Commit graph

919 commits

Author SHA1 Message Date
Ryan Emerson
db14ab1365
Refactor HA guide to refer to generic multi-site deployments
Old Active/Passive guides replaced with Active/Active architecture, but
A/P vs A/A distinction hidden from users in favour of generic multi-site
docs.

Closes #31029

Signed-off-by: Ryan Emerson <remerson@redhat.com>
Signed-off-by: Alexander Schwartz <aschwart@redhat.com>
Co-authored-by: Alexander Schwartz <aschwart@redhat.com>
2024-08-07 08:22:59 +00:00
Tero Saarni
62fd969fe1
Allow requests from local IPv6 addresses
If administrator selects EXTERNAL for Require SSL setting, allow clear-text
HTTP requests when client is coming from IPv6 link-local or unique local
address (ULA).

Previously only private IPv4 addresses were allowed and private IPv6 addresses
were rejected.

Closes #30678

Signed-off-by: Tero Saarni <tero.saarni@est.tech>
2024-08-05 16:38:55 +02:00
rmartinc
942d5d0aa3 Convert chapter planning for securing applications and services to guides
Final removal of the securing_apps documentation
Final checks for links, order and other minor things
Closes #31328

Signed-off-by: rmartinc <rmartinc@redhat.com>
2024-08-01 16:45:56 +02:00
Giuseppe Graziano
adb2af442a
Move token exchange documentation to guides (#31707)
Closes #31334


Signed-off-by: Giuseppe Graziano <g.graziano94@gmail.com>
Signed-off-by: Marek Posolda <mposolda@gmail.com>
Co-authored-by: Marek Posolda <mposolda@gmail.com>
2024-07-30 21:04:05 +02:00
Giuseppe Graziano
a3c9944610
Move Keycloak JavaScript adapter to guides (#31751)
Closes #31695


Signed-off-by: Giuseppe Graziano <g.graziano94@gmail.com>
Signed-off-by: Marek Posolda <mposolda@gmail.com>
Co-authored-by: Marek Posolda <mposolda@gmail.com>
2024-07-30 18:39:33 +02:00
rmartinc
b07b120f2a Convert chapter client registration CLI from securing apps into guides
Closes #31333

Signed-off-by: rmartinc <rmartinc@redhat.com>
2024-07-30 18:30:46 +02:00
rmartinc
b2b27f8a4e Convert chapter client registration service from securing apps into guides
Closes #31332

Signed-off-by: rmartinc <rmartinc@redhat.com>
2024-07-30 18:30:46 +02:00
Giuseppe Graziano
e1266c2678 Move mod-auth-openidc.adoc to guides
Closes #31697

Signed-off-by: Giuseppe Graziano <g.graziano94@gmail.com>
2024-07-30 18:23:40 +02:00
Peter Zaoral
07cfdac862
Document admin bootstrapping and recovery
Closes: #30011

Signed-off-by: Peter Zaoral <pzaoral@redhat.com>
Co-authored-by: Alexander Schwartz <aschwart@redhat.com>
Co-authored-by: Václav Muzikář <vaclav@muzikari.cz>
2024-07-30 15:45:56 +02:00
Giuseppe Graziano
ca2b6dc754 Move Node.js adapter to guides
Closes #31696

Signed-off-by: Giuseppe Graziano <g.graziano94@gmail.com>
2024-07-30 11:29:51 +02:00
Marek Posolda
5b52117351
Documentation for Delete Credential action and related changes (#31719)
closes #31718


Signed-off-by: mposolda <mposolda@gmail.com>
Signed-off-by: Marek Posolda <mposolda@gmail.com>
Co-authored-by: andymunro <48995441+andymunro@users.noreply.github.com>
2024-07-30 10:05:14 +02:00
Giuseppe Graziano
c3019fb2d3
Move oidc documentation to guides (#31627)
Closes #31329

Signed-off-by: Giuseppe Graziano <g.graziano94@gmail.com>
2024-07-30 09:46:14 +02:00
Steven Hawkins
6a91436746
enhance: add bootstrap admin handling to the operator (#31646)
switching to manual invocation of statefulset reconciliation

closes: #30004



* Update docs/guides/operator/advanced-configuration.adoc




* enhance: add bootstrap admin handling to the operator

closes: #30004



---------

Signed-off-by: Steve Hawkins <shawkins@redhat.com>
Signed-off-by: Steven Hawkins <shawkins@redhat.com>
Co-authored-by: Václav Muzikář <vaclav@muzikari.cz>
2024-07-29 14:08:31 +02:00
Steven Hawkins
22f8e5cdf0
Added field to the RealmImport spec to replace environment variables within the realm import (#31232)
* Added field to the RealmImport spec to replace environment variables within the realm import

Closes #26470

Signed-off-by: stustison <scott.tustison@gmail.com>

* Added field to the RealmImport spec to replace environment variables within the realm import

Closes #26470

Signed-off-by: stustison <scott.tustison@gmail.com>

* testing refinement for placeholder handling

closes: #26470

Signed-off-by: Steve Hawkins <shawkins@redhat.com>

* changing from placeholdersecret to placeholder

Signed-off-by: Steve Hawkins <shawkins@redhat.com>

* Update docs/guides/operator/realm-import.adoc

Co-authored-by: Martin Bartoš <mabartos@redhat.com>
Signed-off-by: Steven Hawkins <shawkins@redhat.com>

* Update docs/documentation/release_notes/topics/26_0_0.adoc

Co-authored-by: Martin Bartoš <mabartos@redhat.com>
Signed-off-by: Steven Hawkins <shawkins@redhat.com>

---------

Signed-off-by: stustison <scott.tustison@gmail.com>
Signed-off-by: Steve Hawkins <shawkins@redhat.com>
Signed-off-by: Steven Hawkins <shawkins@redhat.com>
Co-authored-by: stustison <scott.tustison@gmail.com>
Co-authored-by: Martin Bartoš <mabartos@redhat.com>
2024-07-29 11:16:09 +02:00
rmartinc
e97ffe7a32 Convert chapter docker registry from securing apps into guides
Closes #31331

Signed-off-by: rmartinc <rmartinc@redhat.com>
2024-07-26 15:39:51 +02:00
Alexander Schwartz
227c71f7f0
Persisting revoked access tokens
Closes #31296

Signed-off-by: Alexander Schwartz <aschwart@redhat.com>
2024-07-26 11:46:14 +02:00
Václav Muzikář
6f62e6768c Revert "operator bootstrap admin handling (#30711)"
This reverts commit 3139b82e3c.
2024-07-26 10:02:13 +02:00
rmartinc
e30230488e Convert chapter mod_auth_mellon from securing apps into guides
Closes #31569

Signed-off-by: rmartinc <rmartinc@redhat.com>
2024-07-24 21:16:49 +02:00
Pedro Igor
f4b1a5ca88 Updating docs
Signed-off-by: Pedro Igor <pigor.craveiro@gmail.com>
2024-07-24 15:12:16 -03:00
Maciej Mierzwa
97e89e2071 feature: password age in days policy
Closes #30210

Signed-off-by: Maciej Mierzwa <dev.maciej.mierzwa@gmail.com>
2024-07-24 15:12:16 -03:00
Steven Hawkins
3139b82e3c
operator bootstrap admin handling (#30711)
* enhance: add bootstrap admin handling to the operator

closes: #30004

Signed-off-by: Steve Hawkins <shawkins@redhat.com>

* Update docs/guides/operator/advanced-configuration.adoc

Co-authored-by: Václav Muzikář <vaclav@muzikari.cz>
Signed-off-by: Steven Hawkins <shawkins@redhat.com>

* enhance: add bootstrap admin handling to the operator

closes: #30004

Signed-off-by: Steve Hawkins <shawkins@redhat.com>

---------

Signed-off-by: Steve Hawkins <shawkins@redhat.com>
Signed-off-by: Steven Hawkins <shawkins@redhat.com>
Co-authored-by: Václav Muzikář <vaclav@muzikari.cz>
2024-07-24 17:35:13 +02:00
rmartinc
9f2eddead8 Re-add notes about not supporting DPoP and holder-of-key in the remaining adapters
Closes #30874

Signed-off-by: rmartinc <rmartinc@redhat.com>
2024-07-24 11:55:47 +02:00
rmartinc
ccab30d5f2 Move saml documentation to guides
Closes #31330

Signed-off-by: rmartinc <rmartinc@redhat.com>
2024-07-24 11:50:24 +02:00
Thomas Darimont
dbd4079f92
Allow users to customize the footer of a login theme (#31391)
Closes  #31390

Signed-off-by: Thomas Darimont <thomas.darimont@googlemail.com>
2024-07-23 09:29:38 +02:00
Martin Kanis
fdc35919a0 Wrong command in exposing metrics from caches section
Closes #31413

Signed-off-by: Martin Kanis <mkanis@redhat.com>
2024-07-19 09:19:31 +02:00
Steven Hawkins
14a9927e29
fix: scaling and tuning getting started guide
closes: #29388

Signed-off-by: Steve Hawkins <shawkins@redhat.com>
Signed-off-by: Steven Hawkins <shawkins@redhat.com>
Co-authored-by: Alexander Schwartz <aschwart@redhat.com>
Co-authored-by: andymunro <48995441+andymunro@users.noreply.github.com>
2024-07-18 13:31:37 +00:00
Hynek Mlnarik
a7374f92be Update login theme to login v2
Fixes: #29009

Signed-off-by: Hynek Mlnarik <hmlnarik@redhat.com>
2024-07-18 14:33:22 +02:00
rmartinc
764ef4831a Release notes and some notes for JavaKeystoreProvider changes
Closes #31226

Signed-off-by: rmartinc <rmartinc@redhat.com>
2024-07-17 10:44:45 +02:00
Stian Thorgersen
865c2dabea
Update themes.adoc (#31362)
Closes #30816

Signed-off-by: Stian Thorgersen <stianst@gmail.com>
2024-07-17 10:32:45 +02:00
Pedro Ruivo
9b39498085
Add default stack in cache-ispn.xml
A bug in Infinispan prevents the metrics to be registered if the "stack"
is not specified.
Change the default configuration shipped with Keycloak to use the UDP
stack as default.
UDP is the default in previous Keycloak versions.

Fixes #31218

Signed-off-by: Pedro Ruivo <pruivo@redhat.com>
Signed-off-by: Alexander Schwartz <aschwart@redhat.com>
Co-authored-by: Alexander Schwartz <aschwart@redhat.com>
2024-07-16 12:05:38 +02:00
Thomas Darimont
e79d10e71e
Add missing user event translations to admin-ui
Fixes #27677

Signed-off-by: Thomas Darimont <thomas.darimont@googlemail.com>
Signed-off-by: Alexander Schwartz <aschwart@redhat.com>
Co-authored-by: Alexander Schwartz <aschwart@redhat.com>
2024-07-12 10:04:57 +02:00
Steven Hawkins
4970a9b729
fix: deprecate KEYCLOAK_ADMIN and KEYCLOAK_ADMIN_PASSWORD
closes: #30658

Signed-off-by: Steve Hawkins <shawkins@redhat.com>
Signed-off-by: Steven Hawkins <shawkins@redhat.com>
Co-authored-by: Jon Koops <jonkoops@gmail.com>
2024-07-11 18:07:57 +02:00
rmartinc
e80c3fee9b Change link to https://github.com/eclipse/microprofile/wiki/JWT_Auth
Closes #31219

Signed-off-by: rmartinc <rmartinc@redhat.com>
2024-07-11 18:03:57 +02:00
Steve Hawkins
9247029ca3 fix: removes the operator's usage of the v1 proxy option
closes: #30945

Signed-off-by: Steve Hawkins <shawkins@redhat.com>
2024-07-11 14:21:50 +02:00
rmartinc
096e335a92 Support for vault and AES and HMAC algorithms to JavaKeystoreKeyProvider
Closes #30880
Closes #29755

Signed-off-by: rmartinc <rmartinc@redhat.com>
2024-07-11 12:40:45 +02:00
Lucy Linder
0f7c2364f0 Update links in ReCAPTCHA doc
Google links changed and are now causing redirect issues reports.

Closes: #31187

Signed-off-by: Lucy Linder <lucy.derlin@gmail.com>
2024-07-11 00:27:09 +02:00
Martin Kanis
922eaa9fc8
Disable username prohibited chars validator when email as username is… (#31140)
* Disable username prohibited chars validator when email as the username is set

Closes #25339

Signed-off-by: Martin Kanis <mkanis@redhat.com>
Signed-off-by: Pedro Igor <pigor.craveiro@gmail.com>
Co-authored-by: Pedro Igor <pigor.craveiro@gmail.com>
2024-07-10 09:46:24 -03:00
rmartinc
ce195b81f8 Improve consent deletion when a realm is removed
Closes #30992

Signed-off-by: rmartinc <rmartinc@redhat.com>
2024-07-10 09:44:42 +02:00
Gilvan Filho
a918eb1e30 Fix user storage spi jpa quickstart description
Closes #30941

Signed-off-by: Gilvan Filho <gfilho@redhat.com>
2024-07-08 14:44:41 +02:00
Pedro Igor
1a8075d62a Update migration and upgrade guides about GroupRemovedEvent no longer fired when removing a realm
Closes #30919

Signed-off-by: Pedro Igor <pigor.craveiro@gmail.com>
2024-07-05 10:14:30 +02:00
Pedro Igor
b745ac8259 Documenting LDAP connection pooling
Closes #30995

Signed-off-by: Pedro Igor <pigor.craveiro@gmail.com>
2024-07-04 13:21:47 +02:00
Diego Garcia Lozano
2ff0d4e4f8
Update caching docs to match breaking changes in v25
In the latest Keycloak version (v25.0.1) the cache options are not build options anymore. They now have to be provided during runtime.

Closes #31050

Signed-off-by: Diego Garcia Lozano <diegogarcialozano95@gmail.com>
2024-07-04 11:54:32 +02:00
Steven Hawkins
a7ae90cbb6
fix: adds affinity and other scheduling to the operator (#29977)
closes: #29258

Signed-off-by: Steve Hawkins <shawkins@redhat.com>
2024-07-03 20:07:03 +02:00
Pedro Aguiar
2316b8d82a
update: fix typo in hostname.adoc (#31007)
- `proxy_name` becomes `project_name`.

Signed-off-by: Pedro Aguiar <contact@codespearhead.com>
2024-07-02 16:50:38 +00:00
Thomas Darimont
f34bb21af6
Fix deprecations in common module
- Use charset in `Encode` class
- Replace reflective call to protected `Liquibase#resetServices()` with call to exposed public method on a custom subclass `KeycloakLiquibase`
- Remove usage of deprecated AccessController class in Reflections
- Deprecated SetAccessibleProvilegedAction and UnsetAccessibleProvilegedAction

Fixes #22209

Signed-off-by: Thomas Darimont <thomas.darimont@googlemail.com>
Signed-off-by: Alexander Schwartz <aschwart@redhat.com>
Co-authored-by: Alexander Schwartz <aschwart@redhat.com>
2024-07-02 16:02:35 +00:00
Peter Zaoral
add45a25a8
Add default CPU limit/request for the operator (#30601)
Closes: #27432

Signed-off-by: Peter Zaoral <pzaoral@redhat.com>
2024-07-01 15:12:43 +02:00
Christoph Schulz
657aff787f
Add missing comma to (#30914)
Signed-off-by: Christoph Schulz <mail@ciis0.de>
Co-authored-by: Alexander Schwartz <alexander.schwartz@gmx.net>
2024-06-28 13:13:13 +00:00
Václav Muzikář
bce7a29035
Document how Admin REST API endpoints work with Hostname config
Closes #30537

Signed-off-by: Václav Muzikář <vmuzikar@redhat.com>
Co-authored-by: Martin Bartoš <mabartos@redhat.com>
2024-06-28 09:31:41 +02:00
Stan Silvert
a1445cd93f
Minor doc fix. (#30899)
Signed-off-by: Stan Silvert <ssilvert@redhat.com>
2024-06-27 16:18:32 -04:00
andymunro
30264c7dd4
Remove inclusive language foreword
Closes #30856

Signed-off-by: AndyMunro <amunro@redhat.com>
Signed-off-by: Alexander Schwartz <aschwart@redhat.com>
Co-authored-by: Alexander Schwartz <aschwart@redhat.com>
2024-06-27 15:22:03 +02:00
MWarnecke
c5fc9f2962
Use provided scope for maven-plugin dependencies
* use provided scope for maven dependencies

As the maven-plugin-plugin suggests, dependencies to the maven runtime
should be in provided scope.

This gets rid of the according warning which was written during build.

Before Maven 3.9, plexus-utils was injected in the classpath at runtime.
As of Maven 3.9 this is not the case anymore which broke the plugin due
to a usage of said dependency. The only usage is replaced by a visitor
to copy files.

Closes #30542

Signed-off-by: Michael Warnecke <WarneckeMichael@web.de>

* Guides need to see maven's Log class

Signed-off-by: Michael Warnecke <WarneckeMichael@web.de>

---------

Signed-off-by: Michael Warnecke <WarneckeMichael@web.de>
2024-06-27 09:50:19 +02:00
Martin Bartoš
0a888512a8
New operator failing on health checks (#30709)
Closes #30355

Signed-off-by: Martin Bartoš <mabartos@redhat.com>
Co-authored-by: Václav Muzikář <vaclav@muzikari.cz>
2024-06-26 15:46:48 +00:00
Martin Bartoš
30fdba00b5
Describe mTLS overrides for the management interface (#30735)
Closes #30094

Signed-off-by: Martin Bartoš <mabartos@redhat.com>
2024-06-26 12:02:36 +02:00
Douglas Palmer
5af3001122 Check if OSGI metadata can be removed entirely
Closes #29104

Signed-off-by: Douglas Palmer <dpalmer@redhat.com>
2024-06-25 14:12:33 +02:00
Steven Hawkins
1983bfc9b1
docs: remove reference to features-disabled=default (#30612)
closes: #29761

Signed-off-by: Steve Hawkins <shawkins@redhat.com>
2024-06-25 11:08:45 +02:00
rmartinc
e9c9efc3f4 Upgrade bc-fips to 1.0.2.5
Closes #26568
Closes #27884

Signed-off-by: rmartinc <rmartinc@redhat.com>
2024-06-25 11:07:27 +02:00
Andre F de M
0f061a75e2 Issue: 26568 - bcfips version bump and fixes
* bump BCFIPS to 1.0.2.5
               * fix bc-fips related test error
               * remove unused imports

               Closes: #26568

Signed-off-by: Andre F de M <trixpan@users.noreply.github.com>
2024-06-25 11:07:27 +02:00
Nikolai Prokoschenko
1019af91c9
Fix typo in importExport.adoc (#30731)
Signed-off-by: Nikolai Prokoschenko <nikolai.prokoschenko@kurzdigital.com>
2024-06-25 08:07:05 +00:00
Douglas Palmer
54f4ab50f0 Broken external links
Closes #30717

Signed-off-by: Douglas Palmer <dpalmer@redhat.com>
2024-06-25 09:55:50 +02:00
julien-sarik
dd7e82cd16
Fix usage of management port in the documentation (#30653)
Health and metrics endpoints are documented as being served on port 8443 instead of 9000 in [the guide about Running Keycloak in a container](https://www.keycloak.org/server/containers#_starting_the_optimized_keycloak_container_image).

Closes #30652

Signed-off-by: julien <julien.sarik@gmail.com>
2024-06-21 12:59:13 +00:00
Jon Koops
df18629ffe
Use a default Java version from root POM (#29927)
Signed-off-by: Jon Koops <jonkoops@gmail.com>
2024-06-21 14:19:31 +02:00
Pedro Igor
a0ad680346 Adding an alias to organization and exposing them to templates
Closes #30312
Closes #30313

Signed-off-by: Pedro Igor <pigor.craveiro@gmail.com>
2024-06-20 14:36:14 -03:00
Jon Koops
77fb3c4dd4
Use correct host URL for Admin Console requests (#30535)
Closes #30432

Signed-off-by: Jon Koops <jonkoops@gmail.com>
2024-06-19 15:21:53 +02:00
Pedro Ruivo
c48e7bc24c Update to Infinispan 15.0.5.Final
Closes #30557

Signed-off-by: Pedro Ruivo <pruivo@redhat.com>
2024-06-19 11:50:24 +02:00
CARBONNEAUX Mathieu
acf79b81c7
add RS256 algorithm to webauthn default policy (#30528)
closes #28020 

Signed-off-by: Mathieu CARBONNEAUX <mathieu.carbonneaux@ch2o.info>
2024-06-19 10:16:46 +02:00
Pedro Ruivo
5c0dddd837 Batch cluster events
Sending multiple events in a single network request should minimize
latency and traffic.

Closes #30445

Signed-off-by: Pedro Ruivo <pruivo@redhat.com>
2024-06-14 21:14:22 +02:00
Thibault Morin
f6fa869b12
feat(SAML): add Artifact Binding on brokering scenarios when Keycloak is SP (#29619)
* feat: add Artifact Binding on brokering scenarios when Keycloak is SP

Signed-off-by: tmorin <git@morin.io>

* Adding broker test and minor improvements

Signed-off-by: Pedro Igor <pigor.craveiro@gmail.com>

* Fixing IdentityProviderTest

Signed-off-by: Pedro Igor <pigor.craveiro@gmail.com>

* Renaming methods related to idp initiated flows

Signed-off-by: Pedro Igor <pigor.craveiro@gmail.com>

* Fixing partial_import_test.spec.ts

Signed-off-by: Pedro Igor <pigor.craveiro@gmail.com>

---------

Signed-off-by: tmorin <git@morin.io>
Signed-off-by: Pedro Igor <pigor.craveiro@gmail.com>
Co-authored-by: Pedro Igor <pigor.craveiro@gmail.com>
2024-06-14 08:54:49 -03:00
Wim Deblauwe
cc00566fae
Add missing space (#30394)
* Add missing space

Fix the website on https://www.keycloak.org/server/db showing some asciidoc related `ifeval` text

Closes #30417

Signed-off-by: Wim Deblauwe <wim.deblauwe@gmail.com>

* Review and rework for grammar and syntax

Closes #30417

Signed-off-by: Alexander Schwartz <aschwart@redhat.com>

---------

Signed-off-by: Wim Deblauwe <wim.deblauwe@gmail.com>
Signed-off-by: Alexander Schwartz <aschwart@redhat.com>
Co-authored-by: Alexander Schwartz <aschwart@redhat.com>
2024-06-14 09:17:17 +02:00
Pedro Ruivo
18a6c79011
Infinispan Protostream Marshaller (#29474)
Closes #29394

Signed-off-by: Pedro Ruivo <pruivo@redhat.com>
Co-authored-by: Alexander Schwartz <aschwart@redhat.com>
2024-06-13 18:02:46 +02:00
Lukas Hanusovsky
ca0833b2e4
[#29412] DB Allocator removal - dependency cleanup. (#30406)
Signed-off-by: Lukas Hanusovsky <lhanusov@redhat.com>
2024-06-13 13:31:52 +00:00
Kohei Tamura
d96967682b
Improve procedure for handling open transactions (#29748)
Signed-off-by: k-tamura <ktamura.biz.80@gmail.com>
2024-06-12 23:21:24 +02:00
Martin Bartoš
04b16a914c Remove link to management interface guide from ignored links in docs
Closes #28475

Signed-off-by: Martin Bartoš <mabartos@redhat.com>
2024-06-12 11:50:21 +02:00
daviddelannoy
d4fc5249c4
fix label error for persistent-user-sessions feature flag in documentation
Closes #30368

Signed-off-by: daviddelannoy <16318239+daviddelannoy@users.noreply.github.com>
2024-06-12 09:32:10 +00:00
Václav Muzikář
375ea9da03
Enhance masking around config-keystore (#30348)
Closes #30346

Signed-off-by: Václav Muzikář <vmuzikar@redhat.com>
2024-06-12 08:54:45 +02:00
Pedro Igor
e6df8a2866 Allow multiple instances of the same social broker in a realm
Closes #30088

Signed-off-by: Pedro Igor <pigor.craveiro@gmail.com>
2024-06-11 12:44:10 -03:00
Pedro Igor
22da43c619
Fixing broken link (#30299)
Signed-off-by: Pedro Igor <pigor.craveiro@gmail.com>
2024-06-10 15:22:48 +02:00
MWarnecke
0c6558612f
Enhance documentation regarding edge termination (#30170)
Closes #29665

Signed-off-by: Michael Warnecke <WarneckeMichael@web.de>
2024-06-10 07:47:20 +00:00
Pedro Igor
c35bf11b1b
Adding organization section (#29796)
Closes #28731

Signed-off-by: Pedro Igor <pigor.craveiro@gmail.com>
Co-authored-by: andymunro <48995441+andymunro@users.noreply.github.com>
2024-06-10 09:08:50 +02:00
Giuseppe Graziano
6067f93984
Improvements to refresh token rotation with multiple tabs (#29966)
Closes #14122

Signed-off-by: Giuseppe Graziano <g.graziano94@gmail.com>
2024-06-07 12:02:36 +02:00
Steven Hawkins
5059a02eb2
fix: minor refinements to collection utils (#29536)
closes: #29535

Signed-off-by: Steve Hawkins <shawkins@redhat.com>
2024-06-06 10:07:34 -04:00
Steven Hawkins
c7e9ee2bff
fix: adds handling for all kcadm prompts as env variables (#29430)
closes: #21961

Signed-off-by: Steve Hawkins <shawkins@redhat.com>
2024-06-06 13:08:23 +00:00
Marek Posolda
79c8c80058
Example for X.509 direct grant flow authentication (#30203)
closes #29639

Signed-off-by: mposolda <mposolda@gmail.com>


Co-authored-by: andymunro <48995441+andymunro@users.noreply.github.com>
2024-06-06 11:58:09 +02:00
Erik Jan de Wit
5897334ddb
Align environment variables between consoles (#30125)
* change to make authServerUrl the same as authUrl

fixes: #29641
Signed-off-by: Erik Jan de Wit <erikjan.dewit@gmail.com>

* Remove `authUrl` entirely

Signed-off-by: Jon Koops <jonkoops@gmail.com>

* Remove file that is unrelated

Signed-off-by: Jon Koops <jonkoops@gmail.com>

* Split out and align environment variables between consoles

Signed-off-by: Jon Koops <jonkoops@gmail.com>

* Restore removed variables to preserve backwards compatibility

Signed-off-by: Jon Koops <jonkoops@gmail.com>

* Also deprecate the `authUrl` for the Admin Console

Signed-off-by: Jon Koops <jonkoops@gmail.com>

---------

Signed-off-by: Erik Jan de Wit <erikjan.dewit@gmail.com>
Signed-off-by: Jon Koops <jonkoops@gmail.com>
Co-authored-by: Jon Koops <jonkoops@gmail.com>
2024-06-06 08:36:46 +02:00
Giuseppe Graziano
d5e82356f9 Encrypted KC_RESTART cookie and removed sensitive notes
Closes #keycloak/keycloak-private#162

Signed-off-by: Giuseppe Graziano <g.graziano94@gmail.com>
2024-06-05 10:33:44 +02:00
Marek Posolda
193439788e
Release notes for support application/jwt response in token introspec… (#30105)
closes #30104

Signed-off-by: mposolda <mposolda@gmail.com>


Co-authored-by: andymunro <48995441+andymunro@users.noreply.github.com>
2024-06-04 06:49:13 +02:00
Martin Bartoš
262fc09edc
OpenJDK 21 support (#28518)
* OpenJDK 21 support

Closes #28517

Co-authored-by: Václav Muzikář <vaclav@muzikari.cz>
Signed-off-by: Martin Bartoš <mabartos@redhat.com>

* x509 SAN UPN other name is not handled in JDK 21 (#904)

closes #29968

Signed-off-by: mposolda <mposolda@gmail.com>

---------

Signed-off-by: Martin Bartoš <mabartos@redhat.com>
Signed-off-by: mposolda <mposolda@gmail.com>
Co-authored-by: Václav Muzikář <vaclav@muzikari.cz>
Co-authored-by: Marek Posolda <mposolda@gmail.com>
2024-06-03 14:17:28 +02:00
Peter Zaoral
cd2451d58b
Remove Oracle JDBC driver out of the box (#29895)
Closes: #29491

Co-authored-by: Václav Muzikář <vaclav@muzikari.cz>
Co-authored-by: Martin Bartoš <mabartos@redhat.com>
Signed-off-by: Peter Zaoral <pzaoral@redhat.com>
2024-05-31 17:21:19 +00:00
Alexander Schwartz
af23150343 Fixing typo in the upgrading guide for persistent sessions
Closes #30028

Signed-off-by: Alexander Schwartz <aschwart@redhat.com>
2024-05-31 13:18:34 +02:00
Miquel Simon
2c521bd64d Upgrade supported PostgreSQL to version 16
Closes #29875

Signed-off-by: Miquel Simon <msimonma@redhat.com>
2024-05-29 16:31:40 +02:00
Marek Posolda
336b2c875f
Update release notes for Keycloak 25 (#29894)
closes #29576

Signed-off-by: mposolda <mposolda@gmail.com>


Co-authored-by: andymunro <48995441+andymunro@users.noreply.github.com>
2024-05-29 14:19:17 +02:00
mposolda
37c10b4d43 Improve documentation for the case when 'basic' client scope already exists
closes #29880

Signed-off-by: mposolda <mposolda@gmail.com>
2024-05-29 13:32:05 +02:00
Ryan Emerson
5788263413
Document Failover Lambda for Active/Passive deployments
Closes #29787

Signed-off-by: Ryan Emerson <remerson@redhat.com>
Signed-off-by: Alexander Schwartz <aschwart@redhat.com>
Co-authored-by: Alexander Schwartz <aschwart@redhat.com>
Co-authored-by: Alexander Schwartz <alexander.schwartz@gmx.net>
Co-authored-by: andymunro <48995441+andymunro@users.noreply.github.com>
2024-05-29 12:33:13 +02:00
Michal Hajas
61d0d56720
Document it is not possible to use rolling configuration upgrade for enabling persistent sessions
Closes #29561

Signed-off-by: Michal Hajas <mhajas@redhat.com>
Signed-off-by: Alexander Schwartz <aschwart@redhat.com>
Co-authored-by: Alexander Schwartz <aschwart@redhat.com>
2024-05-29 10:19:20 +02:00
Pedro Igor
bbb83236f5 Do not lower-case the username from the IdP when creating the federated identity
Closes #28495

Signed-off-by: Pedro Igor <pigor.craveiro@gmail.com>
2024-05-29 01:58:20 -03:00
Jon Koops
a3b2dd0735
Remove deprecated ServerCookie class (#29916)
Signed-off-by: Jon Koops <jonkoops@gmail.com>
2024-05-28 14:14:05 +00:00
Ryan Emerson
0f17f0abc5
Require external Infinispan be of version 15 or greater
Signed-off-by: Ryan Emerson <remerson@redhat.com>
Signed-off-by: Alexander Schwartz <aschwart@redhat.com>
Co-authored-by: Alexander Schwartz <aschwart@redhat.com>
2024-05-22 11:26:26 +00:00
Alexander Schwartz
80de3a0a71
Allow migration of non-persistent sessions to persistent sessions
Closes #29375

Signed-off-by: Alexander Schwartz <aschwart@redhat.com>
2024-05-22 10:30:46 +02:00
rmartinc
f7044ba5c2 Use SessionExpirationUtils for validate user and client sessions
Check client session is valid in TokenManager
Closes #24936

Signed-off-by: rmartinc <rmartinc@redhat.com>
2024-05-22 10:12:20 +02:00
Marek Posolda
6dc28bc7b5
Clarify the documentation about step-up authentication (#29735)
closes #28341

Signed-off-by: mposolda <mposolda@gmail.com>


Co-authored-by: andymunro <48995441+andymunro@users.noreply.github.com>
2024-05-21 19:46:27 +02:00
Pedro Ruivo
7182bc2125 Infinispan 15.0.4.Final
Closes #29743

Signed-off-by: Pedro Ruivo <pruivo@redhat.com>
2024-05-21 16:47:26 +02:00
Bruno Oliveira da Silva
4a21b44b5f Add documentation about how to handle CVEs on third-party libraries reported by Snyk
Closes #29707

Co-authored-by: Alexander Schwartz <alexander.schwartz@gmx.net>
Signed-off-by: Bruno Oliveira da Silva <bruno@abstractj.com>
2024-05-21 09:08:18 -03:00
mposolda
bbd4b60163 Update documentation after adapters removal
closes #28792

Signed-off-by: mposolda <mposolda@gmail.com>
2024-05-21 09:34:48 +02:00
Alex Szczuczko
34a61d72e5
Add chmod to ADD examples in docs (#29626)
Closes #29625

Signed-off-by: Alex Szczuczko <aszczucz@redhat.com>
2024-05-17 09:15:37 +02:00
vramik
35df0140ee Add a note to the migration guide about index name length for Oracle database
Closes #29594

Signed-off-by: vramik <vramik@redhat.com>
2024-05-16 10:06:39 -03:00
Takashi Norimatsu
b4e7d9b1aa
Passkeys: Supporting WebAuthn Conditional UI (#24305)
closes #24264

Signed-off-by: Takashi Norimatsu <takashi.norimatsu.ws@hitachi.com>
Signed-off-by: mposolda <mposolda@gmail.com>


Co-authored-by: mposolda <mposolda@gmail.com>
2024-05-16 07:58:43 +02:00
Alexander Schwartz
8deca303e2
Update instruction on how to enable persistent sessions (#29490)
Closes #29489

Signed-off-by: Alexander Schwartz <aschwart@redhat.com>
2024-05-15 13:26:51 +02:00
Robin Meese
87086ddb63
Add translation.md for Weblate.org
Closes #29548

Signed-off-by: Alexander Schwartz <aschwart@redhat.com>
Signed-off-by: Jon Koops <jonkoops@gmail.com>
Signed-off-by: Robin Meese <39960884+robson90@users.noreply.github.com>
Co-authored-by: Robin Meese <39960884+robson90@users.noreply.github.com>
Co-authored-by: Jon Koops <jonkoops@gmail.com>
Co-authored-by: Alexander Schwartz <aschwart@redhat.com>
2024-05-15 11:37:38 +02:00
Kamesh Akella
1d613d9037
Argon2 release notes and sizing guide update
Closes #29033

Signed-off-by: Kamesh Akella <kamesh.asp@gmail.com>
Signed-off-by: Alexander Schwartz <aschwart@redhat.com>
Co-authored-by: Alexander Schwartz <alexander.schwartz@gmx.net>
Co-authored-by: Václav Muzikář <vaclav@muzikari.cz>
Co-authored-by: Alexander Schwartz <aschwart@redhat.com>
2024-05-14 17:40:51 +02:00
mposolda
d8a7773947 Adding dummyHash to DirectGrant request in case user does not exists. Fix dummyHash for normal login requests
closes #12298

Signed-off-by: mposolda <mposolda@gmail.com>
2024-05-13 16:33:29 +02:00
christian2
e200ccfa53 Fix URL endpoint for Docker registry v2 authentication
Closes #29132

Signed-off-by: Christian Hörtnagl <christian2@univie.ac.at>
2024-05-13 13:51:06 +02:00
Alexander Schwartz
6fbe207d64
Create documentation for persistent user sessions
Closes #29218

Signed-off-by: Alexander Schwartz <aschwart@redhat.com>
Signed-off-by: Michal Hajas <mhajas@redhat.com>
Co-authored-by: Michal Hajas <mhajas@redhat.com>
2024-05-13 11:02:45 +02:00
mruzicka
6864ee0ead
doc: Quarkus launch rebuild optimization (#28320)
Suggest a command which performs the update of the class loading indices
only once.
Closes #28336
Signed-off-by: Michal Růžička <michal.ruza@gmail.com>
2024-05-10 12:28:38 +02:00
AndyMunro
4a5055c3cc Update create realm topics to replace Master
Closes #29280

Signed-off-by: AndyMunro <amunro@redhat.com>
2024-05-08 17:37:20 +02:00
Pedro Ruivo
cbce548e71 Infinispan 15.0.3.Final
Closes #29068

Signed-off-by: Pedro Ruivo <pruivo@redhat.com>
2024-05-08 17:18:39 +02:00
Nathan Raj
8ff1ae0c08
Update stack-overflow.adoc (#29363)
Corrected capitalisation for heading
2024-05-08 16:06:33 +02:00
Thore
4b194d00be iso-date validator for the user-profile
Adds a new validator in order to be able to validate user-model fields which should be modified/supplied by a datepicker.

Closes #11757

Signed-off-by: Thore <thore@kruess.xyz>
2024-05-07 11:42:39 -03:00
Pedro Igor
d2c5fc86a9 Additional note on release and upgrade guides about partial update on user attributes
Closes #28220

Signed-off-by: Pedro Igor <pigor.craveiro@gmail.com>
2024-05-07 09:59:38 -03:00
Steven Hawkins
c18a68b4e3
docs: add an initial note about sizing to each of the install guides (#29330)
closes: #14188

Signed-off-by: Steve Hawkins <shawkins@redhat.com>
2024-05-07 08:01:09 +00:00
AndyMunro
eb9b19abe9 Corrections to HA Guide
Closes #29183

Signed-off-by: AndyMunro <amunro@redhat.com>
2024-05-06 17:00:54 +02:00
Dimitri Papadopoulos Orfanos
9db1443367
Fix typos found by codespell in docs (#28890)
Run `chmod -x` on files that need not be executable.

Signed-off-by: Dimitri Papadopoulos <3234522+DimitriPapadopoulos@users.noreply.github.com>
Signed-off-by: Alexander Schwartz <aschwart@redhat.com>
Co-authored-by: Alexander Schwartz <aschwart@redhat.com>
2024-05-03 12:41:16 +00:00
Douglas Palmer
26eaa4f83f Broken link in documentation
Closes #29233

Signed-off-by: Douglas Palmer <dpalmer@redhat.com>
2024-05-02 15:29:56 -03:00
Steven Hawkins
4697cc956b
further refinement of context handling (#28182)
* fully removing providers and moving the keycloaksession creation / final
cleanup

also deprecated Resteasy utility methods

closes: #29223

Signed-off-by: Steve Hawkins <shawkins@redhat.com>

Co-authored-by: Pedro Igor <pigor.craveiro@gmail.com>
2024-05-02 11:21:01 -04:00
Steven Hawkins
3b1ca46be2
fix: updating docs around -q parameter (#29151)
closes: #27877

Signed-off-by: Steve Hawkins <shawkins@redhat.com>
2024-05-02 16:48:43 +02:00
Douglas Palmer
8d4d5c1c54 Remove redundant servers from the testsuite
Closes #29089

Signed-off-by: Douglas Palmer <dpalmer@redhat.com>
2024-04-30 17:39:32 +02:00
Alexander Schwartz
99cb437dc7 Fix product name usage for downstream documentation
Closes #29154

Signed-off-by: Alexander Schwartz <aschwart@redhat.com>
2024-04-29 18:05:00 +02:00
Jon Koops
a6e2ab5523 Remove jaxrs-oauth-client and OIDC servlet-filter adapters
Closes #28784

Signed-off-by: Jon Koops <jonkoops@gmail.com>
2024-04-26 15:56:57 +02:00
Douglas Palmer
cca660067a Remove JAAS login modules
Closes #28789

Signed-off-by: Douglas Palmer <dpalmer@redhat.com>
2024-04-26 09:30:35 +02:00
Douglas Palmer
eae20c76bd Remove KeycloakInstalled
Signed-off-by: Douglas Palmer <dpalmer@redhat.com>

Closes #28790
2024-04-26 09:30:35 +02:00
Douglas Palmer
b2f09feebf Remove servlet filter saml adapters
Closes #28786

Signed-off-by: Douglas Palmer <dpalmer@redhat.com>
2024-04-26 09:30:35 +02:00
Douglas Palmer
3e13b40648 Remove Spring adapters
Closes #28780

Signed-off-by: Douglas Palmer <dpalmer@redhat.com>
2024-04-26 09:30:35 +02:00
Douglas Palmer
bf2c97065f Remove SpringBoot adapters
Closes #28781

Signed-off-by: Douglas Palmer <dpalmer@redhat.com>
2024-04-26 09:30:35 +02:00
Douglas Palmer
43aa10e091 Remove Tomcat OIDC adapter
Closes #28778

Signed-off-by: Douglas Palmer <dpalmer@redhat.com>
2024-04-26 09:30:35 +02:00
Douglas Palmer
98faf6e6a0 Remove Tomcat SAML adapter
Signed-off-by: Douglas Palmer <dpalmer@redhat.com>

Closes #28783
2024-04-26 09:30:35 +02:00
Mark Banierink
ad32896725
replaced and removed deprecated token methods (#27715)
closes #19671 

Signed-off-by: Mark Banierink <mark.banierink@nedap.com>


Co-authored-by: Pedro Igor <pigor.craveiro@gmail.com>
2024-04-23 09:23:37 +02:00
rmartinc
eac4b53751 Incorrect proxyMappings example in the guides
Closes #25514

Signed-off-by: rmartinc <rmartinc@redhat.com>
2024-04-22 18:30:41 +02:00
Stefan Guilhen
8ca4bc77a1 Improve the performance of the queries used to find granted resources
- simplifies the queries to avoid unnecessary join
- creates two new indexes to speed up search time

Closes #28861

Signed-off-by: Stefan Guilhen <sguilhen@redhat.com>
2024-04-22 11:26:06 -03:00
Lex Cao
7e034dbbe0
Add IdpConfirmOverrideLinkAuthenticator to handle duplicate federated identity (#26393)
Closes #26201.

Signed-off-by: Lex Cao <lexcao@foxmail.com>


Co-authored-by: andymunro <48995441+andymunro@users.noreply.github.com>
2024-04-22 11:30:14 +02:00
Alexander Schwartz
9d0b1ecee4 Review CLI option change for caching
Closes #28750

Signed-off-by: Alexander Schwartz <aschwart@redhat.com>
2024-04-20 18:30:24 +02:00
Pedro Ruivo
3de5357091 CLI options to disable encryption and authentication to external Infinispan
Closes #28750

Signed-off-by: Pedro Ruivo <pruivo@redhat.com>
2024-04-20 18:30:24 +02:00
Pedro Ruivo
3e0a185070 Remove deprecated EnvironmentDependentProviderFactory.isSupported method
Closes #26280

Signed-off-by: Pedro Ruivo <pruivo@redhat.com>
2024-04-19 16:36:49 +02:00
Pascal Knüppel
ef45629df4
Add docs for transient-users how to prevent profile-review (#28889)
Signed-off-by: Captain-P-Goldfish <captain.p.goldfish@gmx.de>

#relatesTo https://github.com/keycloak/keycloak/discussions/26637
2024-04-18 23:49:51 +02:00
Ricardo Martin
fc6b6f0d94
Perform exact string match if redirect URI contains userinfo, encoded slashes or parent access (#131) (#28872)
Closes keycloak/keycloak-private#113
Closes keycloak/keycloak-private#134

Signed-off-by: rmartinc <rmartinc@redhat.com>
Co-authored-by: Stian Thorgersen <stianst@gmail.com>
2024-04-18 16:02:24 +02:00
Martin Bartoš
7f74286106 Emphasize the need for setting container limit
Closes #28729

Signed-off-by: Martin Bartoš <mabartos@redhat.com>
2024-04-18 15:44:27 +02:00
Thomas Darimont
eb2936f655 Add note about using groups with transient-users
Document an additional approach for managing user-roles for transient-users via groups.

Signed-off-by: Thomas Darimont <thomas.darimont@googlemail.com>
2024-04-18 14:49:18 +02:00
rmartinc
ddacfbdefd Remove deprecated LinkedIn social provider
Closes #23127

Signed-off-by: rmartinc <rmartinc@redhat.com>
2024-04-18 10:10:58 +02:00
Peter Zaoral
e7dd5c1991
Hostname:v2 docs (#28123)
* hostname.adoc now contains the new hostname guide
* the old hostname is now available under hostname-deprecated.adoc

Closes: #27729

Signed-off-by: Peter Zaoral <pzaoral@redhat.com>
2024-04-17 09:31:14 +02:00
Martin Bartoš
1fb83bb165
Release notes and Migration guide for Hostname v2 (#28621)
Closes #27730

Signed-off-by: Martin Bartoš <mabartos@redhat.com>
Co-authored-by: Václav Muzikář <vmuzikar@redhat.com>
Co-authored-by: Peter Zaoral <pzaoral@redhat.com>
2024-04-17 09:29:59 +02:00
Alexander Schwartz
5b4a69a6e9 Limit the concurrency of password hashing to the number of CPU cores available
Closes #28477

Signed-off-by: Alexander Schwartz <aschwart@redhat.com>
2024-04-15 15:05:09 +02:00
Steven Hawkins
58398d1f69
fix: replaces aesh with picocli (#28276)
* fix: replaces aesh with picocli

closes: #28275

Signed-off-by: Steve Hawkins <shawkins@redhat.com>

* fix: replaces aesh with picocli

closes: #28275

Signed-off-by: Steve Hawkins <shawkins@redhat.com>

---------

Signed-off-by: Steve Hawkins <shawkins@redhat.com>
2024-04-15 13:04:58 +00:00
Christopher Miles
1646315939 Deny list lower cases all passwords when loading from file
Closes #28381

We always lower case the inbound password before comparing against the deny list
yet the deny list may contain passwords that contain upper case letters. With
this change we will now convert passwords from the deny list into lower case
while loading, ensuring that more passwords match the deny list.

Signed-off-by: Christopher Miles <twitch@nervestaple.com>
2024-04-15 08:49:37 +02:00