No description
Find a file
Jon Koops 3216e7c781
Only allow a known refferer URI for the Account Console (#28743)
Closes #27628

Signed-off-by: Jon Koops <jonkoops@gmail.com>
2024-04-16 17:24:22 +02:00
.github Upgrade artifact actions to latest version (#28483) 2024-04-15 17:14:00 +02:00
.idea Add Intellij project icon 2023-09-18 12:39:16 +02:00
.mvn Update Maven dependency versions for docs 2024-02-01 13:42:25 +01:00
adapters Retry the login in the SAML adapter if response is authentication_expired 2024-04-12 14:55:31 +02:00
authz Adding tests 2024-04-03 08:04:17 -03:00
boms Upgrade nexus staging maven plugin version (#21428) 2023-07-04 11:00:04 +00:00
common Hostname SPI v2 (#26345) 2024-04-09 11:25:19 +02:00
core Prevent members with an email other than the domain set to an organization 2024-04-12 08:33:18 -03:00
crypto Limit the concurrency of password hashing to the number of CPU cores available 2024-04-15 15:05:09 +02:00
dependencies Map Store Removal: Rename legacy modules 2024-01-25 16:29:16 +01:00
distribution Fix api-docs-dist after removal of resteasy-core (#27407) 2024-03-01 09:47:44 +01:00
docs Limit the concurrency of password hashing to the number of CPU cores available 2024-04-15 15:05:09 +02:00
federation Add null checks after retrieving user from LDAP for validation to prevent NPE when user is removed in LDAP. 2024-04-11 14:29:30 -03:00
integration fix: replaces aesh with picocli (#28276) 2024-04-15 13:04:58 +00:00
js Only allow a known refferer URI for the Account Console (#28743) 2024-04-16 17:24:22 +02:00
misc Showing the original exception plus any swallowed exceptions. (#25428) 2023-12-13 11:56:08 +01:00
model NPE when listing sessions in UI if associated user is gone 2024-04-16 11:53:36 -03:00
operator fix: adjusting the test to use a fully valid config 2024-04-12 21:17:52 +02:00
quarkus Persistent sessions code also for offline sessions (#28319) 2024-04-12 13:15:02 +02:00
rest Ensure correct treatment of auth and transient users 2024-04-15 10:17:34 +02:00
saml-core SAML element EncryptionMethod can consist any element 2024-04-09 14:15:56 +02:00
saml-core-api SAML element EncryptionMethod can consist any element 2024-04-09 14:15:56 +02:00
server-spi Add validation for the organization's internet domains. 2024-04-15 09:03:52 -03:00
server-spi-private Deny list lower cases all passwords when loading from file 2024-04-15 08:49:37 +02:00
services Only allow a known refferer URI for the Account Console (#28743) 2024-04-16 17:24:22 +02:00
testsuite Refactor and remove deprecated Infinispan methods from DefaultInfinispanConnectionProviderFactory 2024-04-16 10:51:57 +02:00
themes Bump rollup from 4.14.2 to 4.14.3 (#28765) 2024-04-16 13:53:43 +02:00
util Artifact SLF4J LOG4J-12 has been relocated (#20113) 2023-05-05 13:57:45 +02:00
.gitattributes Use lf as line-ending for sh files 2022-07-19 08:57:57 +02:00
.gitignore Move all JavaScript projects into single PNPM workspace (#24537) 2024-04-02 16:14:58 +02:00
.gitleaks.toml Ignore a false positive in internal code scan (#27811) 2024-03-12 15:49:46 +01:00
ADOPTERS.md add Bundesagentur für Arbeit to ADOPTERS.md (#26784) 2024-02-05 14:32:49 +01:00
CONTRIBUTING.md Add DCO to CONTRIBUTING.md (#24384) 2023-10-31 08:44:43 +01:00
eslint.config.js Explicitly specify React version for ESLint (#28726) 2024-04-15 14:44:06 +02:00
get-version.sh Added get-version script 2019-03-05 08:42:14 +01:00
GOVERNANCE.md Removed links from relocated repositories (#19703) 2023-04-13 12:59:43 -04:00
LICENSE.txt Added text version of ASL2 license 2019-11-08 12:43:10 +01:00
MAINTAINERS.md Add Alexander Schwartz to the list of maintainers 2023-06-27 06:45:06 -03:00
maven-settings.xml [KEYCLOAK-11764] Upgrade to Wildfly 19 2020-04-24 08:19:43 -03:00
mvnw Update Maven Wrapper to 3.2.0 2023-09-12 08:56:15 +02:00
mvnw.cmd Update Maven Wrapper to 3.2.0 2023-09-12 08:56:15 +02:00
package.json Bump eslint-plugin-cypress from 2.15.1 to 2.15.2 (#28762) 2024-04-16 12:31:50 +02:00
pnpm-lock.yaml Bump vite from 5.2.8 to 5.2.9 (#28810) 2024-04-16 14:38:28 +00:00
pnpm-workspace.yaml Move all JavaScript projects into single PNPM workspace (#24537) 2024-04-02 16:14:58 +02:00
pom.xml fix: replaces aesh with picocli (#28276) 2024-04-15 13:04:58 +00:00
PR-CHECKLIST.md Introduce CODEOWNERS (#16637) 2023-01-30 13:05:45 +01:00
README.md Add some badges to README.md (#27921) 2024-03-15 11:25:21 +01:00
SECURITY-INSIGHTS.yml Provide an OpenSSF security insights manifest file 2024-02-15 11:02:33 -03:00
set-version.sh Fix set-version.sh's handling of NPM versions (#23638) 2023-10-04 08:00:53 +02:00
tsconfig.eslint.json Move ESLint configuration to project root (#28639) 2024-04-12 08:34:18 +00:00
tsconfig.json Move ESLint configuration to project root (#28639) 2024-04-12 08:34:18 +00:00

Keycloak

GitHub Release OpenSSF Best Practices GitHub Repo stars GitHub commit activity

Open Source Identity and Access Management

Add authentication to applications and secure services with minimum effort. No need to deal with storing users or authenticating users.

Keycloak provides user federation, strong authentication, user management, fine-grained authorization, and more.

Help and Documentation

Reporting Security Vulnerabilities

If you have found a security vulnerability, please look at the instructions on how to properly report it.

Reporting an issue

If you believe you have discovered a defect in Keycloak, please open an issue. Please remember to provide a good summary, description as well as steps to reproduce the issue.

Getting started

To run Keycloak, download the distribution from our website. Unzip and run:

bin/kc.[sh|bat] start-dev

Alternatively, you can use the Docker image by running:

docker run quay.io/keycloak/keycloak start-dev

For more details refer to the Keycloak Documentation.

Building from Source

To build from source, refer to the building and working with the code base guide.

Testing

To run tests, refer to the running tests guide.

Writing Tests

To write tests, refer to the writing tests guide.

Contributing

Before contributing to Keycloak, please read our contributing guidelines. Participation in the Keycloak project is governed by the CNCF Code of Conduct.

Other Keycloak Projects

License