mirror/keycloak
1
0
Fork 0
mirror of https://github.com/keycloak/keycloak.git synced 2026-05-11 18:41:10 -05:00
Code Issues Packages Projects Releases Wiki Activity
29,619 Commits 34 Branches 304 Tags
13ef89664c92f1235967f856ebffb32ca0180498
Commit Graph

868 Commits

Author SHA1 Message Date
Pedro Ruivo 13ef89664c More accurate user session expiration logic 
Closes #44204

Signed-off-by: Pedro Ruivo <1492066+pruivo@users.noreply.github.com>
Co-authored-by: Pedro Ruivo <1492066+pruivo@users.noreply.github.com>
 2025-11-19 21:06:17 +01:00
Alexander Schwartz 15a9a36569 Align formatting of referenced RFCs 
Closes #44246

Signed-off-by: Alexander Schwartz <alexander.schwartz@gmx.net>
Co-authored-by: Stian Thorgersen <stian@redhat.com>
 2025-11-17 21:30:13 +01:00
Alexander Schwartz 167249dd6c Updating the specifics around kubernetes service accounts 
Closes #44064

Signed-off-by: Alexander Schwartz <alexander.schwartz@ibm.com>
 2025-11-17 11:23:39 +01:00
Ricardo Martin 20f9bb1570 Fix recaptcha links to the new docs.cloud.google.com site 
Closes #44187

Signed-off-by: rmartinc <rmartinc@redhat.com>
 2025-11-14 09:37:54 +01:00
Chance Coleman b2317dabdc Add configurable HTTP retry mechanism for OCSP validation (#42535) 
Closes #42401


Signed-off-by: UnicornChance <chance@defenseunicorns.com>
Signed-off-by: Chance Coleman <139784371+chance-coleman@users.noreply.github.com>
 2025-11-13 13:21:13 +01:00
vramik 748b58bf64 Remove creation of default policy, resource and permission upon enabling authorization for a client 
Closes #43867

Signed-off-by: vramik <vramik@redhat.com>
 2025-11-13 09:14:56 -03:00
Sebastian Łaskawiec 3288f83dc9 Adding an integration test with Minikube for Kubernetes Service Account Federated Authenticator 
Closes #42983

Signed-off-by: Sebastian Łaskawiec <sebastian.laskawiec@defenseunicorns.com>
Signed-off-by: Alexander Schwartz <alexander.schwartz@ibm.com>
Co-authored-by: Alexander Schwartz <alexander.schwartz@ibm.com>
 2025-11-13 08:52:46 +01:00
Ricardo Martin de49500393 Client policy to enforce only downscoping in Token Exchange (#44030) 
Closes #43931

Signed-off-by: rmartinc <rmartinc@redhat.com>
 2025-11-12 08:48:42 +01:00
Martin Kanis 39e1e40be4 Document missing artifact dependency for UserStoragePrivateUtil 
Closes #43212

Signed-off-by: Martin Kanis <mkanis@redhat.com>
 2025-11-10 10:41:12 -03:00
Martin Bartoš 1f9694358f Ability to enable/disable feature via single property (#43542) 
* Ability to enable/disable feature via single property

Closes #43541

Signed-off-by: Martin Bartoš <mabartos@redhat.com>

* Provide support for specifying profile preview

Signed-off-by: Martin Bartoš <mabartos@redhat.com>

* Remove duplication check, use the new WildcardOptionUtil

Signed-off-by: Martin Bartoš <mabartos@redhat.com>

* Create quarkus specific single profile config resolver

Signed-off-by: Martin Bartoš <mabartos@redhat.com>

* Remove the feature profile capability for single feature option

Signed-off-by: Martin Bartoš <mabartos@redhat.com>

---------

Signed-off-by: Martin Bartoš <mabartos@redhat.com>
 2025-11-07 13:35:39 +01:00
Stian Thorgersen b278dbbb3d Allow identity provider configuration without defaults for user authentication (#43963) 
Closes #43552

Signed-off-by: stianst <stianst@gmail.com>
 2025-11-05 10:13:40 -03:00
KONSTANTINOS GEORGILAKIS 1c0d4616a5 hide scopes from scopes_supported in discovery endpoint 
Closes #10388

Signed-off-by: cgeorgilakis-grnet <cgeorgilakis@admin.grnet.gr>
Signed-off-by: Alexander Schwartz <alexander.schwartz@ibm.com>
Co-authored-by: Alexander Schwartz <alexander.schwartz@ibm.com>
 2025-11-03 16:26:12 +00:00
蔡秀吉 e84a1d6363 Fix typos and formatting in OIDC auth flows documentation 
Closes #43818

Signed-off-by: thc1006 <84045975+thc1006@users.noreply.github.com>
 2025-11-01 19:14:41 +00:00
Tobi 479859a7a3 Add new indices on offline_client_session 
Closes #43566

Signed-off-by: twobiers <22715034+twobiers@users.noreply.github.com>
Signed-off-by: Alexander Schwartz <alexander.schwartz@ibm.com>
Co-authored-by: Alexander Schwartz <alexander.schwartz@ibm.com>
 2025-10-31 17:49:47 +01:00
Martin Bartoš 8502cc3ae1 Including OTLP headers for tracing (#43122) 
* Including OTLP headers for tracing

Closes #41007

Signed-off-by: Martin Bartoš <mabartos@redhat.com>

* Polishing, add test for the util class, address review

Signed-off-by: Martin Bartoš <mabartos@redhat.com>

* Remove the WildcardOptionsUtil#isKcWildcardOption

Signed-off-by: Martin Bartoš <mabartos@redhat.com>

---------

Signed-off-by: Martin Bartoš <mabartos@redhat.com>
 2025-10-31 15:46:05 +01:00
Pedro Ruivo e40c5de050 Session cache affinity 
Closes #42776

Signed-off-by: Pedro Ruivo <1492066+pruivo@users.noreply.github.com>
Signed-off-by: Alexander Schwartz <alexander.schwartz@gmx.net>
Signed-off-by: Alexander Schwartz <alexander.schwartz@ibm.com>
Co-authored-by: Pedro Ruivo <1492066+pruivo@users.noreply.github.com>
Co-authored-by: Alexander Schwartz <alexander.schwartz@gmx.net>
Co-authored-by: Steven Hawkins <shawkins@redhat.com>
Co-authored-by: Alexander Schwartz <alexander.schwartz@ibm.com>
 2025-10-30 21:01:09 +00:00
Alexander Schwartz 0f01444543 Allow only normalized paths in requests (#43765) 
Closes #43763

Signed-off-by: Martin Bartoš <mabartos@redhat.com>
Signed-off-by: Alexander Schwartz <alexander.schwartz@ibm.com>
Co-authored-by: Martin Bartoš <mabartos@redhat.com>
 2025-10-30 14:37:50 +01:00
Pedro Ruivo 6317c02a27 Refactor AuthenticationSessionManager 
Closes #43825

Signed-off-by: Pedro Ruivo <1492066+pruivo@users.noreply.github.com>
Signed-off-by: Alexander Schwartz <alexander.schwartz@ibm.com>
Co-authored-by: Pedro Ruivo <1492066+pruivo@users.noreply.github.com>
Co-authored-by: Alexander Schwartz <alexander.schwartz@ibm.com>
 2025-10-30 12:26:07 +01:00
Marek Posolda 2fc5419676 Avoid using UserCredentialManager from user storage extensions (#43695) 
closes #43694

Signed-off-by: mposolda <mposolda@gmail.com>
 2025-10-29 16:26:59 +01:00
Alexander Schwartz aadffb94fb Fix typo in LDAP edit mode in the docs 
Closes #43720

Signed-off-by: Alexander Schwartz <alexander.schwartz@ibm.com>
 2025-10-27 08:42:44 -03:00
Pedro Igor 6527b139dc Do not lower-case username and email if users are not imported from LDAP 
Closes #43621

Signed-off-by: Pedro Igor <pigor.craveiro@gmail.com>
 2025-10-23 13:02:33 +02:00
Pedro Igor 2b785425fa Allow managing realm admin roles if the the realm-admin role is granted 
Closes #43579
Closes #43578

Signed-off-by: Pedro Igor <pigor.craveiro@gmail.com>
Co-authored-by: Vlasta Ramik <vramik@users.noreply.github.com>
 2025-10-23 08:02:05 -03:00
Stian Thorgersen f6ac64907d SPIFFE should support OIDC JWK endpoint (#43651) 
Closes #43650

Signed-off-by: stianst <stianst@gmail.com>
 2025-10-22 15:19:56 +02:00
Stian Thorgersen 84a161d4dd Extract related methods from IdentityProvider to UserIdentityProvider (#43535) 
Closes #43534

Signed-off-by: stianst <stianst@gmail.com>
 2025-10-21 14:27:07 +00:00
Alexander Schwartz 6080f21c64 Adding this as a breaking change plus deprecation 
Closes #43022

Signed-off-by: Alexander Schwartz <alexander.schwartz@ibm.com>
 2025-10-21 09:58:33 -03:00
Martin Bartoš 419afce847 Fix anchors in the documentation 
Closes #43084

Signed-off-by: Martin Bartoš <mabartos@redhat.com>
Signed-off-by: Alexander Schwartz <alexander.schwartz@ibm.com>
Co-authored-by: Václav Muzikář <vaclav@muzikari.cz>
Co-authored-by: Alexander Schwartz <alexander.schwartz@ibm.com>
 2025-10-21 12:33:32 +00:00
Pedro Igor c5b560e2d8 Update user profile to allow returning a brief user representation 
Closes #42225

Signed-off-by: Pedro Igor <pigor.craveiro@gmail.com>
 2025-10-21 12:52:31 +02:00
Ronaldo Paulino Jiconda 987ce19b45 Fix OIDC IDP broker basic auth encoding 
Ensures that the client_id and client_secret are URL-encoded before being Base64-encoded for the Basic Auth header, following RFC 6749. This fixes authentication failures when the client_id contains special characters.

Closes #26374
Closes #43022

Signed-off-by: rpjicond <ronaldopaulino32@hotmail.com>
Signed-off-by: Alexander Schwartz <alexander.schwartz@ibm.com>
Co-authored-by: rpjicond <ronaldopaulino32@hotmail.com>
Co-authored-by: Alexander Schwartz <alexander.schwartz@ibm.com>
Co-authored-by: cgeorgilakis-grnet <cgeorgilakis@admin.grnet.gr>
 2025-10-20 23:48:24 +02:00
Martin Bartoš 37bea126c7 [PERF] Jackson reflection-free serialization/deserialization (#42946) 
* [PERF] Jackson reflection-free serialization/deserialization

Closes #42945

Signed-off-by: Martin Bartoš <mabartos@redhat.com>

* Update docs/guides/server/configuration-production.adoc

Co-authored-by: Alexander Schwartz <alexander.schwartz@gmx.net>
Signed-off-by: Martin Bartoš <mabartos@redhat.com>

* Docs improvements

Signed-off-by: Martin Bartoš <mabartos@redhat.com>

* Update docs/guides/server/configuration-production.adoc

Co-authored-by: Václav Muzikář <vaclav@muzikari.cz>
Signed-off-by: Martin Bartoš <mabartos@redhat.com>

* Polish the features template macros

Signed-off-by: Martin Bartoš <mabartos@redhat.com>

---------

Signed-off-by: Martin Bartoš <mabartos@redhat.com>
Co-authored-by: Alexander Schwartz <alexander.schwartz@gmx.net>
Co-authored-by: Václav Muzikář <vaclav@muzikari.cz>
 2025-10-17 20:24:47 +02:00
Peter Zaoral 2300b3fc78 Handle canonical hostname checks for localhost on Windows (#42799) 
Closes: #42794

Signed-off-by: Peter Zaoral <pepo48@gmail.com>
 2025-10-17 13:40:08 +00:00
Steven Hawkins 736d4920d7 fix: noting db support level changes (#43549) 
closes: #43191

Signed-off-by: Steve Hawkins <shawkins@redhat.com>
 2025-10-17 14:01:10 +02:00
Alexander Schwartz 7b8626ead5 Make intra-document links work in downstream 
Closes #43544

Signed-off-by: Alexander Schwartz <alexander.schwartz@ibm.com>
 2025-10-17 10:52:58 +02:00
Martin Kanis 3f70da04f6 Final review and update for UPDATE_EMAIL documentation 
Closes #42991

Signed-off-by: Martin Kanis <mkanis@redhat.com>
 2025-10-16 09:57:23 -03:00
Giuseppe Graziano bda0e2a67c Invalidate sessions created with remember me when remember me is disabled for realm 
Closes #43328

Signed-off-by: Giuseppe Graziano <g.graziano94@gmail.com>
 2025-10-14 15:00:41 +00:00
Steven Hawkins f66359ce19 fix: updating service account docs 
closes: #17268

Signed-off-by: Steve Hawkins <shawkins@redhat.com>
Signed-off-by: Steven Hawkins <shawkins@redhat.com>
Co-authored-by: Alexander Schwartz <alexander.schwartz@gmx.net>
 2025-10-14 11:02:20 +02:00
Alexander Schwartz 934ac48a54 Rework formatting for release notes 
Closes #43320

Signed-off-by: Alexander Schwartz <alexander.schwartz@ibm.com>
 2025-10-10 07:42:53 -03:00
mposolda c2e49c8c59 'Service accounts roles' should be 'Service account roles' 
closes #43087

Signed-off-by: mposolda <mposolda@gmail.com>
 2025-10-10 11:25:37 +02:00
Alexander Schwartz 94d428d450 Adding attributes for section links so they work in upstream and downstream 
Closes #43286

Signed-off-by: Alexander Schwartz <alexander.schwartz@ibm.com>
 2025-10-08 11:37:13 -03:00
Martin Kanis a493213ad4 Hide read-only email attribute in update profile context with update … …email enabled (#43024) 
* Hide read-only email attribute in update profile context with update email enabled

Closes #42990

Signed-off-by: Martin Kanis <mkanis@redhat.com>

* Simplifying conditions when checking read/write on email attribute and more tests

Signed-off-by: Pedro Igor <pigor.craveiro@gmail.com>

---------

Signed-off-by: Martin Kanis <mkanis@redhat.com>
Signed-off-by: Pedro Igor <pigor.craveiro@gmail.com>
Co-authored-by: Pedro Igor <pigor.craveiro@gmail.com>
 2025-10-07 12:52:55 +02:00
Steven Hawkins 7bfc33fd5f fix: auto-defaulting log console color (#42669) 
closes: #42445

Signed-off-by: Steve Hawkins <shawkins@redhat.com>
Co-authored-by: Martin Bartoš <mabartos@redhat.com>
 2025-10-06 17:14:30 +00:00
Martin Bartoš 70a9a600de ExternalLinksTest is broken due to missing path parameters 
Closes #43082

Signed-off-by: Martin Bartoš <mabartos@redhat.com>
Signed-off-by: Alexander Schwartz <alexander.schwartz@ibm.com>
Co-authored-by: Alexander Schwartz <alexander.schwartz@ibm.com>
 2025-10-02 10:15:58 +02:00
Alexander Schwartz 6b615650ec Moving section to the correct place 
Closes #43104

Signed-off-by: Alexander Schwartz <alexander.schwartz@ibm.com>
 2025-10-01 09:53:04 +02:00
Alexander Schwartz 37c808bd11 Reorder the release notes (#43026) 
* Reorder the release notes

Closes #42994

Signed-off-by: Alexander Schwartz <alexander.schwartz@ibm.com>

* Update docs/documentation/release_notes/topics/26_4_0.adoc

Co-authored-by: Stian Thorgersen <stian@redhat.com>
Signed-off-by: Alexander Schwartz <alexander.schwartz@gmx.net>

* Update docs/documentation/release_notes/topics/26_4_0.adoc

Co-authored-by: Stian Thorgersen <stian@redhat.com>
Signed-off-by: Alexander Schwartz <alexander.schwartz@gmx.net>

* Review

Signed-off-by: Alexander Schwartz <alexander.schwartz@ibm.com>

* Review

Signed-off-by: Alexander Schwartz <alexander.schwartz@ibm.com>

* Review

Signed-off-by: Alexander Schwartz <alexander.schwartz@ibm.com>

* Review

Signed-off-by: Alexander Schwartz <alexander.schwartz@ibm.com>

* Review

Signed-off-by: Alexander Schwartz <alexander.schwartz@ibm.com>

* Review

Signed-off-by: Alexander Schwartz <alexander.schwartz@ibm.com>

---------

Signed-off-by: Alexander Schwartz <alexander.schwartz@ibm.com>
Signed-off-by: Alexander Schwartz <alexander.schwartz@gmx.net>
Co-authored-by: Stian Thorgersen <stian@redhat.com>
 2025-09-30 06:47:55 +00:00
Pedro Igor a3db07a8f5 Re-adding max age setting to the update email action (#43036) 
Closes #43035

Signed-off-by: Pedro Igor <pigor.craveiro@gmail.com>
 2025-09-30 05:31:23 +02:00
Pedro Ruivo 53007546ad Deprecate AuthenticatedClientSessionModel timestamp 
Closes #42815

Signed-off-by: Pedro Ruivo <1492066+pruivo@users.noreply.github.com>
Signed-off-by: Alexander Schwartz <alexander.schwartz@ibm.com>
Co-authored-by: Pedro Ruivo <1492066+pruivo@users.noreply.github.com>
Co-authored-by: Alexander Schwartz <alexander.schwartz@ibm.com>
 2025-09-29 14:16:39 +00:00
Takashi Norimatsu 1649f8c847 Follow-up: FAPI 2.0 Message Signing final version support - updating the link to the final spec 
closes #42499

Signed-off-by: Takashi Norimatsu <takashi.norimatsu.ws@hitachi.com>
 2025-09-29 08:52:27 +02:00
Stian Thorgersen dbd516f8e6 Refactor SimpleHttp to make it injectable and usable outside server (#42936) 
Closes #42902

Signed-off-by: stianst <stianst@gmail.com>
 2025-09-29 08:37:05 +02:00
Václav Muzikář 97ab82e483 Mark Azure SQL as supported (#42985) 
Closes #42743

Signed-off-by: Václav Muzikář <vmuzikar@redhat.com>
 2025-09-29 08:31:08 +02:00
Martin Bartoš f53e5ebdac [Docs] Additional datasources support (#42655) 
* [Docs] Additional datasources support

Closes #40388

Closes #42263

Co-authored-by: Václav Muzikář <vaclav@muzikari.cz>
Signed-off-by: Martin Bartoš <mabartos@redhat.com>

* Rename namedKey to wildcardKey in the code

Signed-off-by: Martin Bartoš <mabartos@redhat.com>

* Clarify the defaults for DB kind

Signed-off-by: Martin Bartoš <mabartos@redhat.com>

* Be more clear about the Named key reference in guide

Signed-off-by: Martin Bartoš <mabartos@redhat.com>

* Vasek's review

Signed-off-by: Martin Bartoš <mabartos@redhat.com>

---------

Signed-off-by: Martin Bartoš <mabartos@redhat.com>
Co-authored-by: Václav Muzikář <vaclav@muzikari.cz>
 2025-09-27 08:45:12 +00:00
Václav Muzikář b65a60e40d Support for EDB 17 (#42341) 
Closes #42742
Closes #42293

Signed-off-by: Václav Muzikář <vmuzikar@redhat.com>
 2025-09-26 16:04:47 +02:00