #26122
Signed-off-by: Jon Koops <jonkoops@gmail.com>
2024-02-21 13:42:33 -05:00
Alexander Schwartz
3b6886d970
Add warning about too long attribute values as it can exhaust caches ( #27126 )
...
Closes #27125
Signed-off-by: Alexander Schwartz <aschwart@redhat.com>
2024-02-21 13:47:58 +01:00
Václav Muzikář
33425dacd9
Add proxy-headers
option to the Keycloak CR ( #27092 )
...
Closes #25179
Signed-off-by: Václav Muzikář <vmuzikar@redhat.com>
2024-02-21 12:19:37 +01:00
Václav Muzikář
de60c9b469
Tweak the default memory request and limit in the Operator ( #27170 )
...
Closes #27169
Signed-off-by: Václav Muzikář <vmuzikar@redhat.com>
2024-02-21 10:03:17 +01:00
Takashi Norimatsu
1bdbaa2ca5
Client policies: executor for validate and match a redirect URI
...
closes #25637
Signed-off-by: Takashi Norimatsu <takashi.norimatsu.ws@hitachi.com>
2024-02-20 08:37:33 +01:00
Joshua Sorah
018914d7fd
Change Open ID Connect to OpenID Connect in UI and docs
...
Closes #27093
Signed-off-by: Joshua Sorah <jsorah@redhat.com>
2024-02-19 17:01:57 +01:00
Takashi Norimatsu
849a920955
Rename Resident key to Discoverable Credential
...
closes #9508
Signed-off-by: Takashi Norimatsu <takashi.norimatsu.ws@hitachi.com>
2024-02-19 14:12:15 +01:00
Marek Posolda
d8ab12eab7
Release notes for Keycloak 24 with OIDC contributions ( #27047 )
...
closes #25729
Signed-off-by: mposolda <mposolda@gmail.com>
Co-authored-by: andymunro <48995441+andymunro@users.noreply.github.com>
2024-02-16 08:34:20 +01:00
Vlasta Ramik
76453550a5
User attribute value length extension
...
Closes #9758
Signed-off-by: vramik <vramik@redhat.com>
Signed-off-by: Alexander Schwartz <aschwart@redhat.com>
Signed-off-by: Michal Hajas <mhajas@redhat.com>
Co-authored-by: Alexander Schwartz <aschwart@redhat.com>
Co-authored-by: Michal Hajas <mhajas@redhat.com>
2024-02-16 08:09:34 +01:00
Martin Bartoš
59007844d9
Supported option to specify resource management for pods in Keycloak CR ( #26661 )
...
Closes #26456
Signed-off-by: Martin Bartoš <mabartos@redhat.com>
2024-02-15 13:38:41 +01:00
rmartinc
4ff4c3f897
Increase internal algorithm security using HS512 and 128 byte hmac keys
...
Closes #13080
Signed-off-by: rmartinc <rmartinc@redhat.com>
2024-02-15 08:16:45 +01:00
Marek Posolda
16fca0118e
User profile - release notes and more migration instructions ( #27003 )
...
closes #26917
closes #26932
Signed-off-by: mposolda <mposolda@gmail.com>
Co-authored-by: Pedro Igor <pigor.craveiro@gmail.com>
Co-authored-by: andymunro <48995441+andymunro@users.noreply.github.com>
2024-02-15 08:14:16 +01:00
Marek Posolda
e2fb8406a3
Fixing the docs about default hashing iterations ( #27020 )
...
closes #26816
Signed-off-by: mposolda <mposolda@gmail.com>
Co-authored-by: andymunro <48995441+andymunro@users.noreply.github.com>
2024-02-15 08:11:44 +01:00
Joshua Sorah
b81233a4af
[docs] Align OAuth 2.0 Security Best Current Practice links ( #24706 )
...
Closes keycloak/keycloak#24705
Signed-off-by: Joshua Sorah <jsorah@gmail.com>
2024-02-13 13:53:56 +01:00
Pedro Igor
750bc2c09c
Reviewing references to user attribute management and UIs
...
Closes #26155
Signed-off-by: Pedro Igor <pigor.craveiro@gmail.com>
2024-02-12 16:01:34 +01:00
mposolda
7af753e166
Documentation for AIA
...
closes #25569
Signed-off-by: mposolda <mposolda@gmail.com>
Co-authored-by: andymunro <48995441+andymunro@users.noreply.github.com>
2024-02-12 09:42:34 +01:00
Thomas Darimont
93fc6a6c54
Shorter lifespan for offline session cache entries in memory
...
Closes #26810
Co-authored-by: Thomas Darimont <thomas.darimont@googlemail.com>
Co-authored-by: Martin Kanis <mkanis@redhat.com>
Signed-off-by: Thomas Darimont <thomas.darimont@googlemail.com>
Signed-off-by: Martin Kanis <mkanis@redhat.com>
2024-02-09 19:44:04 +01:00
stianst
d2f74dd83d
Fix anchors in securing apps guide in prod profile
...
Closes #26853
Signed-off-by: Alexander Schwartz <aschwart@redhat.com>
2024-02-09 12:31:30 +01:00
Pedro Igor
b91ad23b20
Update theme documentation about the considerations when deploying custom themes ( #26885 )
...
Related #23907
Signed-off-by: Pedro Igor <pigor.craveiro@gmail.com>
2024-02-09 04:21:54 +01:00
Steven Hawkins
77581d2527
fix: change from operator. to kc.operator. keys ( #26414 )
...
closes #12352
Signed-off-by: Steve Hawkins <shawkins@redhat.com>
2024-02-08 15:03:20 +01:00
Michal Hajas
de598577b1
Fix confusing SAML NameId mapper format tooltip
...
Closes #26051
Signed-off-by: Michal Hajas <mhajas@redhat.com>
Co-authored-by: Hynek Mlnařík <hmlnarik@users.noreply.github.com>
2024-02-08 11:21:11 +01:00
Stian Thorgersen
cd1e483134
Remove section on adding custom attributes with account v1 and custom themes ( #26858 )
...
Closes #26856
Signed-off-by: stianst <stianst@gmail.com>
2024-02-08 07:28:32 +01:00
Michael Schnitzler
fdfe41bdda
fix documentation for resetting OTP in "reset credentials" flow ( #26834 )
...
The former version stated that the "Reset OTP" step had to be disabled in the "reset credentials" authentication flow in order to keep the OTP unchanged. This leads to an error. More precisely, the "Reset - Conditional OTP" sub-flow has to be disabled.
Fixex #26834
Signed-off-by: Michael Schnitzler <schnitzler.michael+github@gmail.com>
2024-02-07 11:57:58 -03:00
Tero Saarni
ac1780a54f
Added event for temporary lockout for brute force protector ( #26630 )
...
This change adds event for brute force protector when user account is
temporarily disabled.
It also lowers the priority of free-text log for failed login attempts.
Signed-off-by: Tero Saarni <tero.saarni@est.tech>
Signed-off-by: Alexander Schwartz <aschwart@redhat.com>
Co-authored-by: Alexander Schwartz <aschwart@redhat.com>
2024-02-07 14:13:33 +00:00
zak905
bcd423b270
rephrase sentence in changes-22_0_0.adoc for more clarity
...
Signed-off-by: zak905 <zakaria.amine88@gmail.com>
2024-02-07 09:32:43 -03:00
zak905
c7db7bd528
Update custom rest endpoint documentation and example
...
Add a mention about beans.xml and @Provider in the extending server documentation
Add beans.xml in the rest provider example
Add a mention about @Provider in the upgrading guides
Closes #25882
Signed-off-by: zak905 <zakaria.amine88@gmail.com>
Address suggested change for docs/documentation/server_development/topics/extensions.adoc
Co-authored-by: Pedro Igor <pigor.craveiro@gmail.com>
Address suggested change for docs/documentation/server_development/topics/extensions.adoc
Co-authored-by: Pedro Igor <pigor.craveiro@gmail.com>
Signed-off-by: zak905 <zakaria.amine88@gmail.com>
Address suggested change for docs/documentation/upgrading/topics/keycloak/changes-22_0_0.adoc
Co-authored-by: Pedro Igor <pigor.craveiro@gmail.com>
Signed-off-by: zak905 <zakaria.amine88@gmail.com>
2024-02-07 09:32:43 -03:00
mposolda
ab7426b857
User profile migration documentation for default validations and strange attributes
...
closes #26634
closes #25979
Signed-off-by: mposolda <mposolda@gmail.com>
Co-authored-by: andymunro <48995441+andymunro@users.noreply.github.com>
2024-02-06 16:48:03 -03:00
Stian Thorgersen
c4b1fd092a
Use code from RestEasy to create and set cookies ( #26558 )
...
Closes #26557
Signed-off-by: stianst <stianst@gmail.com>
2024-02-06 15:14:04 +01:00
Hynek Mlnarik
c866e8e6f9
Introduce index.ftl into base account theme
...
Fixes : #26487
Signed-off-by: Hynek Mlnarik <hmlnarik@redhat.com>
2024-02-06 14:29:07 +01:00
Alexander Schwartz
43c200a8ce
Update migration guide
...
Closes #26490
Signed-off-by: Alexander Schwartz <aschwart@redhat.com>
2024-02-05 14:41:44 +01:00
Pedro Igor
4338f44955
Reviewing the user profile documentation
...
Closes #26154
Signed-off-by: Pedro Igor <pigor.craveiro@gmail.com>
2024-02-02 17:14:51 +01:00
christian-2
e14b523a8d
Fixes typo in Server Administration guide ( #26543 )
...
Signed-off-by: Christian Hörtnagl <christian2@univie.ac.at>
2024-02-01 19:36:32 +01:00
mposolda
56a605fae7
Documentation for SuppressRefreshTokenRotationExecutor
...
closes #26587
Signed-off-by: mposolda <mposolda@gmail.com>
Co-authored-by: andymunro <48995441+andymunro@users.noreply.github.com>
2024-02-01 17:18:50 +01:00
Martin Bartoš
14d97ca9ea
Update Maven dependency versions for docs
...
Update Maven Wrapper version
Closes #26689
Fixes #26686
Signed-off-by: Martin Bartoš <mabartos@redhat.com>
2024-02-01 13:42:25 +01:00
Pedro Igor
3a7ce54266
Allow formating numbers when rendering attributes
...
Closes keycloak#26320
Signed-off-by: Pedro Igor <pigor.craveiro@gmail.com>
2024-02-01 08:14:58 -03:00
Martin Kanis
a3fcacdab7
Map Store Removal: deprecate model legacy module
...
Closes #26598
Signed-off-by: Martin Kanis <mkanis@redhat.com>
2024-01-31 17:40:45 +01:00
Steven Hawkins
f55e903092
Convert watching to polling and adding infinispan config file support ( #26510 )
...
Signed-off-by: Steve Hawkins <shawkins@redhat.com>
2024-01-31 12:57:34 +00:00
Stian Thorgersen
bc3c27909e
Cookie Provider ( #26499 )
...
Closes #26500
Signed-off-by: stianst <stianst@gmail.com>
2024-01-26 10:45:00 +01:00
Martin Kanis
7797f778d1
Map Store Removal: Rename legacy modules
...
Closes #24107
Signed-off-by: Martin Kanis <mkanis@redhat.com>
2024-01-25 16:29:16 +01:00
Thomas Darimont
e7363905fa
Change password hashing defaults according to OWASP recommendations ( #16629 )
...
Changes according to the latest [OWASP cheat sheet for secure Password Storage](https://cheatsheetseries.owasp.org/cheatsheets/Password_Storage_Cheat_Sheet.html#pbkdf2 ):
- Changed default password hashing algorithm from pbkdf2-sha256 to pbkdf2-sha512
- Increased number of hash iterations for pbkdf2-sha1 from 20.000 to 1.300.000
- Increased number of hash iterations for pbkdf2-sha256 from 27.500 to 600.000
- Increased number of hash iterations for pbkdf2-sha512 from 30.000 to 210.000
- Adapt PasswordHashingTest to new defaults
- The test testBenchmarkPasswordHashingConfigurations can be used to compare the different hashing configurations.
- Document changes in changes document with note on performance and how
to keep the old behaviour.
- Log a warning at the first time when Pbkdf2PasswordHashProviderFactory is used directly
Fixes #16629
Signed-off-by: Thomas Darimont <thomas.darimont@googlemail.com>
2024-01-24 18:35:51 +01:00
Stian Thorgersen
fea49765f0
Remove Jetty 9.4 adapters ( #26261 )
...
Only removing the distribution of the Jetty adapter for now, and leaving the rest for now. This is due to the complexity of removing all Jetty adapter code due to Spring, OSGI, Fuse, testsuite, etc. and it will be better to leave the rest of the clean-up to after 24 when we are removing most adapters
Closes #26255
Signed-off-by: stianst <stianst@gmail.com>
2024-01-24 11:17:29 +01:00
Martin Kanis
84603a9363
Map Store Removal: Rename Legacy* classes ( #26273 )
...
Closes #24105
Signed-off-by: Martin Kanis <mkanis@redhat.com>
2024-01-23 13:50:31 +00:00
Jon Koops
5bf2d4b6ec
Enable PKCE by default for Keycloak JS ( #26412 )
...
Closes #26411
Signed-off-by: Jon Koops <jonkoops@gmail.com>
2024-01-23 14:04:13 +01:00
rmartinc
2f0a0b6ad8
Remove deprecated mode for saml encryption
...
Closes #26291
Signed-off-by: rmartinc <rmartinc@redhat.com>
2024-01-18 16:52:10 +01:00
Lex Cao
a960d0d8fa
Add upgrading docs for changes to send-verify-email API
...
Closes #26146 .
Signed-off-by: Lex Cao <lexcao@foxmail.com>
2024-01-18 09:48:01 +01:00
Alexander Schwartz
b9498b91cb
Deprecating the offline session preloading ( #26160 )
...
Closes #25300
Signed-off-by: Alexander Schwartz <aschwart@redhat.com>
2024-01-16 09:29:01 +01:00
Luca Orlandi
d70dd9db67
Update placeholders for hostname and port ( #24153 )
...
Signed-off-by: Alexander Schwartz <aschwart@redhat.com>
Co-authored-by: Alexander Schwartz <aschwart@redhat.com>
2024-01-11 12:05:05 +01:00
Kévin Martins
16dddfa49c
Complete the documentation for the use case of a resource from an email template. ( #25705 )
...
Signed-off-by: Kevin MARTINS <k.martins@ubitransport.com>
2024-01-10 18:08:04 -03:00
AndyMunro
b875acbc20
Change RHDG to Infinispan
...
Closes #26083
Signed-off-by: AndyMunro <amunro@redhat.com>
2024-01-10 17:18:50 +01:00
rmartinc
179ca3fa3a
Sanitize logs in JBossLoggingEventListenerProvider
...
Closes #25078
Signed-off-by: rmartinc <rmartinc@redhat.com>
2024-01-10 16:50:27 +01:00
Alexander Schwartz
4be4212dca
Remove conditionals about Linux vs. Windows ( #26031 )
...
Closes #26028
Signed-off-by: Alexander Schwartz <aschwart@redhat.com>
2024-01-10 16:03:38 +01:00
Alexander Schwartz
01939bcf34
Remove concurrent loading of remote sessions as at startup time only one node is up anyway. ( #25709 )
...
Closes #22082
Signed-off-by: Alexander Schwartz <aschwart@redhat.com>
Co-authored-by: Martin Kanis <martin-kanis@users.noreply.github.com>
2024-01-09 16:55:22 +01:00
shigeyuki kabano
8b65e6727b
Creating documentation for Lightweight access token( #25743 )
...
Closes keycloak#23725
Signed-off-by: shigeyuki kabano <shigeyuki.kabano.sj@hitachi.com>
2024-01-09 09:48:20 +01:00
Pedro Igor
7fad0e805e
Improve brute force documentation around how the effective wait time is calculated
...
Closes #25915
Signed-off-by: Pedro Igor <pigor.craveiro@gmail.com>
Co-authored-by: Alexander Schwartz <alexander.schwartz@gmx.net>
Co-authored-by: andymunro <48995441+andymunro@users.noreply.github.com>
2024-01-09 07:50:17 +00:00
Sebastian Schuster
92d6da437b
Fixed tiny doc typo ( #26012 )
...
Signed-off-by: Sebastian Schuster <sebastian.schuster@bosch.io>
2024-01-09 08:02:02 +01:00
Douglas Palmer
58d167fe59
Deleting a User or User Group might cause that all users suddenly get the permissions of the deleted user.
...
Closes #24651
Signed-off-by: Douglas Palmer <dpalmer@redhat.com>
2024-01-08 19:32:01 -03:00
Alexander Schwartz
badf3f461d
Making metrics with labels for embedded Infinispan the default
...
Closes #25935
Signed-off-by: Alexander Schwartz <aschwart@redhat.com>
2024-01-08 21:29:03 +01:00
Jon Koops
ddcaa6dcbf
Add release announcement and migration for new welcome theme ( #25895 )
...
Closes #25894
Signed-off-by: Jon Koops <jonkoops@gmail.com>
2024-01-08 13:10:51 +00:00
Steven Hawkins
7bde7c30cc
fix: do not split on space for option errors ( #25876 )
...
closes #25783
Signed-off-by: Steve Hawkins <shawkins@redhat.com>
2024-01-05 13:01:17 +01:00
Pedro Igor
8ff9e71eae
Do not allow verifying email from a different account
...
Closes #14776
Signed-off-by: Pedro Igor <pigor.craveiro@gmail.com>
2024-01-05 12:45:07 +01:00
Ben Cresitello-Dittmar
057d8a00ac
Implement Authentication Method Reference (AMR) claim from OIDC specification
...
This implements a method for configuring authenticator reference values for Keycloak authenticator executions and a protocol mapper for populating the AMR claim in the resulting OIDC tokens.
This implementation adds a default configuration item to each authenticator execution, allowing administrators to configure an authenticator reference value. Upon successful completion of an authenticator during an authentication flow, Keycloak tracks the execution ID in a user session note.
The protocol mapper pulls the list of completed authenticators from the user session notes and loads the associated configurations for each authenticator execution. It then captures the list of authenticator references from these configs and sets it in the AMR claim of the resulting tokens.
Closes #19190
Signed-off-by: Ben Cresitello-Dittmar <bcresitellodittmar@mitre.org>
2024-01-03 14:59:05 -03:00
Steven Hawkins
667ce4be9e
enhance: supporting versioned features ( #24811 )
...
also adding a common PropertyMapper validation method
closes #24668
Co-authored-by: Václav Muzikář <vaclav@muzikari.cz>
Co-authored-by: Martin Bartoš <mabartos@redhat.com>
2024-01-03 17:56:31 +01:00
Pedro Igor
ceb085e7b8
Update the UPDATE_EMAIL feature to rely on the user profile configuration when rendering templates and validating the email
...
Closes #25704
Signed-off-by: Pedro Igor <pigor.craveiro@gmail.com>
2023-12-20 15:15:06 -03:00
Takashi Norimatsu
751cadc514
Documentation about Australia Consumer Data Right security profile
...
closes #25236
Signed-off-by: Takashi Norimatsu <takashi.norimatsu.ws@hitachi.com>
2023-12-19 21:06:03 +01:00
Konstantinos Georgilakis
ba8c22eaf0
Scope parameter in Oauth 2.0 token exchange
...
Closes #21578
Signed-off-by: cgeorgilakis-grnet <cgeorgilakis@admin.grnet.gr>
2023-12-18 15:44:26 -03:00
Pedro Igor
778847a3ce
Updating theme templates to render user attributes based on the user profile configuration
...
Closes #25149
Signed-off-by: Pedro Igor <pigor.craveiro@gmail.com>
2023-12-18 15:35:52 -03:00
Steven Hawkins
bee7595275
fix: adding the kube ca cert to the truststores
...
closes #10794
Signed-off-by: Steve Hawkins <shawkins@redhat.com>
Co-authored-by: Alexander Schwartz <alexander.schwartz@gmx.net>
2023-12-18 15:56:43 +01:00
Steven Hawkins
e148021a67
fix: adding filtering to ignore anything runtime during a build ( #25434 )
...
fix: adding filtering to ignore anything runtime during a build
closes : #25166
Signed-off-by: Steve Hawkins <shawkins@redhat.com>
Co-authored-by: Martin Bartoš <mabartos@redhat.com>
2023-12-18 12:50:47 +00:00
Marek Posolda
be935c2763
Incorrect version of the fix in release notes ( #25661 )
...
closes #25660
Signed-off-by: mposolda <mposolda@gmail.com>
2023-12-18 11:56:58 +01:00
Takashi Norimatsu
59536becec
Client policies : executor for enforcing DPoP
...
closes #25315
Signed-off-by: Takashi Norimatsu <takashi.norimatsu.ws@hitachi.com>
2023-12-18 10:45:18 +01:00
AndyMunro
2853136bbb
Remove topic on user attributes in Account Console
...
Closes #22555
Signed-off-by: AndyMunro <amunro@redhat.com>
2023-12-15 12:07:35 +01:00