Steven Hawkins
c7e9ee2bff
fix: adds handling for all kcadm prompts as env variables ( #29430 )
...
closes : #21961
Signed-off-by: Steve Hawkins <shawkins@redhat.com>
2024-06-06 13:08:23 +00:00
Marek Posolda
79c8c80058
Example for X.509 direct grant flow authentication ( #30203 )
...
closes #29639
Signed-off-by: mposolda <mposolda@gmail.com>
Co-authored-by: andymunro <48995441+andymunro@users.noreply.github.com>
2024-06-06 11:58:09 +02:00
Erik Jan de Wit
5897334ddb
Align environment variables between consoles ( #30125 )
...
* change to make authServerUrl the same as authUrl
fixes : #29641
Signed-off-by: Erik Jan de Wit <erikjan.dewit@gmail.com>
* Remove `authUrl` entirely
Signed-off-by: Jon Koops <jonkoops@gmail.com>
* Remove file that is unrelated
Signed-off-by: Jon Koops <jonkoops@gmail.com>
* Split out and align environment variables between consoles
Signed-off-by: Jon Koops <jonkoops@gmail.com>
* Restore removed variables to preserve backwards compatibility
Signed-off-by: Jon Koops <jonkoops@gmail.com>
* Also deprecate the `authUrl` for the Admin Console
Signed-off-by: Jon Koops <jonkoops@gmail.com>
---------
Signed-off-by: Erik Jan de Wit <erikjan.dewit@gmail.com>
Signed-off-by: Jon Koops <jonkoops@gmail.com>
Co-authored-by: Jon Koops <jonkoops@gmail.com>
2024-06-06 08:36:46 +02:00
Giuseppe Graziano
d5e82356f9
Encrypted KC_RESTART cookie and removed sensitive notes
...
Closes #keycloak/keycloak-private#162
Signed-off-by: Giuseppe Graziano <g.graziano94@gmail.com>
2024-06-05 10:33:44 +02:00
Marek Posolda
193439788e
Release notes for support application/jwt response in token introspec… ( #30105 )
...
closes #30104
Signed-off-by: mposolda <mposolda@gmail.com>
Co-authored-by: andymunro <48995441+andymunro@users.noreply.github.com>
2024-06-04 06:49:13 +02:00
Martin Bartoš
262fc09edc
OpenJDK 21 support ( #28518 )
...
* OpenJDK 21 support
Closes #28517
Co-authored-by: Václav Muzikář <vaclav@muzikari.cz>
Signed-off-by: Martin Bartoš <mabartos@redhat.com>
* x509 SAN UPN other name is not handled in JDK 21 (#904 )
closes #29968
Signed-off-by: mposolda <mposolda@gmail.com>
---------
Signed-off-by: Martin Bartoš <mabartos@redhat.com>
Signed-off-by: mposolda <mposolda@gmail.com>
Co-authored-by: Václav Muzikář <vaclav@muzikari.cz>
Co-authored-by: Marek Posolda <mposolda@gmail.com>
2024-06-03 14:17:28 +02:00
Peter Zaoral
cd2451d58b
Remove Oracle JDBC driver out of the box ( #29895 )
...
Closes : #29491
Co-authored-by: Václav Muzikář <vaclav@muzikari.cz>
Co-authored-by: Martin Bartoš <mabartos@redhat.com>
Signed-off-by: Peter Zaoral <pzaoral@redhat.com>
2024-05-31 17:21:19 +00:00
Alexander Schwartz
af23150343
Fixing typo in the upgrading guide for persistent sessions
...
Closes #30028
Signed-off-by: Alexander Schwartz <aschwart@redhat.com>
2024-05-31 13:18:34 +02:00
Miquel Simon
2c521bd64d
Upgrade supported PostgreSQL to version 16
...
Closes #29875
Signed-off-by: Miquel Simon <msimonma@redhat.com>
2024-05-29 16:31:40 +02:00
Marek Posolda
336b2c875f
Update release notes for Keycloak 25 ( #29894 )
...
closes #29576
Signed-off-by: mposolda <mposolda@gmail.com>
Co-authored-by: andymunro <48995441+andymunro@users.noreply.github.com>
2024-05-29 14:19:17 +02:00
mposolda
37c10b4d43
Improve documentation for the case when 'basic' client scope already exists
...
closes #29880
Signed-off-by: mposolda <mposolda@gmail.com>
2024-05-29 13:32:05 +02:00
Ryan Emerson
5788263413
Document Failover Lambda for Active/Passive deployments
...
Closes #29787
Signed-off-by: Ryan Emerson <remerson@redhat.com>
Signed-off-by: Alexander Schwartz <aschwart@redhat.com>
Co-authored-by: Alexander Schwartz <aschwart@redhat.com>
Co-authored-by: Alexander Schwartz <alexander.schwartz@gmx.net>
Co-authored-by: andymunro <48995441+andymunro@users.noreply.github.com>
2024-05-29 12:33:13 +02:00
Michal Hajas
61d0d56720
Document it is not possible to use rolling configuration upgrade for enabling persistent sessions
...
Closes #29561
Signed-off-by: Michal Hajas <mhajas@redhat.com>
Signed-off-by: Alexander Schwartz <aschwart@redhat.com>
Co-authored-by: Alexander Schwartz <aschwart@redhat.com>
2024-05-29 10:19:20 +02:00
Pedro Igor
bbb83236f5
Do not lower-case the username from the IdP when creating the federated identity
...
Closes #28495
Signed-off-by: Pedro Igor <pigor.craveiro@gmail.com>
2024-05-29 01:58:20 -03:00
Jon Koops
a3b2dd0735
Remove deprecated ServerCookie
class ( #29916 )
...
Signed-off-by: Jon Koops <jonkoops@gmail.com>
2024-05-28 14:14:05 +00:00
Ryan Emerson
0f17f0abc5
Require external Infinispan be of version 15 or greater
...
Signed-off-by: Ryan Emerson <remerson@redhat.com>
Signed-off-by: Alexander Schwartz <aschwart@redhat.com>
Co-authored-by: Alexander Schwartz <aschwart@redhat.com>
2024-05-22 11:26:26 +00:00
Alexander Schwartz
80de3a0a71
Allow migration of non-persistent sessions to persistent sessions
...
Closes #29375
Signed-off-by: Alexander Schwartz <aschwart@redhat.com>
2024-05-22 10:30:46 +02:00
rmartinc
f7044ba5c2
Use SessionExpirationUtils for validate user and client sessions
...
Check client session is valid in TokenManager
Closes #24936
Signed-off-by: rmartinc <rmartinc@redhat.com>
2024-05-22 10:12:20 +02:00
Marek Posolda
6dc28bc7b5
Clarify the documentation about step-up authentication ( #29735 )
...
closes #28341
Signed-off-by: mposolda <mposolda@gmail.com>
Co-authored-by: andymunro <48995441+andymunro@users.noreply.github.com>
2024-05-21 19:46:27 +02:00
mposolda
bbd4b60163
Update documentation after adapters removal
...
closes #28792
Signed-off-by: mposolda <mposolda@gmail.com>
2024-05-21 09:34:48 +02:00
vramik
35df0140ee
Add a note to the migration guide about index name length for Oracle database
...
Closes #29594
Signed-off-by: vramik <vramik@redhat.com>
2024-05-16 10:06:39 -03:00
Takashi Norimatsu
b4e7d9b1aa
Passkeys: Supporting WebAuthn Conditional UI ( #24305 )
...
closes #24264
Signed-off-by: Takashi Norimatsu <takashi.norimatsu.ws@hitachi.com>
Signed-off-by: mposolda <mposolda@gmail.com>
Co-authored-by: mposolda <mposolda@gmail.com>
2024-05-16 07:58:43 +02:00
Alexander Schwartz
8deca303e2
Update instruction on how to enable persistent sessions ( #29490 )
...
Closes #29489
Signed-off-by: Alexander Schwartz <aschwart@redhat.com>
2024-05-15 13:26:51 +02:00
Kamesh Akella
1d613d9037
Argon2 release notes and sizing guide update
...
Closes #29033
Signed-off-by: Kamesh Akella <kamesh.asp@gmail.com>
Signed-off-by: Alexander Schwartz <aschwart@redhat.com>
Co-authored-by: Alexander Schwartz <alexander.schwartz@gmx.net>
Co-authored-by: Václav Muzikář <vaclav@muzikari.cz>
Co-authored-by: Alexander Schwartz <aschwart@redhat.com>
2024-05-14 17:40:51 +02:00
mposolda
d8a7773947
Adding dummyHash to DirectGrant request in case user does not exists. Fix dummyHash for normal login requests
...
closes #12298
Signed-off-by: mposolda <mposolda@gmail.com>
2024-05-13 16:33:29 +02:00
christian2
e200ccfa53
Fix URL endpoint for Docker registry v2 authentication
...
Closes #29132
Signed-off-by: Christian Hörtnagl <christian2@univie.ac.at>
2024-05-13 13:51:06 +02:00
Alexander Schwartz
6fbe207d64
Create documentation for persistent user sessions
...
Closes #29218
Signed-off-by: Alexander Schwartz <aschwart@redhat.com>
Signed-off-by: Michal Hajas <mhajas@redhat.com>
Co-authored-by: Michal Hajas <mhajas@redhat.com>
2024-05-13 11:02:45 +02:00
mruzicka
6864ee0ead
doc: Quarkus launch rebuild optimization ( #28320 )
...
Suggest a command which performs the update of the class loading indices
only once.
Closes #28336
Signed-off-by: Michal Růžička <michal.ruza@gmail.com>
2024-05-10 12:28:38 +02:00
AndyMunro
4a5055c3cc
Update create realm topics to replace Master
...
Closes #29280
Signed-off-by: AndyMunro <amunro@redhat.com>
2024-05-08 17:37:20 +02:00
Nathan Raj
8ff1ae0c08
Update stack-overflow.adoc ( #29363 )
...
Corrected capitalisation for heading
2024-05-08 16:06:33 +02:00
Thore
4b194d00be
iso-date validator for the user-profile
...
Adds a new validator in order to be able to validate user-model fields which should be modified/supplied by a datepicker.
Closes #11757
Signed-off-by: Thore <thore@kruess.xyz>
2024-05-07 11:42:39 -03:00
Pedro Igor
d2c5fc86a9
Additional note on release and upgrade guides about partial update on user attributes
...
Closes #28220
Signed-off-by: Pedro Igor <pigor.craveiro@gmail.com>
2024-05-07 09:59:38 -03:00
Dimitri Papadopoulos Orfanos
9db1443367
Fix typos found by codespell in docs ( #28890 )
...
Run `chmod -x` on files that need not be executable.
Signed-off-by: Dimitri Papadopoulos <3234522+DimitriPapadopoulos@users.noreply.github.com>
Signed-off-by: Alexander Schwartz <aschwart@redhat.com>
Co-authored-by: Alexander Schwartz <aschwart@redhat.com>
2024-05-03 12:41:16 +00:00
Douglas Palmer
26eaa4f83f
Broken link in documentation
...
Closes #29233
Signed-off-by: Douglas Palmer <dpalmer@redhat.com>
2024-05-02 15:29:56 -03:00
Steven Hawkins
4697cc956b
further refinement of context handling ( #28182 )
...
* fully removing providers and moving the keycloaksession creation / final
cleanup
also deprecated Resteasy utility methods
closes : #29223
Signed-off-by: Steve Hawkins <shawkins@redhat.com>
Co-authored-by: Pedro Igor <pigor.craveiro@gmail.com>
2024-05-02 11:21:01 -04:00
Steven Hawkins
3b1ca46be2
fix: updating docs around -q parameter ( #29151 )
...
closes : #27877
Signed-off-by: Steve Hawkins <shawkins@redhat.com>
2024-05-02 16:48:43 +02:00
Douglas Palmer
8d4d5c1c54
Remove redundant servers from the testsuite
...
Closes #29089
Signed-off-by: Douglas Palmer <dpalmer@redhat.com>
2024-04-30 17:39:32 +02:00
Jon Koops
a6e2ab5523
Remove jaxrs-oauth-client
and OIDC servlet-filter
adapters
...
Closes #28784
Signed-off-by: Jon Koops <jonkoops@gmail.com>
2024-04-26 15:56:57 +02:00
Douglas Palmer
cca660067a
Remove JAAS login modules
...
Closes #28789
Signed-off-by: Douglas Palmer <dpalmer@redhat.com>
2024-04-26 09:30:35 +02:00
Douglas Palmer
eae20c76bd
Remove KeycloakInstalled
...
Signed-off-by: Douglas Palmer <dpalmer@redhat.com>
Closes #28790
2024-04-26 09:30:35 +02:00
Douglas Palmer
b2f09feebf
Remove servlet filter saml adapters
...
Closes #28786
Signed-off-by: Douglas Palmer <dpalmer@redhat.com>
2024-04-26 09:30:35 +02:00
Douglas Palmer
3e13b40648
Remove Spring adapters
...
Closes #28780
Signed-off-by: Douglas Palmer <dpalmer@redhat.com>
2024-04-26 09:30:35 +02:00
Douglas Palmer
bf2c97065f
Remove SpringBoot adapters
...
Closes #28781
Signed-off-by: Douglas Palmer <dpalmer@redhat.com>
2024-04-26 09:30:35 +02:00
Douglas Palmer
43aa10e091
Remove Tomcat OIDC adapter
...
Closes #28778
Signed-off-by: Douglas Palmer <dpalmer@redhat.com>
2024-04-26 09:30:35 +02:00
Douglas Palmer
98faf6e6a0
Remove Tomcat SAML adapter
...
Signed-off-by: Douglas Palmer <dpalmer@redhat.com>
Closes #28783
2024-04-26 09:30:35 +02:00
Mark Banierink
ad32896725
replaced and removed deprecated token methods ( #27715 )
...
closes #19671
Signed-off-by: Mark Banierink <mark.banierink@nedap.com>
Co-authored-by: Pedro Igor <pigor.craveiro@gmail.com>
2024-04-23 09:23:37 +02:00
Stefan Guilhen
8ca4bc77a1
Improve the performance of the queries used to find granted resources
...
- simplifies the queries to avoid unnecessary join
- creates two new indexes to speed up search time
Closes #28861
Signed-off-by: Stefan Guilhen <sguilhen@redhat.com>
2024-04-22 11:26:06 -03:00
Lex Cao
7e034dbbe0
Add IdpConfirmOverrideLinkAuthenticator to handle duplicate federated identity ( #26393 )
...
Closes #26201 .
Signed-off-by: Lex Cao <lexcao@foxmail.com>
Co-authored-by: andymunro <48995441+andymunro@users.noreply.github.com>
2024-04-22 11:30:14 +02:00
Pedro Ruivo
3e0a185070
Remove deprecated EnvironmentDependentProviderFactory.isSupported method
...
Closes #26280
Signed-off-by: Pedro Ruivo <pruivo@redhat.com>
2024-04-19 16:36:49 +02:00
Ricardo Martin
fc6b6f0d94
Perform exact string match if redirect URI contains userinfo, encoded slashes or parent access ( #131 ) ( #28872 )
...
Closes keycloak/keycloak-private#113
Closes keycloak/keycloak-private#134
Signed-off-by: rmartinc <rmartinc@redhat.com>
Co-authored-by: Stian Thorgersen <stianst@gmail.com>
2024-04-18 16:02:24 +02:00
Martin Bartoš
7f74286106
Emphasize the need for setting container limit
...
Closes #28729
Signed-off-by: Martin Bartoš <mabartos@redhat.com>
2024-04-18 15:44:27 +02:00
rmartinc
ddacfbdefd
Remove deprecated LinkedIn social provider
...
Closes #23127
Signed-off-by: rmartinc <rmartinc@redhat.com>
2024-04-18 10:10:58 +02:00
Martin Bartoš
1fb83bb165
Release notes and Migration guide for Hostname v2 ( #28621 )
...
Closes #27730
Signed-off-by: Martin Bartoš <mabartos@redhat.com>
Co-authored-by: Václav Muzikář <vmuzikar@redhat.com>
Co-authored-by: Peter Zaoral <pzaoral@redhat.com>
2024-04-17 09:29:59 +02:00
Alexander Schwartz
5b4a69a6e9
Limit the concurrency of password hashing to the number of CPU cores available
...
Closes #28477
Signed-off-by: Alexander Schwartz <aschwart@redhat.com>
2024-04-15 15:05:09 +02:00
Steven Hawkins
58398d1f69
fix: replaces aesh with picocli ( #28276 )
...
* fix: replaces aesh with picocli
closes : #28275
Signed-off-by: Steve Hawkins <shawkins@redhat.com>
* fix: replaces aesh with picocli
closes : #28275
Signed-off-by: Steve Hawkins <shawkins@redhat.com>
---------
Signed-off-by: Steve Hawkins <shawkins@redhat.com>
2024-04-15 13:04:58 +00:00
Christopher Miles
1646315939
Deny list lower cases all passwords when loading from file
...
Closes #28381
We always lower case the inbound password before comparing against the deny list
yet the deny list may contain passwords that contain upper case letters. With
this change we will now convert passwords from the deny list into lower case
while loading, ensuring that more passwords match the deny list.
Signed-off-by: Christopher Miles <twitch@nervestaple.com>
2024-04-15 08:49:37 +02:00
Marek Posolda
e6747bfd23
Adjust priority of SubMapper ( #28663 )
...
closes #28661
Co-authored-by: andymunro <48995441+andymunro@users.noreply.github.com>
2024-04-12 14:13:03 +02:00
Martin Bartoš
a3669a6562
Make general cache options runtime ( #28542 )
...
Closes #27549
Signed-off-by: Martin Bartoš <mabartos@redhat.com>
2024-04-12 11:56:11 +02:00
rmartinc
6d74e6b289
Escape slashes in full group path representation but disabled by default
...
Closes #23900
Signed-off-by: rmartinc <rmartinc@redhat.com>
2024-04-12 10:53:39 +02:00
Marek Posolda
74faddec8e
Release notes for lightweight access tokens and group together relate… ( #28622 )
...
closes #28460
Signed-off-by: mposolda <mposolda@gmail.com>
Co-authored-by: andymunro <48995441+andymunro@users.noreply.github.com>
2024-04-11 20:02:33 +02:00
Jon Koops
9b94b6f47e
Add release notes for changes to Account and Admin consoles ( #28545 )
...
Signed-off-by: Jon Koops <jonkoops@gmail.com>
2024-04-11 08:42:08 +02:00
Marek Posolda
13daaa55ba
Documentation for changes related to 'You are already logged in' scen… ( #28595 )
...
closes #27879
Signed-off-by: mposolda <mposolda@gmail.com>
Co-authored-by: andymunro <48995441+andymunro@users.noreply.github.com>
2024-04-11 08:18:41 +02:00
Giuseppe Graziano
33b747286e
Changed userId value for refresh token events
...
Closes #28567
Signed-off-by: Giuseppe Graziano <g.graziano94@gmail.com>
2024-04-11 07:46:44 +02:00
Giuseppe Graziano
c76cbc94d8
Add sub via protocol mapper to access token
...
Closes #21185
Signed-off-by: Giuseppe Graziano <g.graziano94@gmail.com>
2024-04-10 10:40:42 +02:00
Martin Bartoš
b2c88e9876
docs: Support management port for health and metrics ( #28213 )
...
Relates to #19334
Signed-off-by: Martin Bartoš <mabartos@redhat.com>
Co-authored-by: Alexander Schwartz <aschwart@redhat.com>
Co-authored-by: Václav Muzikář <vmuzikar@redhat.com>
2024-04-09 14:33:30 +02:00
Alexander Schwartz
3ba9a905c9
Provide histograms for http server metrics
...
Closes #28178
Co-authored-by: Martin Bartoš <mabartos@redhat.com>
Signed-off-by: Martin Bartoš <mabartos@redhat.com>
Signed-off-by: Alexander Schwartz <aschwart@redhat.com>
2024-04-09 12:52:42 +02:00
Stian Thorgersen
a499512f35
Set SameSite for all cookies ( #28467 )
...
Closes #28465
Signed-off-by: stianst <stianst@gmail.com>
2024-04-09 12:29:19 +02:00
Steve Hawkins
9afe3a2560
fix: changing max threads default
...
closes : #17483
Signed-off-by: Steve Hawkins <shawkins@redhat.com>
2024-04-09 12:14:56 +02:00
Martin Bartoš
9c1790af68
Enable Syslog log handler ( #28462 )
...
* Enable syslog log handler
Closes #27544
Signed-off-by: Martin Bartoš <mabartos@redhat.com>
* Suggest an alternative to GELF
Signed-off-by: Martin Bartoš <mabartos@redhat.com>
---------
Signed-off-by: Martin Bartoš <mabartos@redhat.com>
2024-04-08 17:38:20 +02:00
Pedro Igor
52ba9b4b7f
Make sure attribute metadata from user storage providers are added only for the provider associated with a federated user
...
Closes #28248
Signed-off-by: Pedro Igor <pigor.craveiro@gmail.com>
2024-04-08 09:05:16 -03:00
Giuseppe Graziano
b4f791b632
Remove session_state from tokens
...
Closes #27624
Signed-off-by: Giuseppe Graziano <g.graziano94@gmail.com>
2024-04-08 08:12:51 +02:00
Stian Thorgersen
b9feaec38e
Ignore all links to GitHub when checking external links in docs due to rate limiting issues ( #28472 )
...
Closes #28330
Signed-off-by: stianst <stianst@gmail.com>
2024-04-05 15:36:38 +02:00
Pedro Igor
8fb6d43e07
Do not export ids when exporting authorization settings
...
Closes #25975
Co-authored-by: 박시준 <sjpark@logblack.com>
Signed-off-by: Pedro Igor <pigor.craveiro@gmail.com>
2024-04-04 19:26:03 +02:00
Clemens Zagler
b44252fde9
authz/client: Fix getPermissions returning wrong type
...
Due to an issue with runtime type erasure, getPermissions returned a
List<LinkedHashSet> instead of List<Permission>.
Fixed and added test to catch this
Closes #16520
Signed-off-by: Clemens Zagler <c.zagler@noi.bz.it>
2024-04-02 11:09:43 -03:00
Giuseppe Graziano
fe06df67c2
New default client scope for 'basic' claims with 'auth_time' protocol mapper
...
Closes #27623
Signed-off-by: Giuseppe Graziano <g.graziano94@gmail.com>
2024-04-02 08:44:28 +02:00
Steven Hawkins
e9ad9d0564
fix: replace aesh with picocli ( #27458 )
...
* fix: replace aesh with picocli
closes : #27388
Signed-off-by: Steve Hawkins <shawkins@redhat.com>
* Update integration/client-cli/admin-cli/src/main/java/org/keycloak/client/admin/cli/commands/AbstractRequestCmd.java
Co-authored-by: Martin Bartoš <mabartos@redhat.com>
* splitting the error handling for password input
Signed-off-by: Steve Hawkins <shawkins@redhat.com>
* adding a change note about kcadm
Signed-off-by: Steve Hawkins <shawkins@redhat.com>
* Update docs/documentation/upgrading/topics/changes/changes-25_0_0.adoc
Co-authored-by: Martin Bartoš <mabartos@redhat.com>
---------
Signed-off-by: Steve Hawkins <shawkins@redhat.com>
Co-authored-by: Martin Bartoš <mabartos@redhat.com>
2024-03-28 14:34:06 +01:00
Gilvan Filho
757c524cc5
Password policy for not having username in the password
...
closes #27643
Signed-off-by: Gilvan Filho <gfilho@redhat.com>
2024-03-28 08:29:03 +01:00
Stian Thorgersen
c3a98ae387
Use Argon2 as default password hashing algorithm ( #28162 )
...
Closes #28161
Signed-off-by: stianst <stianst@gmail.com>
2024-03-22 13:04:14 +00:00
rmartinc
d4da0c816c
Upgrading note to warn truststore changes affect webauthn registration
...
Closes #28113
Signed-off-by: rmartinc <rmartinc@redhat.com>
2024-03-22 10:58:48 +01:00
Steven Hawkins
619775b8db
fix: simplifies the parsing routine, which accounts for leading 0's ( #28102 )
...
closes : #27839
Signed-off-by: Steve Hawkins <shawkins@redhat.com>
2024-03-22 09:19:52 +01:00
Stian Thorgersen
cae92cbe8c
Argon2 password hashing provider ( #28031 )
...
Closes #28030
Signed-off-by: stianst <stianst@gmail.com>
2024-03-22 07:08:09 +01:00
Steven Hawkins
cbe185fbab
doc: add a note about lack of other JAX-RS support ( #28048 )
...
closes : #27057
Signed-off-by: Steve Hawkins <shawkins@redhat.com>
2024-03-21 16:59:22 +01:00
Steven Hawkins
7eab019748
task: deprecate WILDCARD and STRICT options ( #26833 )
...
closes : #24893
Signed-off-by: Steve Hawkins <shawkins@redhat.com>
2024-03-21 16:22:41 +01:00
Alexander Schwartz
c4fdf1cee7
Enable HTTP metrics for Keycloak by default ( #28088 )
...
Closes #27924
Signed-off-by: Alexander Schwartz <aschwart@redhat.com>
2024-03-21 16:18:03 +01:00
Steve Hawkins
91c89c28e7
fix: changes xa transaction related defaults
...
xa is not enabled by default
recovery is enabled by default
closes #27308
Signed-off-by: Steve Hawkins <shawkins@redhat.com>
2024-03-21 16:01:19 +01:00
Sebastian Schuster
0542554984
12671 querying by user attribute no longer forces case insensitivity for keys
...
Signed-off-by: Sebastian Schuster <sebastian.schuster@bosch.io>
2024-03-21 08:35:29 -03:00
Alexander Schwartz
fbdb2ed9f7
Updated performance impact due to changed hashing
...
Fixes #27900
Signed-off-by: Alexander Schwartz <aschwart@redhat.com>
2024-03-19 09:30:49 +01:00
AndyMunro
d61b1ddb09
Edit use of Keycloak in Server Admin Guide
...
Closes #27955
Signed-off-by: AndyMunro <amunro@redhat.com>
2024-03-18 09:51:55 +01:00
Alexander Schwartz
62d24216e3
Remove offline session preloading
...
Closes #27602
Signed-off-by: Alexander Schwartz <aschwart@redhat.com>
2024-03-15 15:19:27 +01:00
Stian Thorgersen
2bddfe7380
Remove log4j from documentation tests ( #27929 )
...
Signed-off-by: stianst <stianst@gmail.com>
2024-03-15 15:06:24 +01:00
AndyMunro
e40227fa50
Address comments on Securing Apps
...
Closes #27867
Signed-off-by: AndyMunro <amunro@redhat.com>
2024-03-15 13:04:05 +01:00
Stian Thorgersen
81f3f211f3
Delete all deprecated and unmaintained examples ( #27855 )
...
Signed-off-by: stianst <stianst@gmail.com>
2024-03-15 07:24:20 +01:00
Steven Hawkins
1cc1911ec3
doc: adding a note about repairing a corrupted classloading index ( #27906 )
...
relates to: #26396
Signed-off-by: Steve Hawkins <shawkins@redhat.com>
2024-03-14 16:47:07 +01:00
larsw
42244d2a67
doc/token-exchange.adoc: issuer claim -> iss claim ( #27018 )
...
Fixed a typo in the text.
2024-03-14 13:37:40 +01:00
andymunro
be29be6741
Edit Keycloak 23 part of Upgrading Guide
...
Closes #27484
Signed-off-by: AndyMunro <amunro@redhat.com>
2024-03-14 11:03:58 +01:00
Alexander Schwartz
1788cf2b09
Enable Infinispan metrics automatically if overall metrics are enabled
...
Closes #27724
Signed-off-by: Alexander Schwartz <aschwart@redhat.com>
2024-03-13 18:55:45 +01:00
Alexander Schwartz
6de5325d1c
Limit the received content when handling the content as a String
...
Closes #27293
Co-authored-by: rmartinc <rmartinc@redhat.com>
Signed-off-by: rmartinc <rmartinc@redhat.com>
Signed-off-by: Alexander Schwartz <aschwart@redhat.com>
2024-03-13 16:43:03 +01:00
Steven Hawkins
e22148043b
doc: mention that the split package warning may not happen ( #27789 )
...
closes : #26396
Signed-off-by: Steve Hawkins <shawkins@redhat.com>
2024-03-13 14:57:20 +01:00
Stian Thorgersen
1f772d2957
Move authenticator example to quickstarts ( #27850 )
...
Signed-off-by: stianst <stianst@gmail.com>
2024-03-13 11:52:29 +00:00
stianst
15717cc152
Remove deprecated cookie code
...
Closes #26813
Signed-off-by: stianst <stianst@gmail.com>
2024-03-12 17:24:14 +01:00
Alexander Schwartz
967ceddfbb
Fixing downstream documentation build ( #27781 )
...
Closes #27780
Signed-off-by: Alexander Schwartz <aschwart@redhat.com>
2024-03-12 08:37:41 +01:00
andymunro
66cffca3d4
Simplify Upgrade Guide structure
...
Closes #27632
Signed-off-by: AndyMunro <amunro@redhat.com>
Signed-off-by: Alexander Schwartz <aschwart@redhat.com>
Co-authored-by: Alexander Schwartz <aschwart@redhat.com>
2024-03-11 16:22:46 +01:00
Alexander Schwartz
050acf0d94
Map Storage Removal: Remove deprecated model/legacy module ( #27601 )
...
Closes #26657
Signed-off-by: Alexander Schwartz <aschwart@redhat.com>
2024-03-08 15:17:24 +00:00
Martin Bartoš
c5553b46b4
Update Welcome page image in docs
...
Closes #27719
Signed-off-by: Martin Bartoš <mabartos@redhat.com>
2024-03-08 15:00:36 +01:00
rmartinc
dea15e25da
Only add the nonce claim to the ID Token (mapper for backwards compatibility)
...
Closes #26893
Signed-off-by: rmartinc <rmartinc@redhat.com>
2024-03-07 09:56:57 +01:00
Alexander Schwartz
fa12b14a32
Update docs about when emails for changed credentials are sent
...
Closes #27620
Co-authored-by: andymunro <48995441+andymunro@users.noreply.github.com>
Signed-off-by: Alexander Schwartz <aschwart@redhat.com>
Signed-off-by: andymunro <48995441+andymunro@users.noreply.github.com>
2024-03-07 07:16:16 +01:00
Alexander Schwartz
2199d37879
Add multi-site active-passive support to the release notes ( #27575 )
...
Closes #27573
Signed-off-by: Alexander Schwartz <aschwart@redhat.com>
2024-03-06 12:59:22 +01:00
Alexander Schwartz
4b697009d3
Clean up feature IDs in the docs ( #27418 )
...
Closes #27416
Signed-off-by: Alexander Schwartz <aschwart@redhat.com>
2024-03-06 12:32:06 +01:00
Pedro Igor
d12711e858
Allow fetching roles when evaluating role licies
...
Closes #20736
Signed-off-by: Pedro Igor <pigor.craveiro@gmail.com>
2024-03-05 15:54:02 +01:00
Alexander Schwartz
aec6020750
URL change as liquibase.org now redirects
...
Closes #27540
Signed-off-by: Alexander Schwartz <aschwart@redhat.com>
2024-03-05 13:24:12 +01:00
Stian Thorgersen
d48ef8b507
Added release notes for 24.0.1 ( #27524 )
...
Signed-off-by: stianst <stianst@gmail.com>
2024-03-05 08:46:10 +01:00
Stian Thorgersen
d875a8f2b7
Delete broken images from release notes ( #27492 )
...
Signed-off-by: stianst <stianst@gmail.com>
2024-03-04 12:47:03 +01:00
Lucy Linder
84d48a9877
Update documentation for reCAPTCHA support
...
Signed-off-by: Lucy Linder <lucy.derlin@gmail.com>
2024-03-04 20:28:06 +09:00
Marek Posolda
f1e7c572da
Release notes 24: default password hashing updates ( #27475 )
...
Signed-off-by: mposolda <mposolda@gmail.com>
2024-03-04 09:55:03 +01:00
AndyMunro
14a12d106a
Edit Keycloak 23.x release notes
...
Closes #27440
Signed-off-by: AndyMunro <amunro@redhat.com>
2024-03-02 21:20:58 +01:00
AndyMunro
405feb0bc2
Edit Keycloak 24 changes chapter
...
Closes 27452
Signed-off-by: AndyMunro <amunro@redhat.com>
2024-03-02 21:11:35 +01:00
Steven Hawkins
c2596849f9
doc: adding a note about not conflicting with built-in stuff ( #27214 )
...
closes : #24459
Signed-off-by: Steve Hawkins <shawkins@redhat.com>
2024-03-01 14:34:16 +01:00
Václav Muzikář
3e3cb2222d
Deprecate GELF ( #27367 )
...
Closes #27364
Signed-off-by: Václav Muzikář <vmuzikar@redhat.com>
2024-02-29 12:07:28 +01:00
Takashi Norimatsu
3db04d8d8d
Replace Security Key with Passkey in WebAuthn UIs and their documents
...
closes #27147
Signed-off-by: Takashi Norimatsu <takashi.norimatsu.ws@hitachi.com>
2024-02-29 10:31:05 +01:00
Marek Posolda
8dd0eb451d
Additional release notes for Keycloak 24 ( #27339 )
...
closes #27142
Signed-off-by: mposolda <mposolda@gmail.com>
Co-authored-by: andymunro <48995441+andymunro@users.noreply.github.com>
2024-02-29 08:43:22 +01:00
Alexander Schwartz
3950b4ed46
Cleaning old product documentation from the upstream documentation
...
Closes #27324
Signed-off-by: Alexander Schwartz <aschwart@redhat.com>
2024-02-28 13:30:39 +01:00
AndyMunro
941e7cc3a5
notes about access and refresh tokens
...
Closes #26919
Signed-off-by: AndyMunro <amunro@redhat.com>
2024-02-28 12:12:48 +01:00
AndyMunro
ca0526f54d
Edit Keycloak 24 release notes
...
Closes #27326
Signed-off-by: AndyMunro <amunro@redhat.com>
2024-02-28 10:43:17 +01:00
Alexander Schwartz
6de61f61f0
Adding missing explicit IDs for cross-references
...
Closes #27316
Signed-off-by: Alexander Schwartz <aschwart@redhat.com>
2024-02-28 08:37:52 +01:00
Gilvan Filho
83af01c4c0
Add failedLoginNotBefore to AttackDetectionResource
...
Closes #17574
Signed-off-by: Gilvan Filho <gfilho@redhat.com>
2024-02-26 09:35:51 +01:00
Pedro Igor
b98e115183
Updating docs and account message
...
Signed-off-by: Pedro Igor <pigor.craveiro@gmail.com>
2024-02-22 22:58:22 +09:00
Pedro Igor
604274fb76
Allow setting an attribute as multivalued
...
Closes #23539
Signed-off-by: Pedro Igor <pigor.craveiro@gmail.com>
Co-authored-by: Jon Koops <jonkoops@gmail.com>
Co-authored-by: Erik Jan de Wit <erikjan.dewit@gmail.com>
2024-02-22 12:56:44 +01:00
Takashi Norimatsu
1e12b15890
Supporting OAuth 2.1 for public clients
...
closes #25316
Co-authored-by: shigeyuki kabano <shigeyuki.kabano.sj@hitachi.com>
Signed-off-by: Takashi Norimatsu <takashi.norimatsu.ws@hitachi.com>
2024-02-22 10:57:29 +01:00
Douglas Palmer
b0ef746f39
Permanently lock users out after X temporary lockouts during a brute force attack
...
Closes #26172
Signed-off-by: Douglas Palmer <dpalmer@redhat.com>
2024-02-22 09:34:51 +01:00
Takashi Norimatsu
9ea679ff35
Supporting OAuth 2.1 for confidential clients
...
closes #25314
Co-authored-by: shigeyuki kabano <shigeyuki.kabano.sj@hitachi.com>
Signed-off-by: Takashi Norimatsu <takashi.norimatsu.ws@hitachi.com>
2024-02-22 08:34:21 +01:00
Jon Koops
89af9e3ffd
Write announcement and documentation for Account Console v3 ( #26318 )
...
Closes #26122
Signed-off-by: Jon Koops <jonkoops@gmail.com>
2024-02-21 13:42:33 -05:00
Alexander Schwartz
3b6886d970
Add warning about too long attribute values as it can exhaust caches ( #27126 )
...
Closes #27125
Signed-off-by: Alexander Schwartz <aschwart@redhat.com>
2024-02-21 13:47:58 +01:00
Václav Muzikář
33425dacd9
Add proxy-headers
option to the Keycloak CR ( #27092 )
...
Closes #25179
Signed-off-by: Václav Muzikář <vmuzikar@redhat.com>
2024-02-21 12:19:37 +01:00
Václav Muzikář
de60c9b469
Tweak the default memory request and limit in the Operator ( #27170 )
...
Closes #27169
Signed-off-by: Václav Muzikář <vmuzikar@redhat.com>
2024-02-21 10:03:17 +01:00
Takashi Norimatsu
1bdbaa2ca5
Client policies: executor for validate and match a redirect URI
...
closes #25637
Signed-off-by: Takashi Norimatsu <takashi.norimatsu.ws@hitachi.com>
2024-02-20 08:37:33 +01:00
Joshua Sorah
018914d7fd
Change Open ID Connect to OpenID Connect in UI and docs
...
Closes #27093
Signed-off-by: Joshua Sorah <jsorah@redhat.com>
2024-02-19 17:01:57 +01:00
Takashi Norimatsu
849a920955
Rename Resident key to Discoverable Credential
...
closes #9508
Signed-off-by: Takashi Norimatsu <takashi.norimatsu.ws@hitachi.com>
2024-02-19 14:12:15 +01:00
Marek Posolda
d8ab12eab7
Release notes for Keycloak 24 with OIDC contributions ( #27047 )
...
closes #25729
Signed-off-by: mposolda <mposolda@gmail.com>
Co-authored-by: andymunro <48995441+andymunro@users.noreply.github.com>
2024-02-16 08:34:20 +01:00
Vlasta Ramik
76453550a5
User attribute value length extension
...
Closes #9758
Signed-off-by: vramik <vramik@redhat.com>
Signed-off-by: Alexander Schwartz <aschwart@redhat.com>
Signed-off-by: Michal Hajas <mhajas@redhat.com>
Co-authored-by: Alexander Schwartz <aschwart@redhat.com>
Co-authored-by: Michal Hajas <mhajas@redhat.com>
2024-02-16 08:09:34 +01:00
Martin Bartoš
59007844d9
Supported option to specify resource management for pods in Keycloak CR ( #26661 )
...
Closes #26456
Signed-off-by: Martin Bartoš <mabartos@redhat.com>
2024-02-15 13:38:41 +01:00
rmartinc
4ff4c3f897
Increase internal algorithm security using HS512 and 128 byte hmac keys
...
Closes #13080
Signed-off-by: rmartinc <rmartinc@redhat.com>
2024-02-15 08:16:45 +01:00
Marek Posolda
16fca0118e
User profile - release notes and more migration instructions ( #27003 )
...
closes #26917
closes #26932
Signed-off-by: mposolda <mposolda@gmail.com>
Co-authored-by: Pedro Igor <pigor.craveiro@gmail.com>
Co-authored-by: andymunro <48995441+andymunro@users.noreply.github.com>
2024-02-15 08:14:16 +01:00
Marek Posolda
e2fb8406a3
Fixing the docs about default hashing iterations ( #27020 )
...
closes #26816
Signed-off-by: mposolda <mposolda@gmail.com>
Co-authored-by: andymunro <48995441+andymunro@users.noreply.github.com>
2024-02-15 08:11:44 +01:00
Joshua Sorah
b81233a4af
[docs] Align OAuth 2.0 Security Best Current Practice links ( #24706 )
...
Closes keycloak/keycloak#24705
Signed-off-by: Joshua Sorah <jsorah@gmail.com>
2024-02-13 13:53:56 +01:00
Pedro Igor
750bc2c09c
Reviewing references to user attribute management and UIs
...
Closes #26155
Signed-off-by: Pedro Igor <pigor.craveiro@gmail.com>
2024-02-12 16:01:34 +01:00
mposolda
7af753e166
Documentation for AIA
...
closes #25569
Signed-off-by: mposolda <mposolda@gmail.com>
Co-authored-by: andymunro <48995441+andymunro@users.noreply.github.com>
2024-02-12 09:42:34 +01:00
Thomas Darimont
93fc6a6c54
Shorter lifespan for offline session cache entries in memory
...
Closes #26810
Co-authored-by: Thomas Darimont <thomas.darimont@googlemail.com>
Co-authored-by: Martin Kanis <mkanis@redhat.com>
Signed-off-by: Thomas Darimont <thomas.darimont@googlemail.com>
Signed-off-by: Martin Kanis <mkanis@redhat.com>
2024-02-09 19:44:04 +01:00
stianst
d2f74dd83d
Fix anchors in securing apps guide in prod profile
...
Closes #26853
Signed-off-by: Alexander Schwartz <aschwart@redhat.com>
2024-02-09 12:31:30 +01:00
Pedro Igor
b91ad23b20
Update theme documentation about the considerations when deploying custom themes ( #26885 )
...
Related #23907
Signed-off-by: Pedro Igor <pigor.craveiro@gmail.com>
2024-02-09 04:21:54 +01:00
Steven Hawkins
77581d2527
fix: change from operator. to kc.operator. keys ( #26414 )
...
closes #12352
Signed-off-by: Steve Hawkins <shawkins@redhat.com>
2024-02-08 15:03:20 +01:00