bae3963d25
Refactor SessionsResource for better memory usage and performance
...
Closes #45727
Signed-off-by: Pedro Ruivo <1492066+pruivo@users.noreply.github.com >
Signed-off-by: Alexander Schwartz <alexander.schwartz@ibm.com >
Co-authored-by: Pedro Ruivo <1492066+pruivo@users.noreply.github.com >
Co-authored-by: Alexander Schwartz <alexander.schwartz@ibm.com >
2026-01-29 11:38:54 +01:00
47b91b995d
Add revert button to client credentials form
...
Signed-off-by: Tero Saarni <tero.saarni@est.tech >
2026-01-28 18:36:36 +01:00
cb4c533464
Add support for looking up client secrets via Vault SPI ( #39650 )
...
Fixes #13102
Signed-off-by: Tero Saarni <tero.saarni@est.tech >
2026-01-28 16:45:30 +01:00
0bc95be9cc
Remove ignored-links after 26.5.0
...
Closes #44810
Signed-off-by: Giuseppe Graziano <g.graziano94@gmail.com >
2026-01-28 15:08:08 +00:00
b9243a7270
Only enable JS policies if the scripts feature is enabled
...
Closes #44132
Signed-off-by: Pedro Igor <pigor.craveiro@gmail.com >
2026-01-28 12:28:32 +01:00
38b5466093
fix: aligns our dev http-host default behavior with that of quarkus ( #45691 )
...
closes : #42876
Signed-off-by: Steve Hawkins <shawkins@redhat.com >
Signed-off-by: Steven Hawkins <shawkins@redhat.com >
2026-01-27 16:51:47 +01:00
eac504cce5
OTEL: Ability to specify headers for exporters
...
Closes #45220
Co-authored-by: Ryan Emerson <remerson@ibm.com >
Signed-off-by: Martin Bartoš <mabartos@redhat.com >
2026-01-27 10:36:18 +00:00
77704a91b6
fix: adding support for xforwarded prefix ( #45699 )
...
closes : #35298
Signed-off-by: Steve Hawkins <shawkins@redhat.com >
2026-01-26 18:14:54 +01:00
b247ef12cd
Fix indentation in sample Keycloak CR YAML in Operator rolling updates doc
...
Closes #45755
Signed-off-by: Tomas Kyjovsky <tkyjovsk@ibm.com >
2026-01-26 16:52:27 +01:00
2f4f36eabc
Add realm id column to offline_client_session table
...
Closes #44424
Signed-off-by: Pedro Ruivo <1492066+pruivo@users.noreply.github.com >
Co-authored-by: Pedro Ruivo <1492066+pruivo@users.noreply.github.com >
2026-01-23 16:28:34 +01:00
e278a2f6fd
Changing default clock skew for not-issued-before to 10 seconds
...
Closes #45620
Signed-off-by: Alexander Schwartz <alexander.schwartz@ibm.com >
2026-01-22 19:11:10 +01:00
57f0b15c80
OTEL: Add Telemetry options to Keycloak CR ( #45397 )
...
* OTEL: Add Telemetry options to Keycloak CR
Closes #45348
Signed-off-by: Martin Bartoš <mabartos@redhat.com >
Co-authored-by: Steven Hawkins <shawkins@redhat.com >
Co-authored-by: Václav Muzikář <vaclav@muzikari.cz >
* Add validation to resource attributes
Signed-off-by: Martin Bartoš <mabartos@redhat.com >
* Avoid unnecessary warning logs during the operator tests execution
Closes #45623
Signed-off-by: Martin Bartoš <mabartos@redhat.com >
* Update docs/documentation/upgrading/topics/changes/changes-26_6_0.adoc
Signed-off-by: Václav Muzikář <vaclav@muzikari.cz >
---------
Signed-off-by: Martin Bartoš <mabartos@redhat.com >
Signed-off-by: Václav Muzikář <vaclav@muzikari.cz >
Co-authored-by: Steven Hawkins <shawkins@redhat.com >
Co-authored-by: Václav Muzikář <vaclav@muzikari.cz >
2026-01-22 16:02:06 +00:00
50366f03a6
Documentation for Authorization Chaining Across Domains
...
Closes #45466
Signed-off-by: rmartinc <rmartinc@redhat.com >
2026-01-22 16:33:27 +01:00
139de283cc
Add missing space to fix markdown code rendering ( #45621 )
...
Signed-off-by: Nate Drake <ndrake@gmail.com >
2026-01-22 15:59:24 +01:00
2cfef40ee3
Fix broken link for link in upgrading guide
...
Closes #45643
Signed-off-by: Alexander Schwartz <alexander.schwartz@ibm.com >
2026-01-22 11:50:06 +01:00
2f0689576b
Possible mismatch of charset/collation between columns on mysql/mariadb ( #45632 )
...
* Possible mismatch of charset/collation between columns on mysql/mariadb
Closes #45597
Signed-off-by: vramik <vramik@redhat.com >
2026-01-22 07:17:04 -03:00
7e20b87136
Add abstract property for themes and do not display base for selection
...
Closes #41924
Signed-off-by: rmartinc <rmartinc@redhat.com >
2026-01-21 15:42:52 +01:00
dbd8d47036
Upgrade command rolling updates for patch releases / step 3: Infinispan/JGroups
...
Closes #38884
Signed-off-by: Ruchika <ruchika.jha1@ibm.com >
2026-01-21 15:16:18 +01:00
cc8947a060
Keycloak should not allow matrix parameters in URLs as we don't use them
...
Closes #45533
Signed-off-by: Alexander Schwartz <alexander.schwartz@ibm.com >
2026-01-20 19:45:02 -03:00
1138952ba7
Provide HTTP access logs written to file with rotation ( #45437 )
...
Closes #41353
Signed-off-by: Martin Bartoš <mabartos@redhat.com >
2026-01-20 15:16:33 +01:00
a351784c33
Remove empty labels from keycloak_user_events_total metric ( #45583 )
...
Closes #45582
Signed-off-by: Luca Tronchin <ltronky@gmail.com >
2026-01-20 13:18:27 +01:00
dd0214bc78
Do not use whitelist/blacklist in the UI
...
Closes #45539
Signed-off-by: Alexander Schwartz <alexander.schwartz@ibm.com >
2026-01-20 11:12:23 +01:00
5724ae1534
Updating specifications list to show DPoP as supported
...
Closes #45584
Signed-off-by: Alexander Schwartz <alexander.schwartz@ibm.com >
2026-01-20 09:35:26 +01:00
137a35c110
Mask certain HTTP headers and cookies in the HTTP access log ( #45400 )
...
* Mask certain HTTP headers and cookies in the HTTP access log
Closes #43811
Signed-off-by: Martin Bartoš <mabartos@redhat.com >
Co-authored-by: Václav Muzikář <vaclav@muzikari.cz >
* Improve tests, Improve docs
Signed-off-by: Martin Bartoš <mabartos@redhat.com >
* Fix test
Signed-off-by: Martin Bartoš <mabartos@redhat.com >
---------
Signed-off-by: Martin Bartoš <mabartos@redhat.com >
Co-authored-by: Václav Muzikář <vaclav@muzikari.cz >
2026-01-19 19:01:45 +01:00
c8a41dea99
Reverting format changes, updating docs, and only exposing the method to fetch first-factor credentials
...
Signed-off-by: Pedro Igor <pigor.craveiro@gmail.com >
2026-01-19 08:30:47 -03:00
07b9b9656b
Allow client_id as an audience in the JWT Authorization Grant and Client Assertions
...
Closes #45178
Signed-off-by: rmartinc <rmartinc@redhat.com >
2026-01-16 15:48:28 +01:00
e2e11a3b8e
Hide Remember Me session settings when Remember Me is disabled in realm settings edit page in UI
...
Closes #44973
Signed-off-by: Ruchika <ruchika.jha1@ibm.com >
Signed-off-by: Ruchika Jha <Ruchika.Jha1@ibm.com >
Signed-off-by: Alexander Schwartz <alexander.schwartz@ibm.com >
Co-authored-by: Alexander Schwartz <alexander.schwartz@ibm.com >
2026-01-15 16:46:50 +00:00
ab351170b4
Support aggregated policies during partial evaluation
...
Closes #45324
Signed-off-by: Pedro Igor <pigor.craveiro@gmail.com >
2026-01-15 15:20:52 +01:00
37ff64446b
Allow hide organization brokers when the user does not map to any organization during login
...
Closes #45422
Signed-off-by: Pedro Igor <pigor.craveiro@gmail.com >
2026-01-15 15:19:43 +01:00
391593cfa7
Implement asynchronous logging when called from nonblocking threads
...
Closes #45015
Signed-off-by: Alexander Schwartz <alexander.schwartz@gmx.net >
Signed-off-by: Alexander Schwartz <alexander.schwartz@ibm.com >
Signed-off-by: Martin Bartoš <mabartos@redhat.com >
Co-authored-by: Martin Bartoš <mabartos@redhat.com >
2026-01-15 09:20:34 -03:00
ab25c8e059
Fix link to OpenTelemetry guide in logging
...
Closes keycloak/keycloak-web#692
Co-authored-by: Ryan Emerson <remerson@ibm.com >
Signed-off-by: Martin Bartoš <mabartos@redhat.com >
2026-01-15 11:05:21 +01:00
349c722ed9
Update multi-cluster documentation for zero-downtime upgrades
...
Closes #45338
Parts of the Infinispan docs for the in-place update of patch releases rely on ISPN16 behavior.
Signed-off-by: Ryan Emerson <remerson@ibm.com >
2026-01-14 12:35:03 +01:00
198730cd0d
Allow absolute path for cache-config-file ( #45416 )
...
Closes #19374
Signed-off-by: stianst <stianst@gmail.com >
2026-01-14 11:05:50 +00:00
cca5ef44fa
Updating the documentation
...
Signed-off-by: Pedro Igor <pigor.craveiro@gmail.com >
2026-01-13 16:42:07 -03:00
c8635f9bf2
ISPN16: Upgrade to Infinispan 16.0.5
...
Closes #45341
- Remove query modules
- Remove unused config file
- Update config file versions
- Update jgroups attributes
- Remove ISPN-16595 workaround
- Call HotRodServer#postStart in HotRodServerRule to start caches as well as the server
- Simplify cluster-ha.xml
- Utilise org.infinispan.commons.util.TimeQuantity in CacheConfiguration
- Cleanup when InfinispanContainer startup fails
- RemoteUserSessionProvider remote query calls must not use negative values for offsets and maxResults
- Remove use of deprecated org.infinispan.server.test.core.InfinispanContainer class
- Use testcontainers-infinispan dependency
- Explicitly utilise "legacy" metrics
- Remove explicit `name-as-tags` configuration as Infinispan 16 defaults to true
- Remove test configuration not required since #31807
Signed-off-by: Ryan Emerson <remerson@ibm.com >
Signed-off-by: Alexander Schwartz <alexander.schwartz@ibm.com >
Co-authored-by: Alexander Schwartz <alexander.schwartz@ibm.com >
2026-01-13 17:26:43 +01:00
23aad2a942
DPoP Guide ( #45274 )
...
Closes #42747
Signed-off-by: Giuseppe Graziano <g.graziano94@gmail.com >
2026-01-13 11:01:28 +01:00
141bcee4dd
Document that the the HA architectures are tested with Openshift 4.18
...
Closes #45360
Signed-off-by: Ryan Emerson <remerson@ibm.com >
2026-01-13 09:10:28 +01:00
c33d94da65
Allow admins with any admin role to map roles if the constraints apply
...
Closes #44371
Closes #45182
Signed-off-by: Pedro Igor <pigor.craveiro@gmail.com >
2026-01-12 12:56:30 -03:00
eb77c055f5
Clarify documentation.
...
Signed-off-by: Stan Silvert <ssilvert@redhat.com >
2026-01-12 10:36:10 -03:00
172aa86c6d
Increase the regularly tested load documented in HA guides
...
Closes #45233
Signed-off-by: Ryan Emerson <remerson@ibm.com >
2026-01-12 14:02:51 +01:00
1273c8db0e
DCR endpoint ignores client's requested token_endpoint_auth_method in case it is client_secret_post
...
closes #44403
Signed-off-by: mposolda <mposolda@gmail.com >
2026-01-12 09:54:04 +01:00
f8b114bdd8
Add indexes to BROKER_LINK table
...
Closes #45009
Signed-off-by: Ryan Emerson <remerson@ibm.com >
Signed-off-by: Alexander Schwartz <alexander.schwartz@ibm.com >
Co-authored-by: Alexander Schwartz <alexander.schwartz@ibm.com >
2026-01-09 16:09:40 +00:00
234526761e
Fix section level in 26.5 migration guide
...
Closes #45184
Signed-off-by: Alexander Schwartz <alexander.schwartz@gmx.net >
2026-01-07 07:54:06 -03:00
4a2ed7c4e6
Use correct anchor for mdc logging in 26.5.0 release notes
...
Closes #45185
Signed-off-by: Ryan Emerson <remerson@ibm.com >
2026-01-06 17:21:48 +01:00
ffed84194e
Realign source code examples in auth-spi doc
...
closes #43757
Signed-off-by: olympus5 <erwan.iquel@gmail.com >
2026-01-06 12:18:42 +01:00
0d5766f3a8
Allow running scheduled workflows
...
Closes #44865
Signed-off-by: Pedro Igor <pigor.craveiro@gmail.com >
2026-01-05 13:03:47 -03:00
e43cf55028
Finalizing 26.5 release notes
...
Closes #45131
Signed-off-by: Alexander Schwartz <alexander.schwartz@ibm.com >
Signed-off-by: Alexander Schwartz <alexander.schwartz@gmx.net >
Co-authored-by: Stian Thorgersen <stian@redhat.com >
2026-01-05 14:10:32 +01:00
3c0b308bb7
Document limitations when updating workflows
...
Closes #45134
Signed-off-by: Pedro Igor <pigor.craveiro@gmail.com >
2026-01-05 14:10:03 +01:00
a6bf194487
Remove usage of kcSanitize() to avoid printing HTML ( #44755 )
...
Closes #44753
Signed-off-by: Alexander Schwartz <alexander.schwartz@ibm.com >
2026-01-05 10:45:32 +01:00
cafa1a86eb
Disable state transfer for session caches when persistent sessions are enabled
...
Closes #44518
Signed-off-by: Ryan Emerson <remerson@ibm.com >
Signed-off-by: Alexander Schwartz <alexander.schwartz@ibm.com >
Co-authored-by: Alexander Schwartz <alexander.schwartz@ibm.com >
2026-01-05 08:53:59 +00:00
Pedro Ruivo