Pedro Ruivo
3de5357091
CLI options to disable encryption and authentication to external Infinispan
...
Closes #28750
Signed-off-by: Pedro Ruivo <pruivo@redhat.com>
2024-04-20 18:30:24 +02:00
Pedro Ruivo
3e0a185070
Remove deprecated EnvironmentDependentProviderFactory.isSupported method
...
Closes #26280
Signed-off-by: Pedro Ruivo <pruivo@redhat.com>
2024-04-19 16:36:49 +02:00
Pascal Knüppel
ef45629df4
Add docs for transient-users how to prevent profile-review ( #28889 )
...
Signed-off-by: Captain-P-Goldfish <captain.p.goldfish@gmx.de>
#relatesTo https://github.com/keycloak/keycloak/discussions/26637
2024-04-18 23:49:51 +02:00
Ricardo Martin
fc6b6f0d94
Perform exact string match if redirect URI contains userinfo, encoded slashes or parent access ( #131 ) ( #28872 )
...
Closes keycloak/keycloak-private#113
Closes keycloak/keycloak-private#134
Signed-off-by: rmartinc <rmartinc@redhat.com>
Co-authored-by: Stian Thorgersen <stianst@gmail.com>
2024-04-18 16:02:24 +02:00
Martin Bartoš
7f74286106
Emphasize the need for setting container limit
...
Closes #28729
Signed-off-by: Martin Bartoš <mabartos@redhat.com>
2024-04-18 15:44:27 +02:00
Thomas Darimont
eb2936f655
Add note about using groups with transient-users
...
Document an additional approach for managing user-roles for transient-users via groups.
Signed-off-by: Thomas Darimont <thomas.darimont@googlemail.com>
2024-04-18 14:49:18 +02:00
rmartinc
ddacfbdefd
Remove deprecated LinkedIn social provider
...
Closes #23127
Signed-off-by: rmartinc <rmartinc@redhat.com>
2024-04-18 10:10:58 +02:00
Peter Zaoral
e7dd5c1991
Hostname:v2 docs ( #28123 )
...
* hostname.adoc now contains the new hostname guide
* the old hostname is now available under hostname-deprecated.adoc
Closes : #27729
Signed-off-by: Peter Zaoral <pzaoral@redhat.com>
2024-04-17 09:31:14 +02:00
Martin Bartoš
1fb83bb165
Release notes and Migration guide for Hostname v2 ( #28621 )
...
Closes #27730
Signed-off-by: Martin Bartoš <mabartos@redhat.com>
Co-authored-by: Václav Muzikář <vmuzikar@redhat.com>
Co-authored-by: Peter Zaoral <pzaoral@redhat.com>
2024-04-17 09:29:59 +02:00
Alexander Schwartz
5b4a69a6e9
Limit the concurrency of password hashing to the number of CPU cores available
...
Closes #28477
Signed-off-by: Alexander Schwartz <aschwart@redhat.com>
2024-04-15 15:05:09 +02:00
Steven Hawkins
58398d1f69
fix: replaces aesh with picocli ( #28276 )
...
* fix: replaces aesh with picocli
closes : #28275
Signed-off-by: Steve Hawkins <shawkins@redhat.com>
* fix: replaces aesh with picocli
closes : #28275
Signed-off-by: Steve Hawkins <shawkins@redhat.com>
---------
Signed-off-by: Steve Hawkins <shawkins@redhat.com>
2024-04-15 13:04:58 +00:00
Christopher Miles
1646315939
Deny list lower cases all passwords when loading from file
...
Closes #28381
We always lower case the inbound password before comparing against the deny list
yet the deny list may contain passwords that contain upper case letters. With
this change we will now convert passwords from the deny list into lower case
while loading, ensuring that more passwords match the deny list.
Signed-off-by: Christopher Miles <twitch@nervestaple.com>
2024-04-15 08:49:37 +02:00
Marek Posolda
e6747bfd23
Adjust priority of SubMapper ( #28663 )
...
closes #28661
Co-authored-by: andymunro <48995441+andymunro@users.noreply.github.com>
2024-04-12 14:13:03 +02:00
Martin Bartoš
a3669a6562
Make general cache options runtime ( #28542 )
...
Closes #27549
Signed-off-by: Martin Bartoš <mabartos@redhat.com>
2024-04-12 11:56:11 +02:00
rmartinc
6d74e6b289
Escape slashes in full group path representation but disabled by default
...
Closes #23900
Signed-off-by: rmartinc <rmartinc@redhat.com>
2024-04-12 10:53:39 +02:00
Niko Köbler
67e4015f67
improve doc for transient users
...
adding a note to pay attention especially to the default-roles
Signed-off-by: Niko Köbler <niko@n-k.de>
2024-04-12 10:50:30 +02:00
Marek Posolda
74faddec8e
Release notes for lightweight access tokens and group together relate… ( #28622 )
...
closes #28460
Signed-off-by: mposolda <mposolda@gmail.com>
Co-authored-by: andymunro <48995441+andymunro@users.noreply.github.com>
2024-04-11 20:02:33 +02:00
Jon Koops
9b94b6f47e
Add release notes for changes to Account and Admin consoles ( #28545 )
...
Signed-off-by: Jon Koops <jonkoops@gmail.com>
2024-04-11 08:42:08 +02:00
Marek Posolda
13daaa55ba
Documentation for changes related to 'You are already logged in' scen… ( #28595 )
...
closes #27879
Signed-off-by: mposolda <mposolda@gmail.com>
Co-authored-by: andymunro <48995441+andymunro@users.noreply.github.com>
2024-04-11 08:18:41 +02:00
Giuseppe Graziano
33b747286e
Changed userId value for refresh token events
...
Closes #28567
Signed-off-by: Giuseppe Graziano <g.graziano94@gmail.com>
2024-04-11 07:46:44 +02:00
Václav Muzikář
33f580daa4
Hostname v2 for Operator ( #28599 )
...
Closes #27728
Signed-off-by: Václav Muzikář <vmuzikar@redhat.com>
2024-04-10 18:56:47 +02:00
Giuseppe Graziano
c76cbc94d8
Add sub via protocol mapper to access token
...
Closes #21185
Signed-off-by: Giuseppe Graziano <g.graziano94@gmail.com>
2024-04-10 10:40:42 +02:00
Martin Bartoš
b2c88e9876
docs: Support management port for health and metrics ( #28213 )
...
Relates to #19334
Signed-off-by: Martin Bartoš <mabartos@redhat.com>
Co-authored-by: Alexander Schwartz <aschwart@redhat.com>
Co-authored-by: Václav Muzikář <vmuzikar@redhat.com>
2024-04-09 14:33:30 +02:00
Alexander Schwartz
3ba9a905c9
Provide histograms for http server metrics
...
Closes #28178
Co-authored-by: Martin Bartoš <mabartos@redhat.com>
Signed-off-by: Martin Bartoš <mabartos@redhat.com>
Signed-off-by: Alexander Schwartz <aschwart@redhat.com>
2024-04-09 12:52:42 +02:00
Stian Thorgersen
a499512f35
Set SameSite for all cookies ( #28467 )
...
Closes #28465
Signed-off-by: stianst <stianst@gmail.com>
2024-04-09 12:29:19 +02:00
Steve Hawkins
9afe3a2560
fix: changing max threads default
...
closes : #17483
Signed-off-by: Steve Hawkins <shawkins@redhat.com>
2024-04-09 12:14:56 +02:00
Václav Muzikář
e4987f10f5
Hostname SPI v2 ( #26345 )
...
* Hostname SPI v2
Closes : #26084
Signed-off-by: Václav Muzikář <vmuzikar@redhat.com>
* Fix HostnameV2DistTest#testServerFailsToStartWithoutHostnameSpecified
Signed-off-by: Václav Muzikář <vmuzikar@redhat.com>
* Address review comment
Signed-off-by: Václav Muzikář <vmuzikar@redhat.com>
* Partially revert the previous fix
Signed-off-by: Václav Muzikář <vmuzikar@redhat.com>
* Do not polish values
Signed-off-by: Václav Muzikář <vmuzikar@redhat.com>
* Remove filtering of denied categories
Signed-off-by: Václav Muzikář <vmuzikar@redhat.com>
---------
Signed-off-by: Václav Muzikář <vmuzikar@redhat.com>
2024-04-09 11:25:19 +02:00
Martin Bartoš
9c1790af68
Enable Syslog log handler ( #28462 )
...
* Enable syslog log handler
Closes #27544
Signed-off-by: Martin Bartoš <mabartos@redhat.com>
* Suggest an alternative to GELF
Signed-off-by: Martin Bartoš <mabartos@redhat.com>
---------
Signed-off-by: Martin Bartoš <mabartos@redhat.com>
2024-04-08 17:38:20 +02:00
Pedro Igor
52ba9b4b7f
Make sure attribute metadata from user storage providers are added only for the provider associated with a federated user
...
Closes #28248
Signed-off-by: Pedro Igor <pigor.craveiro@gmail.com>
2024-04-08 09:05:16 -03:00
Giuseppe Graziano
b4f791b632
Remove session_state from tokens
...
Closes #27624
Signed-off-by: Giuseppe Graziano <g.graziano94@gmail.com>
2024-04-08 08:12:51 +02:00
Stian Thorgersen
b9feaec38e
Ignore all links to GitHub when checking external links in docs due to rate limiting issues ( #28472 )
...
Closes #28330
Signed-off-by: stianst <stianst@gmail.com>
2024-04-05 15:36:38 +02:00
Pedro Igor
8fb6d43e07
Do not export ids when exporting authorization settings
...
Closes #25975
Co-authored-by: 박시준 <sjpark@logblack.com>
Signed-off-by: Pedro Igor <pigor.craveiro@gmail.com>
2024-04-04 19:26:03 +02:00
Ryan Emerson
71eacdc1c5
Update HA Guide now that non-XA mode is the default. Fixes #28142
...
Signed-off-by: Ryan Emerson <remerson@redhat.com>
2024-04-04 13:15:42 +02:00
Ryan Emerson
9bf131b5fb
HA guide erroneously refers to AWS Global Accelerator. Fixes #28174
...
Signed-off-by: Ryan Emerson <remerson@redhat.com>
2024-04-04 13:15:42 +02:00
Alexander Schwartz
c1a471755d
Fix lists to be rendered as expected
...
Closes #28377
Signed-off-by: Alexander Schwartz <aschwart@redhat.com>
2024-04-04 11:16:57 +02:00
Alexander Schwartz
1d204e77a4
Fix source highlighting for log output ( #28375 )
...
Closes #28374
Signed-off-by: Alexander Schwartz <aschwart@redhat.com>
2024-04-03 08:32:48 +02:00
Clemens Zagler
b44252fde9
authz/client: Fix getPermissions returning wrong type
...
Due to an issue with runtime type erasure, getPermissions returned a
List<LinkedHashSet> instead of List<Permission>.
Fixed and added test to catch this
Closes #16520
Signed-off-by: Clemens Zagler <c.zagler@noi.bz.it>
2024-04-02 11:09:43 -03:00
Giuseppe Graziano
fe06df67c2
New default client scope for 'basic' claims with 'auth_time' protocol mapper
...
Closes #27623
Signed-off-by: Giuseppe Graziano <g.graziano94@gmail.com>
2024-04-02 08:44:28 +02:00
Steven Hawkins
e9ad9d0564
fix: replace aesh with picocli ( #27458 )
...
* fix: replace aesh with picocli
closes : #27388
Signed-off-by: Steve Hawkins <shawkins@redhat.com>
* Update integration/client-cli/admin-cli/src/main/java/org/keycloak/client/admin/cli/commands/AbstractRequestCmd.java
Co-authored-by: Martin Bartoš <mabartos@redhat.com>
* splitting the error handling for password input
Signed-off-by: Steve Hawkins <shawkins@redhat.com>
* adding a change note about kcadm
Signed-off-by: Steve Hawkins <shawkins@redhat.com>
* Update docs/documentation/upgrading/topics/changes/changes-25_0_0.adoc
Co-authored-by: Martin Bartoš <mabartos@redhat.com>
---------
Signed-off-by: Steve Hawkins <shawkins@redhat.com>
Co-authored-by: Martin Bartoš <mabartos@redhat.com>
2024-03-28 14:34:06 +01:00
Gilvan Filho
757c524cc5
Password policy for not having username in the password
...
closes #27643
Signed-off-by: Gilvan Filho <gfilho@redhat.com>
2024-03-28 08:29:03 +01:00
Alexander Schwartz
305dd5812e
Make use of attributes consistent between old docs and new guides
...
Closes #28215
Signed-off-by: Alexander Schwartz <aschwart@redhat.com>
2024-03-26 17:07:54 +01:00
Stian Thorgersen
c3a98ae387
Use Argon2 as default password hashing algorithm ( #28162 )
...
Closes #28161
Signed-off-by: stianst <stianst@gmail.com>
2024-03-22 13:04:14 +00:00
rmartinc
d4da0c816c
Upgrading note to warn truststore changes affect webauthn registration
...
Closes #28113
Signed-off-by: rmartinc <rmartinc@redhat.com>
2024-03-22 10:58:48 +01:00
Steven Hawkins
619775b8db
fix: simplifies the parsing routine, which accounts for leading 0's ( #28102 )
...
closes : #27839
Signed-off-by: Steve Hawkins <shawkins@redhat.com>
2024-03-22 09:19:52 +01:00
Steven Hawkins
6cc66109d5
doc: add keycloak cr truststores ( #28015 )
...
closes : #27892
Signed-off-by: Steve Hawkins <shawkins@redhat.com>
2024-03-22 08:27:15 +01:00
Stian Thorgersen
3f9cebca39
Ability to set the default provider for an SPI ( #28135 )
...
Closes #28134
Signed-off-by: stianst <stianst@gmail.com>
2024-03-22 07:45:08 +01:00
Stian Thorgersen
cae92cbe8c
Argon2 password hashing provider ( #28031 )
...
Closes #28030
Signed-off-by: stianst <stianst@gmail.com>
2024-03-22 07:08:09 +01:00
andymunro
8602b4f9cf
Edits to Operator Guide
...
Closes #28009
Signed-off-by: AndyMunro <amunro@redhat.com>
Signed-off-by: Alexander Schwartz <aschwart@redhat.com>
Co-authored-by: Alexander Schwartz <aschwart@redhat.com>
2024-03-21 17:44:44 +00:00
Steven Hawkins
cbe185fbab
doc: add a note about lack of other JAX-RS support ( #28048 )
...
closes : #27057
Signed-off-by: Steve Hawkins <shawkins@redhat.com>
2024-03-21 16:59:22 +01:00
Steven Hawkins
7eab019748
task: deprecate WILDCARD and STRICT options ( #26833 )
...
closes : #24893
Signed-off-by: Steve Hawkins <shawkins@redhat.com>
2024-03-21 16:22:41 +01:00
Alexander Schwartz
c4fdf1cee7
Enable HTTP metrics for Keycloak by default ( #28088 )
...
Closes #27924
Signed-off-by: Alexander Schwartz <aschwart@redhat.com>
2024-03-21 16:18:03 +01:00
Steve Hawkins
91c89c28e7
fix: changes xa transaction related defaults
...
xa is not enabled by default
recovery is enabled by default
closes #27308
Signed-off-by: Steve Hawkins <shawkins@redhat.com>
2024-03-21 16:01:19 +01:00
Sebastian Schuster
0542554984
12671 querying by user attribute no longer forces case insensitivity for keys
...
Signed-off-by: Sebastian Schuster <sebastian.schuster@bosch.io>
2024-03-21 08:35:29 -03:00
Pedro Ruivo
2387549308
Upgrade Infinispan to 14.0.27.Final
...
Closes #28033
Signed-off-by: Pedro Ruivo <pruivo@redhat.com>
2024-03-19 11:18:42 +01:00
Alexander Schwartz
fbdb2ed9f7
Updated performance impact due to changed hashing
...
Fixes #27900
Signed-off-by: Alexander Schwartz <aschwart@redhat.com>
2024-03-19 09:30:49 +01:00
AndyMunro
d61b1ddb09
Edit use of Keycloak in Server Admin Guide
...
Closes #27955
Signed-off-by: AndyMunro <amunro@redhat.com>
2024-03-18 09:51:55 +01:00
AndyMunro
0e5d685cd3
Revise use of Keycloak term
...
Closes #27953
Signed-off-by: AndyMunro <amunro@redhat.com>
2024-03-18 09:50:26 +01:00
Alexander Schwartz
4bbe4705d4
Remove http metrics from the docs as they are not available in the current release ( #27926 )
...
Fixes #27925
Signed-off-by: Alexander Schwartz <aschwart@redhat.com>
2024-03-15 17:57:56 +01:00
Alexander Schwartz
62d24216e3
Remove offline session preloading
...
Closes #27602
Signed-off-by: Alexander Schwartz <aschwart@redhat.com>
2024-03-15 15:19:27 +01:00
Stian Thorgersen
2bddfe7380
Remove log4j from documentation tests ( #27929 )
...
Signed-off-by: stianst <stianst@gmail.com>
2024-03-15 15:06:24 +01:00
AndyMunro
e40227fa50
Address comments on Securing Apps
...
Closes #27867
Signed-off-by: AndyMunro <amunro@redhat.com>
2024-03-15 13:04:05 +01:00
Stian Thorgersen
81f3f211f3
Delete all deprecated and unmaintained examples ( #27855 )
...
Signed-off-by: stianst <stianst@gmail.com>
2024-03-15 07:24:20 +01:00
Steven Hawkins
1cc1911ec3
doc: adding a note about repairing a corrupted classloading index ( #27906 )
...
relates to: #26396
Signed-off-by: Steve Hawkins <shawkins@redhat.com>
2024-03-14 16:47:07 +01:00
larsw
42244d2a67
doc/token-exchange.adoc: issuer claim -> iss claim ( #27018 )
...
Fixed a typo in the text.
2024-03-14 13:37:40 +01:00
Pedro Ruivo
a5634b201c
Use new remote-store options in HA guides
...
Fixes #27508
Signed-off-by: Pedro Ruivo <pruivo@redhat.com>
Signed-off-by: Alexander Schwartz <aschwart@redhat.com>
Co-authored-by: Alexander Schwartz <aschwart@redhat.com>
2024-03-14 12:47:35 +01:00
andymunro
be29be6741
Edit Keycloak 23 part of Upgrading Guide
...
Closes #27484
Signed-off-by: AndyMunro <amunro@redhat.com>
2024-03-14 11:03:58 +01:00
mposolda
1f80f561db
Update version of bctls-fips in the docs
...
closes #27882
Signed-off-by: mposolda <mposolda@gmail.com>
2024-03-14 08:58:34 +01:00
Stefan Guilhen
be6f0bc520
Add a section on the admin console partial import/export capability
...
Closes #25490
Signed-off-by: Stefan Guilhen <sguilhen@redhat.com>
Signed-off-by: Alexander Schwartz <aschwart@redhat.com>
Signed-off-by: andymunro <48995441+andymunro@users.noreply.github.com>
Co-authored-by: Alexander Schwartz <aschwart@redhat.com>
Co-authored-by: andymunro <48995441+andymunro@users.noreply.github.com>
2024-03-14 08:50:54 +01:00
Alexander Schwartz
1788cf2b09
Enable Infinispan metrics automatically if overall metrics are enabled
...
Closes #27724
Signed-off-by: Alexander Schwartz <aschwart@redhat.com>
2024-03-13 18:55:45 +01:00
Ryan Emerson
a32808e8eb
Upgrade to Infinispan 14.0.26.Final
...
Closes #27871
Signed-off-by: Ryan Emerson <remerson@redhat.com>
Signed-off-by: Alexander Schwartz <aschwart@redhat.com>
Co-authored-by: Alexander Schwartz <aschwart@redhat.com>
2024-03-13 17:24:20 +00:00
Alexander Schwartz
6de5325d1c
Limit the received content when handling the content as a String
...
Closes #27293
Co-authored-by: rmartinc <rmartinc@redhat.com>
Signed-off-by: rmartinc <rmartinc@redhat.com>
Signed-off-by: Alexander Schwartz <aschwart@redhat.com>
2024-03-13 16:43:03 +01:00
Steven Hawkins
e22148043b
doc: mention that the split package warning may not happen ( #27789 )
...
closes : #26396
Signed-off-by: Steve Hawkins <shawkins@redhat.com>
2024-03-13 14:57:20 +01:00
Stian Thorgersen
1f772d2957
Move authenticator example to quickstarts ( #27850 )
...
Signed-off-by: stianst <stianst@gmail.com>
2024-03-13 11:52:29 +00:00
stianst
15717cc152
Remove deprecated cookie code
...
Closes #26813
Signed-off-by: stianst <stianst@gmail.com>
2024-03-12 17:24:14 +01:00
Alexander Schwartz
967ceddfbb
Fixing downstream documentation build ( #27781 )
...
Closes #27780
Signed-off-by: Alexander Schwartz <aschwart@redhat.com>
2024-03-12 08:37:41 +01:00
andymunro
66cffca3d4
Simplify Upgrade Guide structure
...
Closes #27632
Signed-off-by: AndyMunro <amunro@redhat.com>
Signed-off-by: Alexander Schwartz <aschwart@redhat.com>
Co-authored-by: Alexander Schwartz <aschwart@redhat.com>
2024-03-11 16:22:46 +01:00
Alexander Schwartz
050acf0d94
Map Storage Removal: Remove deprecated model/legacy module ( #27601 )
...
Closes #26657
Signed-off-by: Alexander Schwartz <aschwart@redhat.com>
2024-03-08 15:17:24 +00:00
Martin Bartoš
c5553b46b4
Update Welcome page image in docs
...
Closes #27719
Signed-off-by: Martin Bartoš <mabartos@redhat.com>
2024-03-08 15:00:36 +01:00
Martin Bartoš
e4aa1b5f95
Conditionally enable and disable CLI options ( #25333 )
...
* Conditionally enable and disable CLI options
Closes #13113
Signed-off-by: Martin Bartoš <mabartos@redhat.com>
* Support for duplicates in config
Signed-off-by: Martin Bartoš <mabartos@redhat.com>
* Fix rendering config options in docs
Fixes #26515
Signed-off-by: Martin Bartoš <mabartos@redhat.com>
* Reorder OptionsDistTest
Signed-off-by: Martin Bartoš <mabartos@redhat.com>
---------
Signed-off-by: Martin Bartoš <mabartos@redhat.com>
2024-03-07 20:36:43 +00:00
rmartinc
dea15e25da
Only add the nonce claim to the ID Token (mapper for backwards compatibility)
...
Closes #26893
Signed-off-by: rmartinc <rmartinc@redhat.com>
2024-03-07 09:56:57 +01:00
Alexander Schwartz
fa12b14a32
Update docs about when emails for changed credentials are sent
...
Closes #27620
Co-authored-by: andymunro <48995441+andymunro@users.noreply.github.com>
Signed-off-by: Alexander Schwartz <aschwart@redhat.com>
Signed-off-by: andymunro <48995441+andymunro@users.noreply.github.com>
2024-03-07 07:16:16 +01:00
Václav Muzikář
43727aa10f
Clarify format of keys in additionalOptions
field in the Keycloak CR ( #27435 )
...
Closes #27433
Signed-off-by: Václav Muzikář <vmuzikar@redhat.com>
2024-03-06 17:10:41 +01:00
Alexander Schwartz
2199d37879
Add multi-site active-passive support to the release notes ( #27575 )
...
Closes #27573
Signed-off-by: Alexander Schwartz <aschwart@redhat.com>
2024-03-06 12:59:22 +01:00
Alexander Schwartz
4b697009d3
Clean up feature IDs in the docs ( #27418 )
...
Closes #27416
Signed-off-by: Alexander Schwartz <aschwart@redhat.com>
2024-03-06 12:32:06 +01:00
Pedro Igor
d12711e858
Allow fetching roles when evaluating role licies
...
Closes #20736
Signed-off-by: Pedro Igor <pigor.craveiro@gmail.com>
2024-03-05 15:54:02 +01:00
Alexander Schwartz
aec6020750
URL change as liquibase.org now redirects
...
Closes #27540
Signed-off-by: Alexander Schwartz <aschwart@redhat.com>
2024-03-05 13:24:12 +01:00
Ryan Emerson
244ecd45a7
Upgrade to Aurora Postgres 15.5
...
Closes #27509
Signed-off-by: Ryan Emerson <remerson@redhat.com>
2024-03-05 10:29:20 +01:00
Stian Thorgersen
d48ef8b507
Added release notes for 24.0.1 ( #27524 )
...
Signed-off-by: stianst <stianst@gmail.com>
2024-03-05 08:46:10 +01:00
Vojtěch Mareš
8230655880
docs(cpu and memory sizing): typo GB -> MB
...
Closes #27504
Signed-off-by: Vojtech Mares <iam@vojtechmares.com>
2024-03-04 16:12:29 +01:00
AndyMunro
a4a6b4f015
Edit HA guide
...
Closes #27481
Signed-off-by: AndyMunro <amunro@redhat.com>
2024-03-04 13:10:23 +01:00
Stian Thorgersen
d875a8f2b7
Delete broken images from release notes ( #27492 )
...
Signed-off-by: stianst <stianst@gmail.com>
2024-03-04 12:47:03 +01:00
Lucy Linder
84d48a9877
Update documentation for reCAPTCHA support
...
Signed-off-by: Lucy Linder <lucy.derlin@gmail.com>
2024-03-04 20:28:06 +09:00
Marek Posolda
f1e7c572da
Release notes 24: default password hashing updates ( #27475 )
...
Signed-off-by: mposolda <mposolda@gmail.com>
2024-03-04 09:55:03 +01:00
AndyMunro
14a12d106a
Edit Keycloak 23.x release notes
...
Closes #27440
Signed-off-by: AndyMunro <amunro@redhat.com>
2024-03-02 21:20:58 +01:00
AndyMunro
405feb0bc2
Edit Keycloak 24 changes chapter
...
Closes 27452
Signed-off-by: AndyMunro <amunro@redhat.com>
2024-03-02 21:11:35 +01:00
Michal Hajas
87993905c8
Minor HA guide fixes ( #27436 )
...
Signed-off-by: Michal Hajas <mhajas@redhat.com>
2024-03-01 20:28:59 +01:00
Steven Hawkins
c2596849f9
doc: adding a note about not conflicting with built-in stuff ( #27214 )
...
closes : #24459
Signed-off-by: Steve Hawkins <shawkins@redhat.com>
2024-03-01 14:34:16 +01:00
Václav Muzikář
3e3cb2222d
Deprecate GELF ( #27367 )
...
Closes #27364
Signed-off-by: Václav Muzikář <vmuzikar@redhat.com>
2024-02-29 12:07:28 +01:00
Takashi Norimatsu
3db04d8d8d
Replace Security Key with Passkey in WebAuthn UIs and their documents
...
closes #27147
Signed-off-by: Takashi Norimatsu <takashi.norimatsu.ws@hitachi.com>
2024-02-29 10:31:05 +01:00
Marek Posolda
8dd0eb451d
Additional release notes for Keycloak 24 ( #27339 )
...
closes #27142
Signed-off-by: mposolda <mposolda@gmail.com>
Co-authored-by: andymunro <48995441+andymunro@users.noreply.github.com>
2024-02-29 08:43:22 +01:00
Michal Hajas
d7c6464ad6
Update the HA guide with the workaround for ISPN-15758
...
Closes #27353
Signed-off-by: Michal Hajas <mhajas@redhat.com>
Signed-off-by: Alexander Schwartz <aschwart@redhat.com>
Co-authored-by: Alexander Schwartz <aschwart@redhat.com>
2024-02-28 15:56:15 +00:00
Vlasta Ramik
ade3b31a91
Introduce new CLI config options for Infinispan remote store
...
Closes #25676
Signed-off-by: vramik <vramik@redhat.com>
Signed-off-by: Pedro Ruivo <pruivo@redhat.com>
Signed-off-by: Alexander Schwartz <aschwart@redhat.com>
Co-authored-by: Pedro Ruivo <pruivo@redhat.com>
Co-authored-by: Alexander Schwartz <aschwart@redhat.com>
2024-02-28 15:49:19 +00:00
andymunro
773bebbc2b
Change docker image to container image ( #27317 )
...
Closes #27315
2024-02-28 13:43:26 +01:00
Alexander Schwartz
3950b4ed46
Cleaning old product documentation from the upstream documentation
...
Closes #27324
Signed-off-by: Alexander Schwartz <aschwart@redhat.com>
2024-02-28 13:30:39 +01:00
AndyMunro
941e7cc3a5
notes about access and refresh tokens
...
Closes #26919
Signed-off-by: AndyMunro <amunro@redhat.com>
2024-02-28 12:12:48 +01:00
AndyMunro
ca0526f54d
Edit Keycloak 24 release notes
...
Closes #27326
Signed-off-by: AndyMunro <amunro@redhat.com>
2024-02-28 10:43:17 +01:00
Stian Thorgersen
693aa1710f
Added documentation for bug triage process ( #27227 )
...
Signed-off-by: stianst <stianst@gmail.com>
2024-02-28 09:41:52 +01:00
Alexander Schwartz
6de61f61f0
Adding missing explicit IDs for cross-references
...
Closes #27316
Signed-off-by: Alexander Schwartz <aschwart@redhat.com>
2024-02-28 08:37:52 +01:00
Michal Hajas
eadd1c45c4
Document using AWS JDBC Wrapper in HA guide
...
Closes #27211
Signed-off-by: Michal Hajas <mhajas@redhat.com>
Signed-off-by: Alexander Schwartz <aschwart@redhat.com>
Co-authored-by: Alexander Schwartz <aschwart@redhat.com>
2024-02-26 12:15:04 +00:00
Gilvan Filho
83af01c4c0
Add failedLoginNotBefore to AttackDetectionResource
...
Closes #17574
Signed-off-by: Gilvan Filho <gfilho@redhat.com>
2024-02-26 09:35:51 +01:00
Pedro Igor
b98e115183
Updating docs and account message
...
Signed-off-by: Pedro Igor <pigor.craveiro@gmail.com>
2024-02-22 22:58:22 +09:00
Pedro Igor
604274fb76
Allow setting an attribute as multivalued
...
Closes #23539
Signed-off-by: Pedro Igor <pigor.craveiro@gmail.com>
Co-authored-by: Jon Koops <jonkoops@gmail.com>
Co-authored-by: Erik Jan de Wit <erikjan.dewit@gmail.com>
2024-02-22 12:56:44 +01:00
Takashi Norimatsu
1e12b15890
Supporting OAuth 2.1 for public clients
...
closes #25316
Co-authored-by: shigeyuki kabano <shigeyuki.kabano.sj@hitachi.com>
Signed-off-by: Takashi Norimatsu <takashi.norimatsu.ws@hitachi.com>
2024-02-22 10:57:29 +01:00
Douglas Palmer
b0ef746f39
Permanently lock users out after X temporary lockouts during a brute force attack
...
Closes #26172
Signed-off-by: Douglas Palmer <dpalmer@redhat.com>
2024-02-22 09:34:51 +01:00
Takashi Norimatsu
9ea679ff35
Supporting OAuth 2.1 for confidential clients
...
closes #25314
Co-authored-by: shigeyuki kabano <shigeyuki.kabano.sj@hitachi.com>
Signed-off-by: Takashi Norimatsu <takashi.norimatsu.ws@hitachi.com>
2024-02-22 08:34:21 +01:00
Alexander Schwartz
25f2b52afd
Remove the preview note from Keycloak's HA guide
...
Closes #27084
Signed-off-by: Alexander Schwartz <aschwart@redhat.com>
2024-02-21 19:59:15 +01:00
Jon Koops
89af9e3ffd
Write announcement and documentation for Account Console v3 ( #26318 )
...
Closes #26122
Signed-off-by: Jon Koops <jonkoops@gmail.com>
2024-02-21 13:42:33 -05:00
Alexander Schwartz
5f56a9b356
Keycloak users should not need to understand the depths of Quarkus configuration to implement Keycloak HA ( #27122 )
...
Closes #27121
Signed-off-by: Alexander Schwartz <aschwart@redhat.com>
2024-02-21 13:49:14 +01:00
Alexander Schwartz
3b6886d970
Add warning about too long attribute values as it can exhaust caches ( #27126 )
...
Closes #27125
Signed-off-by: Alexander Schwartz <aschwart@redhat.com>
2024-02-21 13:47:58 +01:00
Václav Muzikář
33425dacd9
Add proxy-headers
option to the Keycloak CR ( #27092 )
...
Closes #25179
Signed-off-by: Václav Muzikář <vmuzikar@redhat.com>
2024-02-21 12:19:37 +01:00
Václav Muzikář
de60c9b469
Tweak the default memory request and limit in the Operator ( #27170 )
...
Closes #27169
Signed-off-by: Václav Muzikář <vmuzikar@redhat.com>
2024-02-21 10:03:17 +01:00
Takashi Norimatsu
1bdbaa2ca5
Client policies: executor for validate and match a redirect URI
...
closes #25637
Signed-off-by: Takashi Norimatsu <takashi.norimatsu.ws@hitachi.com>
2024-02-20 08:37:33 +01:00
Joshua Sorah
018914d7fd
Change Open ID Connect to OpenID Connect in UI and docs
...
Closes #27093
Signed-off-by: Joshua Sorah <jsorah@redhat.com>
2024-02-19 17:01:57 +01:00
Václav Muzikář
fb49c21f90
Fix docs around --config-file
option ( #27129 )
...
Closes #22540
Signed-off-by: Václav Muzikář <vmuzikar@redhat.com>
2024-02-19 15:13:09 +01:00
Takashi Norimatsu
849a920955
Rename Resident key to Discoverable Credential
...
closes #9508
Signed-off-by: Takashi Norimatsu <takashi.norimatsu.ws@hitachi.com>
2024-02-19 14:12:15 +01:00
Alexander Schwartz
5f797e3e71
Update Keycloak HA Guide new resource limit settings ( #27079 )
...
Closes #27078
Signed-off-by: Alexander Schwartz <aschwart@redhat.com>
2024-02-19 10:41:49 +01:00
Alexander Schwartz
7135b4ec4c
Add Amazon Aurora PostgreSQL to the list of tested databases ( #27049 )
...
Closes #27048
Signed-off-by: Alexander Schwartz <aschwart@redhat.com>
2024-02-19 09:16:49 +01:00
Marek Posolda
d8ab12eab7
Release notes for Keycloak 24 with OIDC contributions ( #27047 )
...
closes #25729
Signed-off-by: mposolda <mposolda@gmail.com>
Co-authored-by: andymunro <48995441+andymunro@users.noreply.github.com>
2024-02-16 08:34:20 +01:00
Vlasta Ramik
76453550a5
User attribute value length extension
...
Closes #9758
Signed-off-by: vramik <vramik@redhat.com>
Signed-off-by: Alexander Schwartz <aschwart@redhat.com>
Signed-off-by: Michal Hajas <mhajas@redhat.com>
Co-authored-by: Alexander Schwartz <aschwart@redhat.com>
Co-authored-by: Michal Hajas <mhajas@redhat.com>
2024-02-16 08:09:34 +01:00
Martin Bartoš
59007844d9
Supported option to specify resource management for pods in Keycloak CR ( #26661 )
...
Closes #26456
Signed-off-by: Martin Bartoš <mabartos@redhat.com>
2024-02-15 13:38:41 +01:00
rmartinc
4ff4c3f897
Increase internal algorithm security using HS512 and 128 byte hmac keys
...
Closes #13080
Signed-off-by: rmartinc <rmartinc@redhat.com>
2024-02-15 08:16:45 +01:00
Marek Posolda
16fca0118e
User profile - release notes and more migration instructions ( #27003 )
...
closes #26917
closes #26932
Signed-off-by: mposolda <mposolda@gmail.com>
Co-authored-by: Pedro Igor <pigor.craveiro@gmail.com>
Co-authored-by: andymunro <48995441+andymunro@users.noreply.github.com>
2024-02-15 08:14:16 +01:00
Marek Posolda
e2fb8406a3
Fixing the docs about default hashing iterations ( #27020 )
...
closes #26816
Signed-off-by: mposolda <mposolda@gmail.com>
Co-authored-by: andymunro <48995441+andymunro@users.noreply.github.com>
2024-02-15 08:11:44 +01:00
Joshua Sorah
b81233a4af
[docs] Align OAuth 2.0 Security Best Current Practice links ( #24706 )
...
Closes keycloak/keycloak#24705
Signed-off-by: Joshua Sorah <jsorah@gmail.com>
2024-02-13 13:53:56 +01:00
Michal Hajas
83f3e91e4f
Use http-pool-max-threads in HA guides
...
Closes #26849
Signed-off-by: Michal Hajas <mhajas@redhat.com>
Signed-off-by: Alexander Schwartz <aschwart@redhat.com>
Co-authored-by: Alexander Schwartz <aschwart@redhat.com>
2024-02-13 10:01:59 +00:00
Pedro Igor
750bc2c09c
Reviewing references to user attribute management and UIs
...
Closes #26155
Signed-off-by: Pedro Igor <pigor.craveiro@gmail.com>
2024-02-12 16:01:34 +01:00
mposolda
7af753e166
Documentation for AIA
...
closes #25569
Signed-off-by: mposolda <mposolda@gmail.com>
Co-authored-by: andymunro <48995441+andymunro@users.noreply.github.com>
2024-02-12 09:42:34 +01:00
Thomas Darimont
93fc6a6c54
Shorter lifespan for offline session cache entries in memory
...
Closes #26810
Co-authored-by: Thomas Darimont <thomas.darimont@googlemail.com>
Co-authored-by: Martin Kanis <mkanis@redhat.com>
Signed-off-by: Thomas Darimont <thomas.darimont@googlemail.com>
Signed-off-by: Martin Kanis <mkanis@redhat.com>
2024-02-09 19:44:04 +01:00
stianst
d2f74dd83d
Fix anchors in securing apps guide in prod profile
...
Closes #26853
Signed-off-by: Alexander Schwartz <aschwart@redhat.com>
2024-02-09 12:31:30 +01:00
Pedro Igor
b91ad23b20
Update theme documentation about the considerations when deploying custom themes ( #26885 )
...
Related #23907
Signed-off-by: Pedro Igor <pigor.craveiro@gmail.com>
2024-02-09 04:21:54 +01:00
Steven Hawkins
77581d2527
fix: change from operator. to kc.operator. keys ( #26414 )
...
closes #12352
Signed-off-by: Steve Hawkins <shawkins@redhat.com>
2024-02-08 15:03:20 +01:00
Michal Hajas
de598577b1
Fix confusing SAML NameId mapper format tooltip
...
Closes #26051
Signed-off-by: Michal Hajas <mhajas@redhat.com>
Co-authored-by: Hynek Mlnařík <hmlnarik@users.noreply.github.com>
2024-02-08 11:21:11 +01:00
Stian Thorgersen
cd1e483134
Remove section on adding custom attributes with account v1 and custom themes ( #26858 )
...
Closes #26856
Signed-off-by: stianst <stianst@gmail.com>
2024-02-08 07:28:32 +01:00
Alexander Schwartz
786023fd06
Update HA guide about non-blocking probes ( #26783 )
...
Closes #26781
Signed-off-by: Alexander Schwartz <aschwart@redhat.com>
2024-02-07 16:16:50 +01:00
Michael Schnitzler
fdfe41bdda
fix documentation for resetting OTP in "reset credentials" flow ( #26834 )
...
The former version stated that the "Reset OTP" step had to be disabled in the "reset credentials" authentication flow in order to keep the OTP unchanged. This leads to an error. More precisely, the "Reset - Conditional OTP" sub-flow has to be disabled.
Fixex #26834
Signed-off-by: Michael Schnitzler <schnitzler.michael+github@gmail.com>
2024-02-07 11:57:58 -03:00
Tero Saarni
ac1780a54f
Added event for temporary lockout for brute force protector ( #26630 )
...
This change adds event for brute force protector when user account is
temporarily disabled.
It also lowers the priority of free-text log for failed login attempts.
Signed-off-by: Tero Saarni <tero.saarni@est.tech>
Signed-off-by: Alexander Schwartz <aschwart@redhat.com>
Co-authored-by: Alexander Schwartz <aschwart@redhat.com>
2024-02-07 14:13:33 +00:00
zak905
bcd423b270
rephrase sentence in changes-22_0_0.adoc for more clarity
...
Signed-off-by: zak905 <zakaria.amine88@gmail.com>
2024-02-07 09:32:43 -03:00
zak905
c7db7bd528
Update custom rest endpoint documentation and example
...
Add a mention about beans.xml and @Provider in the extending server documentation
Add beans.xml in the rest provider example
Add a mention about @Provider in the upgrading guides
Closes #25882
Signed-off-by: zak905 <zakaria.amine88@gmail.com>
Address suggested change for docs/documentation/server_development/topics/extensions.adoc
Co-authored-by: Pedro Igor <pigor.craveiro@gmail.com>
Address suggested change for docs/documentation/server_development/topics/extensions.adoc
Co-authored-by: Pedro Igor <pigor.craveiro@gmail.com>
Signed-off-by: zak905 <zakaria.amine88@gmail.com>
Address suggested change for docs/documentation/upgrading/topics/keycloak/changes-22_0_0.adoc
Co-authored-by: Pedro Igor <pigor.craveiro@gmail.com>
Signed-off-by: zak905 <zakaria.amine88@gmail.com>
2024-02-07 09:32:43 -03:00
mposolda
ab7426b857
User profile migration documentation for default validations and strange attributes
...
closes #26634
closes #25979
Signed-off-by: mposolda <mposolda@gmail.com>
Co-authored-by: andymunro <48995441+andymunro@users.noreply.github.com>
2024-02-06 16:48:03 -03:00
Alexander Schwartz
486b199548
Make label for Keycloak container images configurable
...
Closes #26819
Signed-off-by: Alexander Schwartz <aschwart@redhat.com>
2024-02-06 16:16:00 +01:00
Stian Thorgersen
c4b1fd092a
Use code from RestEasy to create and set cookies ( #26558 )
...
Closes #26557
Signed-off-by: stianst <stianst@gmail.com>
2024-02-06 15:14:04 +01:00
Hynek Mlnarik
c866e8e6f9
Introduce index.ftl into base account theme
...
Fixes : #26487
Signed-off-by: Hynek Mlnarik <hmlnarik@redhat.com>
2024-02-06 14:29:07 +01:00
Alexander Schwartz
43c200a8ce
Update migration guide
...
Closes #26490
Signed-off-by: Alexander Schwartz <aschwart@redhat.com>
2024-02-05 14:41:44 +01:00
Kamesh Akella
4459ed66ad
update cpu sizing based on the hashing changes
...
Closes #26490
Signed-off-by: Kamesh Akella <kamesh.asp@gmail.com>
2024-02-05 14:41:44 +01:00
Michal Hajas
80de12d59a
Update HA guides to use the new ISPN config options
...
Closes #26776
Signed-off-by: Michal Hajas <mhajas@redhat.com>
2024-02-05 11:40:08 +01:00
Pascal Paulis
2785bbd29b
added comment about MySQL Server parameter sql_generate_invisible_primary_key
...
Closes #23268
Signed-off-by: Pascal Paulis <ppaulis@gmail.com>
2024-02-05 10:36:31 +01:00
Pedro Igor
4338f44955
Reviewing the user profile documentation
...
Closes #26154
Signed-off-by: Pedro Igor <pigor.craveiro@gmail.com>
2024-02-02 17:14:51 +01:00
christian-2
e14b523a8d
Fixes typo in Server Administration guide ( #26543 )
...
Signed-off-by: Christian Hörtnagl <christian2@univie.ac.at>
2024-02-01 19:36:32 +01:00
mposolda
56a605fae7
Documentation for SuppressRefreshTokenRotationExecutor
...
closes #26587
Signed-off-by: mposolda <mposolda@gmail.com>
Co-authored-by: andymunro <48995441+andymunro@users.noreply.github.com>
2024-02-01 17:18:50 +01:00
Martin Bartoš
14d97ca9ea
Update Maven dependency versions for docs
...
Update Maven Wrapper version
Closes #26689
Fixes #26686
Signed-off-by: Martin Bartoš <mabartos@redhat.com>
2024-02-01 13:42:25 +01:00
Pedro Igor
3a7ce54266
Allow formating numbers when rendering attributes
...
Closes keycloak#26320
Signed-off-by: Pedro Igor <pigor.craveiro@gmail.com>
2024-02-01 08:14:58 -03:00
Martin Kanis
a3fcacdab7
Map Store Removal: deprecate model legacy module
...
Closes #26598
Signed-off-by: Martin Kanis <mkanis@redhat.com>
2024-01-31 17:40:45 +01:00
Steven Hawkins
66e45a335e
doc: noting the formats apply to spi options as well ( #26648 )
...
closes : #26468
Signed-off-by: Steve Hawkins <shawkins@redhat.com>
2024-01-31 16:09:47 +00:00
Steven Hawkins
f55e903092
Convert watching to polling and adding infinispan config file support ( #26510 )
...
Signed-off-by: Steve Hawkins <shawkins@redhat.com>
2024-01-31 12:57:34 +00:00
Alexander Schwartz
c1ae9a0817
Prevent blank after backslash which breaks shell execution ( #26632 )
...
Closes #26631
Signed-off-by: Alexander Schwartz <aschwart@redhat.com>
2024-01-31 13:17:31 +01:00
Stian Thorgersen
bc3c27909e
Cookie Provider ( #26499 )
...
Closes #26500
Signed-off-by: stianst <stianst@gmail.com>
2024-01-26 10:45:00 +01:00
Martin Kanis
7797f778d1
Map Store Removal: Rename legacy modules
...
Closes #24107
Signed-off-by: Martin Kanis <mkanis@redhat.com>
2024-01-25 16:29:16 +01:00
Thomas Darimont
e7363905fa
Change password hashing defaults according to OWASP recommendations ( #16629 )
...
Changes according to the latest [OWASP cheat sheet for secure Password Storage](https://cheatsheetseries.owasp.org/cheatsheets/Password_Storage_Cheat_Sheet.html#pbkdf2 ):
- Changed default password hashing algorithm from pbkdf2-sha256 to pbkdf2-sha512
- Increased number of hash iterations for pbkdf2-sha1 from 20.000 to 1.300.000
- Increased number of hash iterations for pbkdf2-sha256 from 27.500 to 600.000
- Increased number of hash iterations for pbkdf2-sha512 from 30.000 to 210.000
- Adapt PasswordHashingTest to new defaults
- The test testBenchmarkPasswordHashingConfigurations can be used to compare the different hashing configurations.
- Document changes in changes document with note on performance and how
to keep the old behaviour.
- Log a warning at the first time when Pbkdf2PasswordHashProviderFactory is used directly
Fixes #16629
Signed-off-by: Thomas Darimont <thomas.darimont@googlemail.com>
2024-01-24 18:35:51 +01:00
Stian Thorgersen
fea49765f0
Remove Jetty 9.4 adapters ( #26261 )
...
Only removing the distribution of the Jetty adapter for now, and leaving the rest for now. This is due to the complexity of removing all Jetty adapter code due to Spring, OSGI, Fuse, testsuite, etc. and it will be better to leave the rest of the clean-up to after 24 when we are removing most adapters
Closes #26255
Signed-off-by: stianst <stianst@gmail.com>
2024-01-24 11:17:29 +01:00
Martin Kanis
84603a9363
Map Store Removal: Rename Legacy* classes ( #26273 )
...
Closes #24105
Signed-off-by: Martin Kanis <mkanis@redhat.com>
2024-01-23 13:50:31 +00:00
Jon Koops
5bf2d4b6ec
Enable PKCE by default for Keycloak JS ( #26412 )
...
Closes #26411
Signed-off-by: Jon Koops <jonkoops@gmail.com>
2024-01-23 14:04:13 +01:00
Thomas Darimont
cc7d6a9b79
Improve wording for Concepts for configuring thread pools in docs
...
Closes #26402
Signed-off-by: Thomas Darimont <thomas.darimont@googlemail.com>
Signed-off-by: Alexander Schwartz <aschwart@redhat.com>
Co-authored-by: Alexander Schwartz <aschwart@redhat.com>
2024-01-23 12:56:55 +00:00
Alexander Schwartz
e6cd9a2987
Remove product specific content about Linux only ( #26222 )
...
Closes #26220
Signed-off-by: Alexander Schwartz <aschwart@redhat.com>
2024-01-22 10:38:07 +01:00
Pedro Ruivo
70b4c6bf52
Encrypt network communication in JGroups
...
Closes #25702
Signed-off-by: Pedro Ruivo <pruivo@redhat.com>
Signed-off-by: Alexander Schwartz <aschwart@redhat.com>
Co-authored-by: Alexander Schwartz <aschwart@redhat.com>
2024-01-18 17:24:27 +00:00
rmartinc
2f0a0b6ad8
Remove deprecated mode for saml encryption
...
Closes #26291
Signed-off-by: rmartinc <rmartinc@redhat.com>
2024-01-18 16:52:10 +01:00
Lex Cao
a960d0d8fa
Add upgrading docs for changes to send-verify-email API
...
Closes #26146 .
Signed-off-by: Lex Cao <lexcao@foxmail.com>
2024-01-18 09:48:01 +01:00
Ryan Emerson
ba76682590
Use the http-max-queued-requests option for load shedding in HA docs
...
Resolves #26223
Signed-off-by: Ryan Emerson <remerson@redhat.com>
2024-01-17 15:44:08 +01:00
Alexander Schwartz
b9498b91cb
Deprecating the offline session preloading ( #26160 )
...
Closes #25300
Signed-off-by: Alexander Schwartz <aschwart@redhat.com>
2024-01-16 09:29:01 +01:00
Luca Orlandi
d70dd9db67
Update placeholders for hostname and port ( #24153 )
...
Signed-off-by: Alexander Schwartz <aschwart@redhat.com>
Co-authored-by: Alexander Schwartz <aschwart@redhat.com>
2024-01-11 12:05:05 +01:00
Kévin Martins
16dddfa49c
Complete the documentation for the use case of a resource from an email template. ( #25705 )
...
Signed-off-by: Kevin MARTINS <k.martins@ubitransport.com>
2024-01-10 18:08:04 -03:00
Alexander Schwartz
0f48027ffb
Reduce internal unsupported options in the Keycloak HA documentation
...
Closes #26068
Signed-off-by: Alexander Schwartz <aschwart@redhat.com>
2024-01-10 17:38:15 +01:00
AndyMunro
b875acbc20
Change RHDG to Infinispan
...
Closes #26083
Signed-off-by: AndyMunro <amunro@redhat.com>
2024-01-10 17:18:50 +01:00
rmartinc
179ca3fa3a
Sanitize logs in JBossLoggingEventListenerProvider
...
Closes #25078
Signed-off-by: rmartinc <rmartinc@redhat.com>
2024-01-10 16:50:27 +01:00
Alexander Schwartz
4be4212dca
Remove conditionals about Linux vs. Windows ( #26031 )
...
Closes #26028
Signed-off-by: Alexander Schwartz <aschwart@redhat.com>
2024-01-10 16:03:38 +01:00
Steven Hawkins
41dd1d2161
doc: adding notes about header priority ( #25959 )
...
closes: keycloak#23023
Signed-off-by: Steve Hawkins <shawkins@redhat.com>
2024-01-10 09:21:49 +01:00
Alexander Schwartz
01939bcf34
Remove concurrent loading of remote sessions as at startup time only one node is up anyway. ( #25709 )
...
Closes #22082
Signed-off-by: Alexander Schwartz <aschwart@redhat.com>
Co-authored-by: Martin Kanis <martin-kanis@users.noreply.github.com>
2024-01-09 16:55:22 +01:00
andymunro
70e15bdaa4
Clarify note about containers
...
Closes #26006
Signed-off-by: AndyMunro <amunro@redhat.com>
2024-01-09 15:20:18 +01:00
shigeyuki kabano
8b65e6727b
Creating documentation for Lightweight access token( #25743 )
...
Closes keycloak#23725
Signed-off-by: shigeyuki kabano <shigeyuki.kabano.sj@hitachi.com>
2024-01-09 09:48:20 +01:00
Pedro Igor
7fad0e805e
Improve brute force documentation around how the effective wait time is calculated
...
Closes #25915
Signed-off-by: Pedro Igor <pigor.craveiro@gmail.com>
Co-authored-by: Alexander Schwartz <alexander.schwartz@gmx.net>
Co-authored-by: andymunro <48995441+andymunro@users.noreply.github.com>
2024-01-09 07:50:17 +00:00
Sebastian Schuster
92d6da437b
Fixed tiny doc typo ( #26012 )
...
Signed-off-by: Sebastian Schuster <sebastian.schuster@bosch.io>
2024-01-09 08:02:02 +01:00
Douglas Palmer
58d167fe59
Deleting a User or User Group might cause that all users suddenly get the permissions of the deleted user.
...
Closes #24651
Signed-off-by: Douglas Palmer <dpalmer@redhat.com>
2024-01-08 19:32:01 -03:00
Alexander Schwartz
badf3f461d
Making metrics with labels for embedded Infinispan the default
...
Closes #25935
Signed-off-by: Alexander Schwartz <aschwart@redhat.com>
2024-01-08 21:29:03 +01:00
Jon Koops
ddcaa6dcbf
Add release announcement and migration for new welcome theme ( #25895 )
...
Closes #25894
Signed-off-by: Jon Koops <jonkoops@gmail.com>
2024-01-08 13:10:51 +00:00
Steven Hawkins
7bde7c30cc
fix: do not split on space for option errors ( #25876 )
...
closes #25783
Signed-off-by: Steve Hawkins <shawkins@redhat.com>
2024-01-05 13:01:17 +01:00
Pedro Igor
8ff9e71eae
Do not allow verifying email from a different account
...
Closes #14776
Signed-off-by: Pedro Igor <pigor.craveiro@gmail.com>
2024-01-05 12:45:07 +01:00
Ryan Emerson
60f80ce0c8
Update Route53 HA guide to be compatible with ROSA and OpenShift 4.14.x ( #25900 )
...
Closes #25733
Signed-off-by: Ryan Emerson <remerson@redhat.com>
Signed-off-by: Alexander Schwartz <aschwart@redhat.com>
Co-authored-by: Alexander Schwartz <aschwart@redhat.com>
2024-01-04 17:45:32 +00:00
Pedro Ruivo
2c70b45205
High Availability Docs: use unbounded token for cross-site connection
...
Expirable tokens are more secure but it requires manual intervention to
create and share them when they expire.
I have updated the documentation to use non-expirable tokens.
Closes #25909
Signed-off-by: Pedro Ruivo <pruivo@redhat.com>
Signed-off-by: Alexander Schwartz <aschwart@redhat.com>
Co-authored-by: Alexander Schwartz <aschwart@redhat.com>
2024-01-04 17:12:17 +00:00
Ben Cresitello-Dittmar
057d8a00ac
Implement Authentication Method Reference (AMR) claim from OIDC specification
...
This implements a method for configuring authenticator reference values for Keycloak authenticator executions and a protocol mapper for populating the AMR claim in the resulting OIDC tokens.
This implementation adds a default configuration item to each authenticator execution, allowing administrators to configure an authenticator reference value. Upon successful completion of an authenticator during an authentication flow, Keycloak tracks the execution ID in a user session note.
The protocol mapper pulls the list of completed authenticators from the user session notes and loads the associated configurations for each authenticator execution. It then captures the list of authenticator references from these configs and sets it in the AMR claim of the resulting tokens.
Closes #19190
Signed-off-by: Ben Cresitello-Dittmar <bcresitellodittmar@mitre.org>
2024-01-03 14:59:05 -03:00
Steven Hawkins
667ce4be9e
enhance: supporting versioned features ( #24811 )
...
also adding a common PropertyMapper validation method
closes #24668
Co-authored-by: Václav Muzikář <vaclav@muzikari.cz>
Co-authored-by: Martin Bartoš <mabartos@redhat.com>
2024-01-03 17:56:31 +01:00
Pedro Igor
ceb085e7b8
Update the UPDATE_EMAIL feature to rely on the user profile configuration when rendering templates and validating the email
...
Closes #25704
Signed-off-by: Pedro Igor <pigor.craveiro@gmail.com>
2023-12-20 15:15:06 -03:00
Takashi Norimatsu
751cadc514
Documentation about Australia Consumer Data Right security profile
...
closes #25236
Signed-off-by: Takashi Norimatsu <takashi.norimatsu.ws@hitachi.com>
2023-12-19 21:06:03 +01:00
Konstantinos Georgilakis
ba8c22eaf0
Scope parameter in Oauth 2.0 token exchange
...
Closes #21578
Signed-off-by: cgeorgilakis-grnet <cgeorgilakis@admin.grnet.gr>
2023-12-18 15:44:26 -03:00
Pedro Igor
778847a3ce
Updating theme templates to render user attributes based on the user profile configuration
...
Closes #25149
Signed-off-by: Pedro Igor <pigor.craveiro@gmail.com>
2023-12-18 15:35:52 -03:00
Steven Hawkins
bee7595275
fix: adding the kube ca cert to the truststores
...
closes #10794
Signed-off-by: Steve Hawkins <shawkins@redhat.com>
Co-authored-by: Alexander Schwartz <alexander.schwartz@gmx.net>
2023-12-18 15:56:43 +01:00
Steven Hawkins
e148021a67
fix: adding filtering to ignore anything runtime during a build ( #25434 )
...
fix: adding filtering to ignore anything runtime during a build
closes : #25166
Signed-off-by: Steve Hawkins <shawkins@redhat.com>
Co-authored-by: Martin Bartoš <mabartos@redhat.com>
2023-12-18 12:50:47 +00:00
Marek Posolda
be935c2763
Incorrect version of the fix in release notes ( #25661 )
...
closes #25660
Signed-off-by: mposolda <mposolda@gmail.com>
2023-12-18 11:56:58 +01:00
Takashi Norimatsu
59536becec
Client policies : executor for enforcing DPoP
...
closes #25315
Signed-off-by: Takashi Norimatsu <takashi.norimatsu.ws@hitachi.com>
2023-12-18 10:45:18 +01:00
AndyMunro
2853136bbb
Remove topic on user attributes in Account Console
...
Closes #22555
Signed-off-by: AndyMunro <amunro@redhat.com>
2023-12-15 12:07:35 +01:00
Erwin Rooijakkers
860978b15a
Change arg of getSubGroups to briefRepresentation
...
Parameter name briefRepresentation should mean briefRepresentation,
not full. This way callers will by default get the full
representation, unless true is passed as value for
briefRepresentation.
Fixes #25096
Signed-off-by: Erwin Rooijakkers <erwin@rooijakkers.software>
2023-12-14 17:23:27 +01:00
Steven Hawkins
08751001db
enhance: adds truststores to the keycloak cr ( #25215 )
...
also generally correcting the misspelling trustore
closes : #24798
Signed-off-by: Steve Hawkins <shawkins@redhat.com>
2023-12-14 11:15:06 -03:00
Václav Muzikář
e4c348e99e
Add new --proxy-headers
option ( #25178 )
...
* Add new `--proxy-headers` option
Closes #23431
Signed-off-by: Václav Muzikář <vmuzikar@redhat.com>
Co-authored-by: Martin Bartoš <mabartos@redhat.com>
Co-authored-by: Alexander Schwartz <aschwart@redhat.com>
* Address review comments vol. 03
Signed-off-by: Václav Muzikář <vmuzikar@redhat.com>
* Address review comments vol. 04
Signed-off-by: Václav Muzikář <vmuzikar@redhat.com>
---------
Signed-off-by: Václav Muzikář <vmuzikar@redhat.com>
Co-authored-by: Martin Bartoš <mabartos@redhat.com>
Co-authored-by: Alexander Schwartz <aschwart@redhat.com>
2023-12-13 10:48:12 -03:00
Pedro Igor
fa79b686b6
Refactoring user profile interfaces and consolidating user representation for both admin and account context
...
Signed-off-by: Pedro Igor <pigor.craveiro@gmail.com>
2023-12-13 08:27:55 +01:00
Ryan Emerson
fc2120c881
Add docs for automating Infinispan CLI commands
...
Add docs for automating Infinispan CLI commands, Move Batch CR to its own concept
Signed-off-by: Ryan Emerson <remerson@redhat.com>
Signed-off-by: Alexander Schwartz <aschwart@redhat.com>
Co-authored-by: Alexander Schwartz <aschwart@redhat.com>
2023-12-11 17:48:28 +01:00
Steven Hawkins
4db4982e9d
enhance: adding a start optimized flag ( #25216 )
...
closes : #25015
Update docs/guides/operator/customizing-keycloak.adoc
Update docs/documentation/release_notes/topics/24_0_0.adoc
Update operator/src/main/java/org/keycloak/operator/crds/v2alpha1/deployment/KeycloakSpec.java
Signed-off-by: Václav Muzikář <vmuzikar@redhat.com>
Co-authored-by: Václav Muzikář <vaclav@muzikari.cz>
2023-12-11 16:15:16 +00:00
Steven Hawkins
ba3451ff2e
doc: adding a note about removing the ( #25436 )
...
closes : #25307
Signed-off-by: Steve Hawkins <shawkins@redhat.com>
2023-12-08 17:47:33 +01:00
Steven Hawkins
a04613e7ea
doc: adding a note about config expressions
...
Closes : #19831
Signed-off-by: Steve Hawkins <shawkins@redhat.com>
Co-authored-by: Václav Muzikář <vaclav@muzikari.cz>
Co-authored-by: Alexander Schwartz <aschwart@redhat.com>
Co-authored-by: andymunro <48995441+andymunro@users.noreply.github.com>
2023-12-06 19:29:47 +00:00
Alexander Schwartz
a08f112f79
Add links to guides and GitHub discussions ( #25271 )
...
This should increase the likelihood for feedback
Closes #25270
Signed-off-by: Alexander Schwartz <aschwart@redhat.com>
2023-12-05 08:57:52 +01:00
Michal Hajas
d387f13525
Add tests for lb-check endpoint
...
Added documentation why the check retries and updated outdated docs
Closes #25113
Signed-off-by: Michal Hajas <mhajas@redhat.com>
Signed-off-by: Alexander Schwartz <aschwart@redhat.com>
Co-authored-by: Alexander Schwartz <aschwart@redhat.com>
2023-12-04 08:53:37 +01:00
Michal Hajas
cafc238ff2
Add documentation for lb-check
...
Closes #25077
Signed-off-by: Michal Hajas <mhajas@redhat.com>
Signed-off-by: Alexander Schwartz <aschwart@redhat.com>
Co-authored-by: Alexander Schwartz <aschwart@redhat.com>
2023-11-30 12:47:06 +00:00
Steven Hawkins
8c3df19722
feature: add option for creating a global truststore ( #24473 )
...
closes #24148
Co-authored-by: Václav Muzikář <vaclav@muzikari.cz>
Co-authored-by: Martin Bartoš <mabartos@redhat.com>
2023-11-30 08:57:17 +01:00
Alexander Schwartz
dd5b9b1c36
Fix cross-links in guides and remove unprocessed content in include ( #25126 )
...
Closes #25090
Signed-off-by: Alexander Schwartz <aschwart@redhat.com>
2023-11-30 08:17:23 +01:00
rmartinc
16afecd6b4
Allow automatic download of SAML certificates in the identity provider
...
Closes https://github.com/keycloak/keycloak/issues/24424
Signed-off-by: rmartinc <rmartinc@redhat.com>
2023-11-29 18:03:31 +01:00
rmartinc
3bc028fe2d
Remove lowercase for the hostname as recommended/advised by OAuth spec
...
Closes https://github.com/keycloak/keycloak/issues/25001
Signed-off-by: rmartinc <rmartinc@redhat.com>
2023-11-29 10:26:00 -03:00
Takashi Norimatsu
29aec9c5b5
Documentation Inconsistency about Open Banking(Finance) Brasil FAPI security profile
...
closes #25108
Signed-off-by: Takashi Norimatsu <takashi.norimatsu.ws@hitachi.com>
2023-11-29 07:39:51 -03:00
Stian Thorgersen
ccf9a50d4d
Add a doc with relevant links around CNCF ( #24227 )
...
* Add a doc with relevant links around CNCF
* Update docs/cnfc.md
* Update docs/cnfc.md
Co-authored-by: Václav Muzikář <vaclav@muzikari.cz>
---------
Co-authored-by: Václav Muzikář <vaclav@muzikari.cz>
2023-11-29 05:51:56 +01:00
Steven Hawkins
dacee3a36b
doc: adding a note that quoting all of the arguments no longer works ( #25083 )
...
closes #25018
Signed-off-by: Steve Hawkins <shawkins@redhat.com>
2023-11-28 14:31:47 +01:00
Jon Koops
48fc29a5c6
Use exports
field for Keycloak JS ( #24974 )
...
Closes #24923
Signed-off-by: Jon Koops <jonkoops@gmail.com>
2023-11-24 10:50:02 +01:00
Alexander Schwartz
68b33be655
Adress keycloak high-availability guide follow-up items
...
Closes #24975
Signed-off-by: Alexander Schwartz <aschwart@redhat.com>
2023-11-23 17:12:46 +01:00
Stian Thorgersen
f41383a851
Release notes editorial for 23 ( #24972 )
...
Signed-off-by: stianst <stianst@gmail.com>
2023-11-23 13:34:45 +01:00
Alexander Schwartz
834ef79509
Adding a Keycloak High Availability section to Keycloak's docs
...
The content was moved over from the Keycloak Benchmark subproject.
Closes #24844
Signed-off-by: Alexander Schwartz <aschwart@redhat.com>
Co-authored-by: Pedro Ruivo <pruivo@redhat.com>
Co-authored-by: Michal Hajas <mhajas@redhat.com>
Co-authored-by: Kamesh Akella <kakella@redhat.com>
Co-authored-by: Ryan Emerson <remerson@redhat.com>
Co-authored-by: Anna Manukyan <amanukya@redhat.com>
Co-authored-by: Thomas Darimont <thomas.darimont@googlemail.com>
Co-authored-by: Stian Thorgersen <stian@redhat.com>
Co-authored-by: Thomas Darimont <thomas.darimont@googlemail.com>
Co-authored-by: AndyMunro <amunro@redhat.com>
2023-11-23 12:27:47 +00:00
Martin Ledvinka
da260b386c
Fix incorrect preview feature reference (keycloak#24966).
...
Closes #24966 .
Signed-off-by: Martin Ledvinka <martin.ledvinka@fel.cvut.cz>
2023-11-23 12:48:00 +01:00
Jon Koops
e13d3264a2
Stop copying resources from Account v2 theme into 'common' ( #24929 )
...
Closes #24928
Signed-off-by: Jon Koops <jonkoops@gmail.com>
2023-11-22 17:03:52 +01:00
mposolda
87c45437a5
Release notes for max auth age password policy
...
Signed-off-by: mposolda <mposolda@gmail.com>
Co-authored-by: andymunro <48995441+andymunro@users.noreply.github.com>
2023-11-22 07:35:09 +01:00
Marek Posolda
765e4838e9
Remove OIDC and SAML adapters for Wildfly/EAP ZIP downloads. Update documentation. ( #24877 )
...
* Update EAP documentation for OIDC and SAML (#24734 )
Co-authored-by: andymunro <48995441+andymunro@users.noreply.github.com>
(cherry picked from commit d7f2ad747d90dd0475a016fcfd528fea4ebed043)
Signed-off-by: Stian Thorgersen <stianst@gmail.com>
* Remove OIDC and SAML adapters for Wildfly/EAP ZIP downloads. Update documentation.
Closes #24713
Signed-off-by: mposolda <mposolda@gmail.com>
Co-authored-by: Stian Thorgersen <stian@redhat.com>
---------
Signed-off-by: Stian Thorgersen <stianst@gmail.com>
Co-authored-by: Stian Thorgersen <stianst@gmail.com>
Co-authored-by: Stian Thorgersen <stian@redhat.com>
2023-11-21 14:22:00 +00:00
Václav Muzikář
15a83985b1
Implement load shedding
...
Closes #23340
Co-authored-by: Alexander Schwartz <aschwart@redhat.com>
Signed-off-by: Václav Muzikář <vmuzikar@redhat.com>
2023-11-21 13:43:09 +01:00
Steven Hawkins
4968c35536
fix: correcting the realmrepresentation link ( #24869 )
...
closes #22194
Signed-off-by: Steve Hawkins <shawkins@redhat.com>
2023-11-21 09:09:00 +01:00
Tomas Ondrusko
8ac6120274
Social Identity Providers documentation adjustments ( #24840 )
...
Closes #24601
Signed-off-by: Tomas Ondrusko <tondrusk@redhat.com>
2023-11-20 22:26:11 +01:00
Thomas Darimont
d30d692335
Introduce MaxAuthAge Password policy ( #12943 )
...
This policy allows to specify the maximum age of an authentication
with which a password may be changed without re-authentication.
Defaults to 300 seconds (default taken from Constants.KC_ACTION_MAX_AGE) to remain backwards compatible.
A value of 0 will always require reauthentication to update the password.
Add documentation for MaxAuthAgePasswordPolicy to server_admin
Fixes #12943
Signed-off-by: Thomas Darimont <thomas.darimont@googlemail.com>
2023-11-20 14:48:17 +01:00
Erik Jan de Wit
44a95c72f1
added namespace migration documentation ( #24497 )
...
fixes : #23061
Signed-off-by: Erik Jan de Wit <erikjan.dewit@gmail.com>
2023-11-20 14:11:38 +01:00
andymunro
7d62f6308d
Create an attribute for Getting Started ( #24825 )
...
* Create an attribute for Getting Started
Closes #24824
Signed-off-by: AndyMunro <amunro@redhat.com>
Signed-off-by: Alexander Schwartz <aschwart@redhat.com>
Co-authored-by: Alexander Schwartz <aschwart@redhat.com>
2023-11-20 13:16:35 +01:00
Alexander Schwartz
2bb31b1bfc
Fix DocsBuildDebugUtil signatures, and ensure it can be called from an IDE
...
Closes #24817
Signed-off-by: Alexander Schwartz <aschwart@redhat.com>
Signed-off-by: Alexander Schwartz <aschwart@redhat.com>
2023-11-20 09:14:57 -03:00
rmartinc
5fad76070a
Use LinkedIn instead of LinkedIn OpenID Connect for better UI experience
...
Closes https://github.com/keycloak/keycloak/issues/24659
Signed-off-by: rmartinc <rmartinc@redhat.com>
2023-11-16 18:22:16 +01:00
Tomas Ondrusko
fe48afc1dc
Update Social Identity Providers documentation ( #24601 )
...
Signed-off-by: Tomas Ondrusko <tondrusk@redhat.com>
2023-11-16 17:58:53 +01:00
andymunro
d4cee15c3a
Correct Securing Apps Guide ( #24730 )
...
* Correcting Securing Apps guide
Closes #24729
Signed-off-by: AndyMunro <amunro@redhat.com>
* Update docs/documentation/securing_apps/topics/saml/java/general-config/sp_role_mappings_provider_element.adoc
Co-authored-by: Stian Thorgersen <stian@redhat.com>
---------
Signed-off-by: AndyMunro <amunro@redhat.com>
Co-authored-by: Stian Thorgersen <stian@redhat.com>
2023-11-14 11:04:55 +01:00
AndyMunro
20f5edc708
Addressing Server Admin review comments
...
Closes #24643
Signed-off-by: AndyMunro <amunro@redhat.com>
2023-11-13 15:48:02 +01:00
Alexander Schwartz
1b12fe132b
Update documentation for removal of the map store
...
Signed-off-by: Alexander Schwartz <aschwart@redhat.com>
Closes #24092
2023-11-13 15:38:05 +01:00
vramik
71b6757c2f
Remove quarkus options related to map store
...
Signed-off-by: vramik <vramik@redhat.com>
Closes #24098
2023-11-13 12:34:52 +01:00
Alexander Schwartz
8acb6c1845
Fix broken link to node.js and internal anchor
...
Closes #24699
Signed-off-by: Alexander Schwartz <aschwart@redhat.com>
2023-11-13 12:20:54 +01:00
andymunro
bf17fcc0be
Fix broken links ( #24476 )
2023-11-13 09:17:34 +01:00
Hynek Mlnarik
f557b2c88c
Transient sessions: Documentation
...
Closes : #24278
Signed-off-by: Hynek Mlnarik <hmlnarik@redhat.com>
2023-11-10 11:22:04 +01:00