Commit graph

844 commits

Author SHA1 Message Date
Pedro Igor
22da43c619
Fixing broken link (#30299)
Signed-off-by: Pedro Igor <pigor.craveiro@gmail.com>
2024-06-10 15:22:48 +02:00
MWarnecke
0c6558612f
Enhance documentation regarding edge termination (#30170)
Closes #29665

Signed-off-by: Michael Warnecke <WarneckeMichael@web.de>
2024-06-10 07:47:20 +00:00
Pedro Igor
c35bf11b1b
Adding organization section (#29796)
Closes #28731

Signed-off-by: Pedro Igor <pigor.craveiro@gmail.com>
Co-authored-by: andymunro <48995441+andymunro@users.noreply.github.com>
2024-06-10 09:08:50 +02:00
Giuseppe Graziano
6067f93984
Improvements to refresh token rotation with multiple tabs (#29966)
Closes #14122

Signed-off-by: Giuseppe Graziano <g.graziano94@gmail.com>
2024-06-07 12:02:36 +02:00
Steven Hawkins
5059a02eb2
fix: minor refinements to collection utils (#29536)
closes: #29535

Signed-off-by: Steve Hawkins <shawkins@redhat.com>
2024-06-06 10:07:34 -04:00
Steven Hawkins
c7e9ee2bff
fix: adds handling for all kcadm prompts as env variables (#29430)
closes: #21961

Signed-off-by: Steve Hawkins <shawkins@redhat.com>
2024-06-06 13:08:23 +00:00
Marek Posolda
79c8c80058
Example for X.509 direct grant flow authentication (#30203)
closes #29639

Signed-off-by: mposolda <mposolda@gmail.com>


Co-authored-by: andymunro <48995441+andymunro@users.noreply.github.com>
2024-06-06 11:58:09 +02:00
Erik Jan de Wit
5897334ddb
Align environment variables between consoles (#30125)
* change to make authServerUrl the same as authUrl

fixes: #29641
Signed-off-by: Erik Jan de Wit <erikjan.dewit@gmail.com>

* Remove `authUrl` entirely

Signed-off-by: Jon Koops <jonkoops@gmail.com>

* Remove file that is unrelated

Signed-off-by: Jon Koops <jonkoops@gmail.com>

* Split out and align environment variables between consoles

Signed-off-by: Jon Koops <jonkoops@gmail.com>

* Restore removed variables to preserve backwards compatibility

Signed-off-by: Jon Koops <jonkoops@gmail.com>

* Also deprecate the `authUrl` for the Admin Console

Signed-off-by: Jon Koops <jonkoops@gmail.com>

---------

Signed-off-by: Erik Jan de Wit <erikjan.dewit@gmail.com>
Signed-off-by: Jon Koops <jonkoops@gmail.com>
Co-authored-by: Jon Koops <jonkoops@gmail.com>
2024-06-06 08:36:46 +02:00
Giuseppe Graziano
d5e82356f9 Encrypted KC_RESTART cookie and removed sensitive notes
Closes #keycloak/keycloak-private#162

Signed-off-by: Giuseppe Graziano <g.graziano94@gmail.com>
2024-06-05 10:33:44 +02:00
Marek Posolda
193439788e
Release notes for support application/jwt response in token introspec… (#30105)
closes #30104

Signed-off-by: mposolda <mposolda@gmail.com>


Co-authored-by: andymunro <48995441+andymunro@users.noreply.github.com>
2024-06-04 06:49:13 +02:00
Martin Bartoš
262fc09edc
OpenJDK 21 support (#28518)
* OpenJDK 21 support

Closes #28517

Co-authored-by: Václav Muzikář <vaclav@muzikari.cz>
Signed-off-by: Martin Bartoš <mabartos@redhat.com>

* x509 SAN UPN other name is not handled in JDK 21 (#904)

closes #29968

Signed-off-by: mposolda <mposolda@gmail.com>

---------

Signed-off-by: Martin Bartoš <mabartos@redhat.com>
Signed-off-by: mposolda <mposolda@gmail.com>
Co-authored-by: Václav Muzikář <vaclav@muzikari.cz>
Co-authored-by: Marek Posolda <mposolda@gmail.com>
2024-06-03 14:17:28 +02:00
Peter Zaoral
cd2451d58b
Remove Oracle JDBC driver out of the box (#29895)
Closes: #29491

Co-authored-by: Václav Muzikář <vaclav@muzikari.cz>
Co-authored-by: Martin Bartoš <mabartos@redhat.com>
Signed-off-by: Peter Zaoral <pzaoral@redhat.com>
2024-05-31 17:21:19 +00:00
Alexander Schwartz
af23150343 Fixing typo in the upgrading guide for persistent sessions
Closes #30028

Signed-off-by: Alexander Schwartz <aschwart@redhat.com>
2024-05-31 13:18:34 +02:00
Miquel Simon
2c521bd64d Upgrade supported PostgreSQL to version 16
Closes #29875

Signed-off-by: Miquel Simon <msimonma@redhat.com>
2024-05-29 16:31:40 +02:00
Marek Posolda
336b2c875f
Update release notes for Keycloak 25 (#29894)
closes #29576

Signed-off-by: mposolda <mposolda@gmail.com>


Co-authored-by: andymunro <48995441+andymunro@users.noreply.github.com>
2024-05-29 14:19:17 +02:00
mposolda
37c10b4d43 Improve documentation for the case when 'basic' client scope already exists
closes #29880

Signed-off-by: mposolda <mposolda@gmail.com>
2024-05-29 13:32:05 +02:00
Ryan Emerson
5788263413
Document Failover Lambda for Active/Passive deployments
Closes #29787

Signed-off-by: Ryan Emerson <remerson@redhat.com>
Signed-off-by: Alexander Schwartz <aschwart@redhat.com>
Co-authored-by: Alexander Schwartz <aschwart@redhat.com>
Co-authored-by: Alexander Schwartz <alexander.schwartz@gmx.net>
Co-authored-by: andymunro <48995441+andymunro@users.noreply.github.com>
2024-05-29 12:33:13 +02:00
Michal Hajas
61d0d56720
Document it is not possible to use rolling configuration upgrade for enabling persistent sessions
Closes #29561

Signed-off-by: Michal Hajas <mhajas@redhat.com>
Signed-off-by: Alexander Schwartz <aschwart@redhat.com>
Co-authored-by: Alexander Schwartz <aschwart@redhat.com>
2024-05-29 10:19:20 +02:00
Pedro Igor
bbb83236f5 Do not lower-case the username from the IdP when creating the federated identity
Closes #28495

Signed-off-by: Pedro Igor <pigor.craveiro@gmail.com>
2024-05-29 01:58:20 -03:00
Jon Koops
a3b2dd0735
Remove deprecated ServerCookie class (#29916)
Signed-off-by: Jon Koops <jonkoops@gmail.com>
2024-05-28 14:14:05 +00:00
Ryan Emerson
0f17f0abc5
Require external Infinispan be of version 15 or greater
Signed-off-by: Ryan Emerson <remerson@redhat.com>
Signed-off-by: Alexander Schwartz <aschwart@redhat.com>
Co-authored-by: Alexander Schwartz <aschwart@redhat.com>
2024-05-22 11:26:26 +00:00
Alexander Schwartz
80de3a0a71
Allow migration of non-persistent sessions to persistent sessions
Closes #29375

Signed-off-by: Alexander Schwartz <aschwart@redhat.com>
2024-05-22 10:30:46 +02:00
rmartinc
f7044ba5c2 Use SessionExpirationUtils for validate user and client sessions
Check client session is valid in TokenManager
Closes #24936

Signed-off-by: rmartinc <rmartinc@redhat.com>
2024-05-22 10:12:20 +02:00
Marek Posolda
6dc28bc7b5
Clarify the documentation about step-up authentication (#29735)
closes #28341

Signed-off-by: mposolda <mposolda@gmail.com>


Co-authored-by: andymunro <48995441+andymunro@users.noreply.github.com>
2024-05-21 19:46:27 +02:00
Pedro Ruivo
7182bc2125 Infinispan 15.0.4.Final
Closes #29743

Signed-off-by: Pedro Ruivo <pruivo@redhat.com>
2024-05-21 16:47:26 +02:00
Bruno Oliveira da Silva
4a21b44b5f Add documentation about how to handle CVEs on third-party libraries reported by Snyk
Closes #29707

Co-authored-by: Alexander Schwartz <alexander.schwartz@gmx.net>
Signed-off-by: Bruno Oliveira da Silva <bruno@abstractj.com>
2024-05-21 09:08:18 -03:00
mposolda
bbd4b60163 Update documentation after adapters removal
closes #28792

Signed-off-by: mposolda <mposolda@gmail.com>
2024-05-21 09:34:48 +02:00
Alex Szczuczko
34a61d72e5
Add chmod to ADD examples in docs (#29626)
Closes #29625

Signed-off-by: Alex Szczuczko <aszczucz@redhat.com>
2024-05-17 09:15:37 +02:00
vramik
35df0140ee Add a note to the migration guide about index name length for Oracle database
Closes #29594

Signed-off-by: vramik <vramik@redhat.com>
2024-05-16 10:06:39 -03:00
Takashi Norimatsu
b4e7d9b1aa
Passkeys: Supporting WebAuthn Conditional UI (#24305)
closes #24264

Signed-off-by: Takashi Norimatsu <takashi.norimatsu.ws@hitachi.com>
Signed-off-by: mposolda <mposolda@gmail.com>


Co-authored-by: mposolda <mposolda@gmail.com>
2024-05-16 07:58:43 +02:00
Alexander Schwartz
8deca303e2
Update instruction on how to enable persistent sessions (#29490)
Closes #29489

Signed-off-by: Alexander Schwartz <aschwart@redhat.com>
2024-05-15 13:26:51 +02:00
Robin Meese
87086ddb63
Add translation.md for Weblate.org
Closes #29548

Signed-off-by: Alexander Schwartz <aschwart@redhat.com>
Signed-off-by: Jon Koops <jonkoops@gmail.com>
Signed-off-by: Robin Meese <39960884+robson90@users.noreply.github.com>
Co-authored-by: Robin Meese <39960884+robson90@users.noreply.github.com>
Co-authored-by: Jon Koops <jonkoops@gmail.com>
Co-authored-by: Alexander Schwartz <aschwart@redhat.com>
2024-05-15 11:37:38 +02:00
Kamesh Akella
1d613d9037
Argon2 release notes and sizing guide update
Closes #29033

Signed-off-by: Kamesh Akella <kamesh.asp@gmail.com>
Signed-off-by: Alexander Schwartz <aschwart@redhat.com>
Co-authored-by: Alexander Schwartz <alexander.schwartz@gmx.net>
Co-authored-by: Václav Muzikář <vaclav@muzikari.cz>
Co-authored-by: Alexander Schwartz <aschwart@redhat.com>
2024-05-14 17:40:51 +02:00
mposolda
d8a7773947 Adding dummyHash to DirectGrant request in case user does not exists. Fix dummyHash for normal login requests
closes #12298

Signed-off-by: mposolda <mposolda@gmail.com>
2024-05-13 16:33:29 +02:00
christian2
e200ccfa53 Fix URL endpoint for Docker registry v2 authentication
Closes #29132

Signed-off-by: Christian Hörtnagl <christian2@univie.ac.at>
2024-05-13 13:51:06 +02:00
Alexander Schwartz
6fbe207d64
Create documentation for persistent user sessions
Closes #29218

Signed-off-by: Alexander Schwartz <aschwart@redhat.com>
Signed-off-by: Michal Hajas <mhajas@redhat.com>
Co-authored-by: Michal Hajas <mhajas@redhat.com>
2024-05-13 11:02:45 +02:00
mruzicka
6864ee0ead
doc: Quarkus launch rebuild optimization (#28320)
Suggest a command which performs the update of the class loading indices
only once.
Closes #28336
Signed-off-by: Michal Růžička <michal.ruza@gmail.com>
2024-05-10 12:28:38 +02:00
AndyMunro
4a5055c3cc Update create realm topics to replace Master
Closes #29280

Signed-off-by: AndyMunro <amunro@redhat.com>
2024-05-08 17:37:20 +02:00
Pedro Ruivo
cbce548e71 Infinispan 15.0.3.Final
Closes #29068

Signed-off-by: Pedro Ruivo <pruivo@redhat.com>
2024-05-08 17:18:39 +02:00
Nathan Raj
8ff1ae0c08
Update stack-overflow.adoc (#29363)
Corrected capitalisation for heading
2024-05-08 16:06:33 +02:00
Thore
4b194d00be iso-date validator for the user-profile
Adds a new validator in order to be able to validate user-model fields which should be modified/supplied by a datepicker.

Closes #11757

Signed-off-by: Thore <thore@kruess.xyz>
2024-05-07 11:42:39 -03:00
Pedro Igor
d2c5fc86a9 Additional note on release and upgrade guides about partial update on user attributes
Closes #28220

Signed-off-by: Pedro Igor <pigor.craveiro@gmail.com>
2024-05-07 09:59:38 -03:00
Steven Hawkins
c18a68b4e3
docs: add an initial note about sizing to each of the install guides (#29330)
closes: #14188

Signed-off-by: Steve Hawkins <shawkins@redhat.com>
2024-05-07 08:01:09 +00:00
AndyMunro
eb9b19abe9 Corrections to HA Guide
Closes #29183

Signed-off-by: AndyMunro <amunro@redhat.com>
2024-05-06 17:00:54 +02:00
Dimitri Papadopoulos Orfanos
9db1443367
Fix typos found by codespell in docs (#28890)
Run `chmod -x` on files that need not be executable.

Signed-off-by: Dimitri Papadopoulos <3234522+DimitriPapadopoulos@users.noreply.github.com>
Signed-off-by: Alexander Schwartz <aschwart@redhat.com>
Co-authored-by: Alexander Schwartz <aschwart@redhat.com>
2024-05-03 12:41:16 +00:00
Douglas Palmer
26eaa4f83f Broken link in documentation
Closes #29233

Signed-off-by: Douglas Palmer <dpalmer@redhat.com>
2024-05-02 15:29:56 -03:00
Steven Hawkins
4697cc956b
further refinement of context handling (#28182)
* fully removing providers and moving the keycloaksession creation / final
cleanup

also deprecated Resteasy utility methods

closes: #29223

Signed-off-by: Steve Hawkins <shawkins@redhat.com>

Co-authored-by: Pedro Igor <pigor.craveiro@gmail.com>
2024-05-02 11:21:01 -04:00
Steven Hawkins
3b1ca46be2
fix: updating docs around -q parameter (#29151)
closes: #27877

Signed-off-by: Steve Hawkins <shawkins@redhat.com>
2024-05-02 16:48:43 +02:00
Douglas Palmer
8d4d5c1c54 Remove redundant servers from the testsuite
Closes #29089

Signed-off-by: Douglas Palmer <dpalmer@redhat.com>
2024-04-30 17:39:32 +02:00
Alexander Schwartz
99cb437dc7 Fix product name usage for downstream documentation
Closes #29154

Signed-off-by: Alexander Schwartz <aschwart@redhat.com>
2024-04-29 18:05:00 +02:00
Jon Koops
a6e2ab5523 Remove jaxrs-oauth-client and OIDC servlet-filter adapters
Closes #28784

Signed-off-by: Jon Koops <jonkoops@gmail.com>
2024-04-26 15:56:57 +02:00
Douglas Palmer
cca660067a Remove JAAS login modules
Closes #28789

Signed-off-by: Douglas Palmer <dpalmer@redhat.com>
2024-04-26 09:30:35 +02:00
Douglas Palmer
eae20c76bd Remove KeycloakInstalled
Signed-off-by: Douglas Palmer <dpalmer@redhat.com>

Closes #28790
2024-04-26 09:30:35 +02:00
Douglas Palmer
b2f09feebf Remove servlet filter saml adapters
Closes #28786

Signed-off-by: Douglas Palmer <dpalmer@redhat.com>
2024-04-26 09:30:35 +02:00
Douglas Palmer
3e13b40648 Remove Spring adapters
Closes #28780

Signed-off-by: Douglas Palmer <dpalmer@redhat.com>
2024-04-26 09:30:35 +02:00
Douglas Palmer
bf2c97065f Remove SpringBoot adapters
Closes #28781

Signed-off-by: Douglas Palmer <dpalmer@redhat.com>
2024-04-26 09:30:35 +02:00
Douglas Palmer
43aa10e091 Remove Tomcat OIDC adapter
Closes #28778

Signed-off-by: Douglas Palmer <dpalmer@redhat.com>
2024-04-26 09:30:35 +02:00
Douglas Palmer
98faf6e6a0 Remove Tomcat SAML adapter
Signed-off-by: Douglas Palmer <dpalmer@redhat.com>

Closes #28783
2024-04-26 09:30:35 +02:00
Mark Banierink
ad32896725
replaced and removed deprecated token methods (#27715)
closes #19671 

Signed-off-by: Mark Banierink <mark.banierink@nedap.com>


Co-authored-by: Pedro Igor <pigor.craveiro@gmail.com>
2024-04-23 09:23:37 +02:00
rmartinc
eac4b53751 Incorrect proxyMappings example in the guides
Closes #25514

Signed-off-by: rmartinc <rmartinc@redhat.com>
2024-04-22 18:30:41 +02:00
Stefan Guilhen
8ca4bc77a1 Improve the performance of the queries used to find granted resources
- simplifies the queries to avoid unnecessary join
- creates two new indexes to speed up search time

Closes #28861

Signed-off-by: Stefan Guilhen <sguilhen@redhat.com>
2024-04-22 11:26:06 -03:00
Lex Cao
7e034dbbe0
Add IdpConfirmOverrideLinkAuthenticator to handle duplicate federated identity (#26393)
Closes #26201.

Signed-off-by: Lex Cao <lexcao@foxmail.com>


Co-authored-by: andymunro <48995441+andymunro@users.noreply.github.com>
2024-04-22 11:30:14 +02:00
Alexander Schwartz
9d0b1ecee4 Review CLI option change for caching
Closes #28750

Signed-off-by: Alexander Schwartz <aschwart@redhat.com>
2024-04-20 18:30:24 +02:00
Pedro Ruivo
3de5357091 CLI options to disable encryption and authentication to external Infinispan
Closes #28750

Signed-off-by: Pedro Ruivo <pruivo@redhat.com>
2024-04-20 18:30:24 +02:00
Pedro Ruivo
3e0a185070 Remove deprecated EnvironmentDependentProviderFactory.isSupported method
Closes #26280

Signed-off-by: Pedro Ruivo <pruivo@redhat.com>
2024-04-19 16:36:49 +02:00
Pascal Knüppel
ef45629df4
Add docs for transient-users how to prevent profile-review (#28889)
Signed-off-by: Captain-P-Goldfish <captain.p.goldfish@gmx.de>

#relatesTo https://github.com/keycloak/keycloak/discussions/26637
2024-04-18 23:49:51 +02:00
Ricardo Martin
fc6b6f0d94
Perform exact string match if redirect URI contains userinfo, encoded slashes or parent access (#131) (#28872)
Closes keycloak/keycloak-private#113
Closes keycloak/keycloak-private#134

Signed-off-by: rmartinc <rmartinc@redhat.com>
Co-authored-by: Stian Thorgersen <stianst@gmail.com>
2024-04-18 16:02:24 +02:00
Martin Bartoš
7f74286106 Emphasize the need for setting container limit
Closes #28729

Signed-off-by: Martin Bartoš <mabartos@redhat.com>
2024-04-18 15:44:27 +02:00
Thomas Darimont
eb2936f655 Add note about using groups with transient-users
Document an additional approach for managing user-roles for transient-users via groups.

Signed-off-by: Thomas Darimont <thomas.darimont@googlemail.com>
2024-04-18 14:49:18 +02:00
rmartinc
ddacfbdefd Remove deprecated LinkedIn social provider
Closes #23127

Signed-off-by: rmartinc <rmartinc@redhat.com>
2024-04-18 10:10:58 +02:00
Peter Zaoral
e7dd5c1991
Hostname:v2 docs (#28123)
* hostname.adoc now contains the new hostname guide
* the old hostname is now available under hostname-deprecated.adoc

Closes: #27729

Signed-off-by: Peter Zaoral <pzaoral@redhat.com>
2024-04-17 09:31:14 +02:00
Martin Bartoš
1fb83bb165
Release notes and Migration guide for Hostname v2 (#28621)
Closes #27730

Signed-off-by: Martin Bartoš <mabartos@redhat.com>
Co-authored-by: Václav Muzikář <vmuzikar@redhat.com>
Co-authored-by: Peter Zaoral <pzaoral@redhat.com>
2024-04-17 09:29:59 +02:00
Alexander Schwartz
5b4a69a6e9 Limit the concurrency of password hashing to the number of CPU cores available
Closes #28477

Signed-off-by: Alexander Schwartz <aschwart@redhat.com>
2024-04-15 15:05:09 +02:00
Steven Hawkins
58398d1f69
fix: replaces aesh with picocli (#28276)
* fix: replaces aesh with picocli

closes: #28275

Signed-off-by: Steve Hawkins <shawkins@redhat.com>

* fix: replaces aesh with picocli

closes: #28275

Signed-off-by: Steve Hawkins <shawkins@redhat.com>

---------

Signed-off-by: Steve Hawkins <shawkins@redhat.com>
2024-04-15 13:04:58 +00:00
Christopher Miles
1646315939 Deny list lower cases all passwords when loading from file
Closes #28381

We always lower case the inbound password before comparing against the deny list
yet the deny list may contain passwords that contain upper case letters. With
this change we will now convert passwords from the deny list into lower case
while loading, ensuring that more passwords match the deny list.

Signed-off-by: Christopher Miles <twitch@nervestaple.com>
2024-04-15 08:49:37 +02:00
Marek Posolda
e6747bfd23
Adjust priority of SubMapper (#28663)
closes #28661


Co-authored-by: andymunro <48995441+andymunro@users.noreply.github.com>
2024-04-12 14:13:03 +02:00
Martin Bartoš
a3669a6562
Make general cache options runtime (#28542)
Closes #27549

Signed-off-by: Martin Bartoš <mabartos@redhat.com>
2024-04-12 11:56:11 +02:00
rmartinc
6d74e6b289 Escape slashes in full group path representation but disabled by default
Closes #23900

Signed-off-by: rmartinc <rmartinc@redhat.com>
2024-04-12 10:53:39 +02:00
Niko Köbler
67e4015f67 improve doc for transient users
adding a note to pay attention especially to the default-roles

Signed-off-by: Niko Köbler <niko@n-k.de>
2024-04-12 10:50:30 +02:00
Marek Posolda
74faddec8e
Release notes for lightweight access tokens and group together relate… (#28622)
closes #28460

Signed-off-by: mposolda <mposolda@gmail.com>


Co-authored-by: andymunro <48995441+andymunro@users.noreply.github.com>
2024-04-11 20:02:33 +02:00
Jon Koops
9b94b6f47e
Add release notes for changes to Account and Admin consoles (#28545)
Signed-off-by: Jon Koops <jonkoops@gmail.com>
2024-04-11 08:42:08 +02:00
Marek Posolda
13daaa55ba
Documentation for changes related to 'You are already logged in' scen… (#28595)
closes #27879

Signed-off-by: mposolda <mposolda@gmail.com>


Co-authored-by: andymunro <48995441+andymunro@users.noreply.github.com>
2024-04-11 08:18:41 +02:00
Giuseppe Graziano
33b747286e Changed userId value for refresh token events
Closes #28567

Signed-off-by: Giuseppe Graziano <g.graziano94@gmail.com>
2024-04-11 07:46:44 +02:00
Václav Muzikář
33f580daa4
Hostname v2 for Operator (#28599)
Closes #27728

Signed-off-by: Václav Muzikář <vmuzikar@redhat.com>
2024-04-10 18:56:47 +02:00
Giuseppe Graziano
c76cbc94d8 Add sub via protocol mapper to access token
Closes #21185

Signed-off-by: Giuseppe Graziano <g.graziano94@gmail.com>
2024-04-10 10:40:42 +02:00
Martin Bartoš
b2c88e9876
docs: Support management port for health and metrics (#28213)
Relates to #19334

Signed-off-by: Martin Bartoš <mabartos@redhat.com>
Co-authored-by: Alexander Schwartz <aschwart@redhat.com>
Co-authored-by: Václav Muzikář <vmuzikar@redhat.com>
2024-04-09 14:33:30 +02:00
Alexander Schwartz
3ba9a905c9 Provide histograms for http server metrics
Closes #28178

Co-authored-by: Martin Bartoš <mabartos@redhat.com>
Signed-off-by: Martin Bartoš <mabartos@redhat.com>
Signed-off-by: Alexander Schwartz <aschwart@redhat.com>
2024-04-09 12:52:42 +02:00
Stian Thorgersen
a499512f35
Set SameSite for all cookies (#28467)
Closes #28465

Signed-off-by: stianst <stianst@gmail.com>
2024-04-09 12:29:19 +02:00
Steve Hawkins
9afe3a2560 fix: changing max threads default
closes: #17483

Signed-off-by: Steve Hawkins <shawkins@redhat.com>
2024-04-09 12:14:56 +02:00
Václav Muzikář
e4987f10f5
Hostname SPI v2 (#26345)
* Hostname SPI v2

Closes: #26084

Signed-off-by: Václav Muzikář <vmuzikar@redhat.com>

* Fix HostnameV2DistTest#testServerFailsToStartWithoutHostnameSpecified

Signed-off-by: Václav Muzikář <vmuzikar@redhat.com>

* Address review comment

Signed-off-by: Václav Muzikář <vmuzikar@redhat.com>

* Partially revert the previous fix

Signed-off-by: Václav Muzikář <vmuzikar@redhat.com>

* Do not polish values

Signed-off-by: Václav Muzikář <vmuzikar@redhat.com>

* Remove filtering of denied categories

Signed-off-by: Václav Muzikář <vmuzikar@redhat.com>

---------

Signed-off-by: Václav Muzikář <vmuzikar@redhat.com>
2024-04-09 11:25:19 +02:00
Martin Bartoš
9c1790af68
Enable Syslog log handler (#28462)
* Enable syslog log handler

Closes #27544

Signed-off-by: Martin Bartoš <mabartos@redhat.com>

* Suggest an alternative to GELF

Signed-off-by: Martin Bartoš <mabartos@redhat.com>

---------

Signed-off-by: Martin Bartoš <mabartos@redhat.com>
2024-04-08 17:38:20 +02:00
Pedro Igor
52ba9b4b7f Make sure attribute metadata from user storage providers are added only for the provider associated with a federated user
Closes #28248

Signed-off-by: Pedro Igor <pigor.craveiro@gmail.com>
2024-04-08 09:05:16 -03:00
Giuseppe Graziano
b4f791b632 Remove session_state from tokens
Closes #27624

Signed-off-by: Giuseppe Graziano <g.graziano94@gmail.com>
2024-04-08 08:12:51 +02:00
Stian Thorgersen
b9feaec38e
Ignore all links to GitHub when checking external links in docs due to rate limiting issues (#28472)
Closes #28330

Signed-off-by: stianst <stianst@gmail.com>
2024-04-05 15:36:38 +02:00
Pedro Igor
8fb6d43e07 Do not export ids when exporting authorization settings
Closes #25975

Co-authored-by: 박시준 <sjpark@logblack.com>
Signed-off-by: Pedro Igor <pigor.craveiro@gmail.com>
2024-04-04 19:26:03 +02:00
Ryan Emerson
71eacdc1c5 Update HA Guide now that non-XA mode is the default. Fixes #28142
Signed-off-by: Ryan Emerson <remerson@redhat.com>
2024-04-04 13:15:42 +02:00
Ryan Emerson
9bf131b5fb HA guide erroneously refers to AWS Global Accelerator. Fixes #28174
Signed-off-by: Ryan Emerson <remerson@redhat.com>
2024-04-04 13:15:42 +02:00
Alexander Schwartz
c1a471755d Fix lists to be rendered as expected
Closes #28377

Signed-off-by: Alexander Schwartz <aschwart@redhat.com>
2024-04-04 11:16:57 +02:00
Alexander Schwartz
1d204e77a4
Fix source highlighting for log output (#28375)
Closes #28374

Signed-off-by: Alexander Schwartz <aschwart@redhat.com>
2024-04-03 08:32:48 +02:00
Clemens Zagler
b44252fde9 authz/client: Fix getPermissions returning wrong type
Due to an issue with runtime type erasure, getPermissions returned a
List<LinkedHashSet> instead of List<Permission>.
Fixed and added test to catch this

Closes #16520

Signed-off-by: Clemens Zagler <c.zagler@noi.bz.it>
2024-04-02 11:09:43 -03:00
Giuseppe Graziano
fe06df67c2 New default client scope for 'basic' claims with 'auth_time' protocol mapper
Closes #27623

Signed-off-by: Giuseppe Graziano <g.graziano94@gmail.com>
2024-04-02 08:44:28 +02:00
Steven Hawkins
e9ad9d0564
fix: replace aesh with picocli (#27458)
* fix: replace aesh with picocli

closes: #27388

Signed-off-by: Steve Hawkins <shawkins@redhat.com>

* Update integration/client-cli/admin-cli/src/main/java/org/keycloak/client/admin/cli/commands/AbstractRequestCmd.java

Co-authored-by: Martin Bartoš <mabartos@redhat.com>

* splitting the error handling for password input

Signed-off-by: Steve Hawkins <shawkins@redhat.com>

* adding a change note about kcadm

Signed-off-by: Steve Hawkins <shawkins@redhat.com>

* Update docs/documentation/upgrading/topics/changes/changes-25_0_0.adoc

Co-authored-by: Martin Bartoš <mabartos@redhat.com>

---------

Signed-off-by: Steve Hawkins <shawkins@redhat.com>
Co-authored-by: Martin Bartoš <mabartos@redhat.com>
2024-03-28 14:34:06 +01:00
Gilvan Filho
757c524cc5 Password policy for not having username in the password
closes #27643

Signed-off-by: Gilvan Filho <gfilho@redhat.com>
2024-03-28 08:29:03 +01:00
Alexander Schwartz
305dd5812e Make use of attributes consistent between old docs and new guides
Closes #28215

Signed-off-by: Alexander Schwartz <aschwart@redhat.com>
2024-03-26 17:07:54 +01:00
Stian Thorgersen
c3a98ae387
Use Argon2 as default password hashing algorithm (#28162)
Closes #28161

Signed-off-by: stianst <stianst@gmail.com>
2024-03-22 13:04:14 +00:00
rmartinc
d4da0c816c Upgrading note to warn truststore changes affect webauthn registration
Closes #28113

Signed-off-by: rmartinc <rmartinc@redhat.com>
2024-03-22 10:58:48 +01:00
Steven Hawkins
619775b8db
fix: simplifies the parsing routine, which accounts for leading 0's (#28102)
closes: #27839

Signed-off-by: Steve Hawkins <shawkins@redhat.com>
2024-03-22 09:19:52 +01:00
Steven Hawkins
6cc66109d5
doc: add keycloak cr truststores (#28015)
closes: #27892

Signed-off-by: Steve Hawkins <shawkins@redhat.com>
2024-03-22 08:27:15 +01:00
Stian Thorgersen
3f9cebca39
Ability to set the default provider for an SPI (#28135)
Closes #28134

Signed-off-by: stianst <stianst@gmail.com>
2024-03-22 07:45:08 +01:00
Stian Thorgersen
cae92cbe8c
Argon2 password hashing provider (#28031)
Closes #28030

Signed-off-by: stianst <stianst@gmail.com>
2024-03-22 07:08:09 +01:00
andymunro
8602b4f9cf
Edits to Operator Guide
Closes #28009

Signed-off-by: AndyMunro <amunro@redhat.com>
Signed-off-by: Alexander Schwartz <aschwart@redhat.com>
Co-authored-by: Alexander Schwartz <aschwart@redhat.com>
2024-03-21 17:44:44 +00:00
Steven Hawkins
cbe185fbab
doc: add a note about lack of other JAX-RS support (#28048)
closes: #27057

Signed-off-by: Steve Hawkins <shawkins@redhat.com>
2024-03-21 16:59:22 +01:00
Steven Hawkins
7eab019748
task: deprecate WILDCARD and STRICT options (#26833)
closes: #24893

Signed-off-by: Steve Hawkins <shawkins@redhat.com>
2024-03-21 16:22:41 +01:00
Alexander Schwartz
c4fdf1cee7
Enable HTTP metrics for Keycloak by default (#28088)
Closes #27924

Signed-off-by: Alexander Schwartz <aschwart@redhat.com>
2024-03-21 16:18:03 +01:00
Steve Hawkins
91c89c28e7 fix: changes xa transaction related defaults
xa is not enabled by default
recovery is enabled by default

closes #27308

Signed-off-by: Steve Hawkins <shawkins@redhat.com>
2024-03-21 16:01:19 +01:00
Sebastian Schuster
0542554984 12671 querying by user attribute no longer forces case insensitivity for keys
Signed-off-by: Sebastian Schuster <sebastian.schuster@bosch.io>
2024-03-21 08:35:29 -03:00
Pedro Ruivo
2387549308 Upgrade Infinispan to 14.0.27.Final
Closes #28033

Signed-off-by: Pedro Ruivo <pruivo@redhat.com>
2024-03-19 11:18:42 +01:00
Alexander Schwartz
fbdb2ed9f7 Updated performance impact due to changed hashing
Fixes #27900

Signed-off-by: Alexander Schwartz <aschwart@redhat.com>
2024-03-19 09:30:49 +01:00
AndyMunro
d61b1ddb09 Edit use of Keycloak in Server Admin Guide
Closes #27955

Signed-off-by: AndyMunro <amunro@redhat.com>
2024-03-18 09:51:55 +01:00
AndyMunro
0e5d685cd3 Revise use of Keycloak term
Closes #27953

Signed-off-by: AndyMunro <amunro@redhat.com>
2024-03-18 09:50:26 +01:00
Alexander Schwartz
4bbe4705d4
Remove http metrics from the docs as they are not available in the current release (#27926)
Fixes #27925

Signed-off-by: Alexander Schwartz <aschwart@redhat.com>
2024-03-15 17:57:56 +01:00
Alexander Schwartz
62d24216e3 Remove offline session preloading
Closes #27602

Signed-off-by: Alexander Schwartz <aschwart@redhat.com>
2024-03-15 15:19:27 +01:00
Stian Thorgersen
2bddfe7380
Remove log4j from documentation tests (#27929)
Signed-off-by: stianst <stianst@gmail.com>
2024-03-15 15:06:24 +01:00
AndyMunro
e40227fa50 Address comments on Securing Apps
Closes #27867

Signed-off-by: AndyMunro <amunro@redhat.com>
2024-03-15 13:04:05 +01:00
Stian Thorgersen
81f3f211f3
Delete all deprecated and unmaintained examples (#27855)
Signed-off-by: stianst <stianst@gmail.com>
2024-03-15 07:24:20 +01:00
Steven Hawkins
1cc1911ec3
doc: adding a note about repairing a corrupted classloading index (#27906)
relates to: #26396

Signed-off-by: Steve Hawkins <shawkins@redhat.com>
2024-03-14 16:47:07 +01:00
larsw
42244d2a67
doc/token-exchange.adoc: issuer claim -> iss claim (#27018)
Fixed a typo in the text.
2024-03-14 13:37:40 +01:00
Pedro Ruivo
a5634b201c
Use new remote-store options in HA guides
Fixes #27508

Signed-off-by: Pedro Ruivo <pruivo@redhat.com>
Signed-off-by: Alexander Schwartz <aschwart@redhat.com>
Co-authored-by: Alexander Schwartz <aschwart@redhat.com>
2024-03-14 12:47:35 +01:00
andymunro
be29be6741
Edit Keycloak 23 part of Upgrading Guide
Closes #27484

Signed-off-by: AndyMunro <amunro@redhat.com>
2024-03-14 11:03:58 +01:00
mposolda
1f80f561db Update version of bctls-fips in the docs
closes #27882

Signed-off-by: mposolda <mposolda@gmail.com>
2024-03-14 08:58:34 +01:00
Stefan Guilhen
be6f0bc520
Add a section on the admin console partial import/export capability
Closes #25490

Signed-off-by: Stefan Guilhen <sguilhen@redhat.com>
Signed-off-by: Alexander Schwartz <aschwart@redhat.com>
Signed-off-by: andymunro <48995441+andymunro@users.noreply.github.com>
Co-authored-by: Alexander Schwartz <aschwart@redhat.com>
Co-authored-by: andymunro <48995441+andymunro@users.noreply.github.com>
2024-03-14 08:50:54 +01:00
Alexander Schwartz
1788cf2b09 Enable Infinispan metrics automatically if overall metrics are enabled
Closes #27724

Signed-off-by: Alexander Schwartz <aschwart@redhat.com>
2024-03-13 18:55:45 +01:00
Ryan Emerson
a32808e8eb
Upgrade to Infinispan 14.0.26.Final
Closes #27871

Signed-off-by: Ryan Emerson <remerson@redhat.com>
Signed-off-by: Alexander Schwartz <aschwart@redhat.com>
Co-authored-by: Alexander Schwartz <aschwart@redhat.com>
2024-03-13 17:24:20 +00:00
Alexander Schwartz
6de5325d1c Limit the received content when handling the content as a String
Closes #27293

Co-authored-by: rmartinc <rmartinc@redhat.com>
Signed-off-by: rmartinc <rmartinc@redhat.com>
Signed-off-by: Alexander Schwartz <aschwart@redhat.com>
2024-03-13 16:43:03 +01:00
Steven Hawkins
e22148043b
doc: mention that the split package warning may not happen (#27789)
closes: #26396

Signed-off-by: Steve Hawkins <shawkins@redhat.com>
2024-03-13 14:57:20 +01:00
Stian Thorgersen
1f772d2957
Move authenticator example to quickstarts (#27850)
Signed-off-by: stianst <stianst@gmail.com>
2024-03-13 11:52:29 +00:00
stianst
15717cc152 Remove deprecated cookie code
Closes #26813

Signed-off-by: stianst <stianst@gmail.com>
2024-03-12 17:24:14 +01:00
Alexander Schwartz
967ceddfbb
Fixing downstream documentation build (#27781)
Closes #27780

Signed-off-by: Alexander Schwartz <aschwart@redhat.com>
2024-03-12 08:37:41 +01:00
andymunro
66cffca3d4
Simplify Upgrade Guide structure
Closes #27632

Signed-off-by: AndyMunro <amunro@redhat.com>
Signed-off-by: Alexander Schwartz <aschwart@redhat.com>
Co-authored-by: Alexander Schwartz <aschwart@redhat.com>
2024-03-11 16:22:46 +01:00
Alexander Schwartz
050acf0d94
Map Storage Removal: Remove deprecated model/legacy module (#27601)
Closes #26657

Signed-off-by: Alexander Schwartz <aschwart@redhat.com>
2024-03-08 15:17:24 +00:00
Martin Bartoš
c5553b46b4
Update Welcome page image in docs
Closes #27719

Signed-off-by: Martin Bartoš <mabartos@redhat.com>
2024-03-08 15:00:36 +01:00
Martin Bartoš
e4aa1b5f95
Conditionally enable and disable CLI options (#25333)
* Conditionally enable and disable CLI options

Closes #13113

Signed-off-by: Martin Bartoš <mabartos@redhat.com>

* Support for duplicates in config

Signed-off-by: Martin Bartoš <mabartos@redhat.com>

* Fix rendering config options in docs

Fixes #26515

Signed-off-by: Martin Bartoš <mabartos@redhat.com>

* Reorder OptionsDistTest

Signed-off-by: Martin Bartoš <mabartos@redhat.com>

---------

Signed-off-by: Martin Bartoš <mabartos@redhat.com>
2024-03-07 20:36:43 +00:00
rmartinc
dea15e25da Only add the nonce claim to the ID Token (mapper for backwards compatibility)
Closes #26893

Signed-off-by: rmartinc <rmartinc@redhat.com>
2024-03-07 09:56:57 +01:00
Alexander Schwartz
fa12b14a32 Update docs about when emails for changed credentials are sent
Closes #27620

Co-authored-by: andymunro <48995441+andymunro@users.noreply.github.com>
Signed-off-by: Alexander Schwartz <aschwart@redhat.com>
Signed-off-by: andymunro <48995441+andymunro@users.noreply.github.com>
2024-03-07 07:16:16 +01:00
Václav Muzikář
43727aa10f
Clarify format of keys in additionalOptions field in the Keycloak CR (#27435)
Closes #27433

Signed-off-by: Václav Muzikář <vmuzikar@redhat.com>
2024-03-06 17:10:41 +01:00
Alexander Schwartz
2199d37879
Add multi-site active-passive support to the release notes (#27575)
Closes #27573

Signed-off-by: Alexander Schwartz <aschwart@redhat.com>
2024-03-06 12:59:22 +01:00
Alexander Schwartz
4b697009d3
Clean up feature IDs in the docs (#27418)
Closes #27416

Signed-off-by: Alexander Schwartz <aschwart@redhat.com>
2024-03-06 12:32:06 +01:00
Pedro Igor
d12711e858 Allow fetching roles when evaluating role licies
Closes #20736

Signed-off-by: Pedro Igor <pigor.craveiro@gmail.com>
2024-03-05 15:54:02 +01:00
Alexander Schwartz
aec6020750 URL change as liquibase.org now redirects
Closes #27540

Signed-off-by: Alexander Schwartz <aschwart@redhat.com>
2024-03-05 13:24:12 +01:00
Ryan Emerson
244ecd45a7
Upgrade to Aurora Postgres 15.5
Closes #27509

Signed-off-by: Ryan Emerson <remerson@redhat.com>
2024-03-05 10:29:20 +01:00