keycloak

mirror of https://github.com/keycloak/keycloak.git synced 2025-12-30 11:29:57 -06:00

Author	SHA1	Message	Date
Pedro Igor	6527b139dc	Do not lower-case username and email if users are not imported from LDAP Closes #43621 Signed-off-by: Pedro Igor <pigor.craveiro@gmail.com>	2025-10-23 13:02:33 +02:00
Pedro Igor	2b785425fa	Allow managing realm admin roles if the the realm-admin role is granted Closes #43579 Closes #43578 Signed-off-by: Pedro Igor <pigor.craveiro@gmail.com> Co-authored-by: Vlasta Ramik <vramik@users.noreply.github.com>	2025-10-23 08:02:05 -03:00
Stian Thorgersen	f6ac64907d	SPIFFE should support OIDC JWK endpoint (#43651 ) Closes #43650 Signed-off-by: stianst <stianst@gmail.com>	2025-10-22 15:19:56 +02:00
Stian Thorgersen	84a161d4dd	Extract related methods from IdentityProvider to UserIdentityProvider (#43535 ) Closes #43534 Signed-off-by: stianst <stianst@gmail.com>	2025-10-21 14:27:07 +00:00
Alexander Schwartz	6080f21c64	Adding this as a breaking change plus deprecation Closes #43022 Signed-off-by: Alexander Schwartz <alexander.schwartz@ibm.com>	2025-10-21 09:58:33 -03:00
Steven Hawkins	4443834d06	fix: refines how defaults are shown closes: #43421 Signed-off-by: Steve Hawkins <shawkins@redhat.com>	2025-10-21 14:35:55 +02:00
Martin Bartoš	419afce847	Fix anchors in the documentation Closes #43084 Signed-off-by: Martin Bartoš <mabartos@redhat.com> Signed-off-by: Alexander Schwartz <alexander.schwartz@ibm.com> Co-authored-by: Václav Muzikář <vaclav@muzikari.cz> Co-authored-by: Alexander Schwartz <alexander.schwartz@ibm.com>	2025-10-21 12:33:32 +00:00
Pedro Igor	c5b560e2d8	Update user profile to allow returning a brief user representation Closes #42225 Signed-off-by: Pedro Igor <pigor.craveiro@gmail.com>	2025-10-21 12:52:31 +02:00
Ronaldo Paulino Jiconda	987ce19b45	Fix OIDC IDP broker basic auth encoding Ensures that the client_id and client_secret are URL-encoded before being Base64-encoded for the Basic Auth header, following RFC 6749. This fixes authentication failures when the client_id contains special characters. Closes #26374 Closes #43022 Signed-off-by: rpjicond <ronaldopaulino32@hotmail.com> Signed-off-by: Alexander Schwartz <alexander.schwartz@ibm.com> Co-authored-by: rpjicond <ronaldopaulino32@hotmail.com> Co-authored-by: Alexander Schwartz <alexander.schwartz@ibm.com> Co-authored-by: cgeorgilakis-grnet <cgeorgilakis@admin.grnet.gr>	2025-10-20 23:48:24 +02:00
Martin Bartoš	37bea126c7	[PERF] Jackson reflection-free serialization/deserialization (#42946 ) * [PERF] Jackson reflection-free serialization/deserialization Closes #42945 Signed-off-by: Martin Bartoš <mabartos@redhat.com> * Update docs/guides/server/configuration-production.adoc Co-authored-by: Alexander Schwartz <alexander.schwartz@gmx.net> Signed-off-by: Martin Bartoš <mabartos@redhat.com> * Docs improvements Signed-off-by: Martin Bartoš <mabartos@redhat.com> * Update docs/guides/server/configuration-production.adoc Co-authored-by: Václav Muzikář <vaclav@muzikari.cz> Signed-off-by: Martin Bartoš <mabartos@redhat.com> * Polish the features template macros Signed-off-by: Martin Bartoš <mabartos@redhat.com> --------- Signed-off-by: Martin Bartoš <mabartos@redhat.com> Co-authored-by: Alexander Schwartz <alexander.schwartz@gmx.net> Co-authored-by: Václav Muzikář <vaclav@muzikari.cz>	2025-10-17 20:24:47 +02:00
Martin Bartoš	b807a45091	Divide logging guide to sub-guides for every log handler (#43132 ) * Divide logging guide to sub-guides for every log handler Closes #43125 Signed-off-by: Martin Bartoš <mabartos@redhat.com> * Ability to set level offset to guides, remove emojis Signed-off-by: Martin Bartoš <mabartos@redhat.com> * Add all relevant options to the logging guide Signed-off-by: Martin Bartoš <mabartos@redhat.com> * Update docs/guides/server/logging/file.adoc Co-authored-by: andymunro <48995441+andymunro@users.noreply.github.com> Signed-off-by: Martin Bartoš <mabartos@redhat.com> * Update docs/guides/server/logging/syslog.adoc Co-authored-by: andymunro <48995441+andymunro@users.noreply.github.com> Signed-off-by: Martin Bartoš <mabartos@redhat.com> * Update docs/guides/server/logging/syslog.adoc Co-authored-by: andymunro <48995441+andymunro@users.noreply.github.com> Signed-off-by: Martin Bartoš <mabartos@redhat.com> * Update docs/guides/server/logging/syslog.adoc Co-authored-by: andymunro <48995441+andymunro@users.noreply.github.com> Signed-off-by: Martin Bartoš <mabartos@redhat.com> * Update docs/guides/server/logging/syslog.adoc Co-authored-by: andymunro <48995441+andymunro@users.noreply.github.com> Signed-off-by: Martin Bartoš <mabartos@redhat.com> * Update docs/guides/server/logging/console.adoc Co-authored-by: andymunro <48995441+andymunro@users.noreply.github.com> Signed-off-by: Martin Bartoš <mabartos@redhat.com> * Update docs/guides/server/logging/console.adoc Co-authored-by: andymunro <48995441+andymunro@users.noreply.github.com> Signed-off-by: Martin Bartoš <mabartos@redhat.com> * Improve link to other section Signed-off-by: Martin Bartoš <mabartos@redhat.com> --------- Signed-off-by: Martin Bartoš <mabartos@redhat.com> Co-authored-by: andymunro <48995441+andymunro@users.noreply.github.com>	2025-10-17 16:37:48 +02:00
Peter Zaoral	2300b3fc78	Handle canonical hostname checks for localhost on Windows (#42799 ) Closes: #42794 Signed-off-by: Peter Zaoral <pepo48@gmail.com>	2025-10-17 13:40:08 +00:00
Steven Hawkins	736d4920d7	fix: noting db support level changes (#43549 ) closes: #43191 Signed-off-by: Steve Hawkins <shawkins@redhat.com>	2025-10-17 14:01:10 +02:00
Alexander Schwartz	7b8626ead5	Make intra-document links work in downstream Closes #43544 Signed-off-by: Alexander Schwartz <alexander.schwartz@ibm.com>	2025-10-17 10:52:58 +02:00
Martin Kanis	3f70da04f6	Final review and update for UPDATE_EMAIL documentation Closes #42991 Signed-off-by: Martin Kanis <mkanis@redhat.com>	2025-10-16 09:57:23 -03:00
Steven Hawkins	43ee41e8a8	fix: refining activation condition error handling (#43197 ) closes: #43096 Signed-off-by: Steve Hawkins <shawkins@redhat.com>	2025-10-15 11:44:39 +00:00
Alexander Schwartz	3b8bcd3f8a	Use quoted values for boolean and number values in Operator examples Closes #43459 Signed-off-by: Alexander Schwartz <alexander.schwartz@ibm.com>	2025-10-14 18:53:00 +02:00
Giuseppe Graziano	bda0e2a67c	Invalidate sessions created with remember me when remember me is disabled for realm Closes #43328 Signed-off-by: Giuseppe Graziano <g.graziano94@gmail.com>	2025-10-14 15:00:41 +00:00
Steven Hawkins	700b86fad8	fix: refining https-protocols documentation (#43420 ) closes: #43164 Signed-off-by: Steve Hawkins <shawkins@redhat.com>	2025-10-14 08:01:08 -04:00
Steven Hawkins	f66359ce19	fix: updating service account docs closes: #17268 Signed-off-by: Steve Hawkins <shawkins@redhat.com> Signed-off-by: Steven Hawkins <shawkins@redhat.com> Co-authored-by: Alexander Schwartz <alexander.schwartz@gmx.net>	2025-10-14 11:02:20 +02:00
rmartinc	248d6d1feb	Upgrade xmlsec to 3.0.4 and remove KeycloakFipsSecurityProvider workaround Closes #43263 Signed-off-by: rmartinc <rmartinc@redhat.com>	2025-10-13 15:38:58 +02:00
Robin Meese	ca368706cc	Update translation.md docs (#43402 ) Signed-off-by: Robin Meese <39960884+robson90@users.noreply.github.com>	2025-10-13 13:26:23 +02:00
Alexander Schwartz	934ac48a54	Rework formatting for release notes Closes #43320 Signed-off-by: Alexander Schwartz <alexander.schwartz@ibm.com>	2025-10-10 07:42:53 -03:00
mposolda	c2e49c8c59	'Service accounts roles' should be 'Service account roles' closes #43087 Signed-off-by: mposolda <mposolda@gmail.com>	2025-10-10 11:25:37 +02:00
Pedro Ruivo	48f1978531	Update docs to include PostgreSQL SSL certificate Closes #43311 Signed-off-by: Pedro Ruivo <1492066+pruivo@users.noreply.github.com> Co-authored-by: Pedro Ruivo <1492066+pruivo@users.noreply.github.com>	2025-10-09 15:02:53 +02:00
Alexander Schwartz	94d428d450	Adding attributes for section links so they work in upstream and downstream Closes #43286 Signed-off-by: Alexander Schwartz <alexander.schwartz@ibm.com>	2025-10-08 11:37:13 -03:00
rmartinc	94a4e062f7	Add a debug statement when the KeycloakFipsSecurityProvider is created Closes #43015 Signed-off-by: rmartinc <rmartinc@redhat.com>	2025-10-07 16:59:22 +02:00
Martin Kanis	a493213ad4	Hide read-only email attribute in update profile context with update … …email enabled (#43024 ) * Hide read-only email attribute in update profile context with update email enabled Closes #42990 Signed-off-by: Martin Kanis <mkanis@redhat.com> * Simplifying conditions when checking read/write on email attribute and more tests Signed-off-by: Pedro Igor <pigor.craveiro@gmail.com> --------- Signed-off-by: Martin Kanis <mkanis@redhat.com> Signed-off-by: Pedro Igor <pigor.craveiro@gmail.com> Co-authored-by: Pedro Igor <pigor.craveiro@gmail.com>	2025-10-07 12:52:55 +02:00
Steven Hawkins	7bfc33fd5f	fix: auto-defaulting log console color (#42669 ) closes: #42445 Signed-off-by: Steve Hawkins <shawkins@redhat.com> Co-authored-by: Martin Bartoš <mabartos@redhat.com>	2025-10-06 17:14:30 +00:00
Ryan Emerson	5cb0562fd2	Prevent users configuring max-count=-1 for caches with a default upper-bound Closes #33146 Signed-off-by: Ryan Emerson <remerson@ibm.com>	2025-10-02 19:58:28 +00:00
Pedro Ruivo	c1f108297e	Update Grafana dashboard version Closes #43148 Signed-off-by: Pedro Ruivo <1492066+pruivo@users.noreply.github.com> Co-authored-by: Pedro Ruivo <1492066+pruivo@users.noreply.github.com>	2025-10-02 10:18:35 +02:00
Martin Bartoš	70a9a600de	ExternalLinksTest is broken due to missing path parameters Closes #43082 Signed-off-by: Martin Bartoš <mabartos@redhat.com> Signed-off-by: Alexander Schwartz <alexander.schwartz@ibm.com> Co-authored-by: Alexander Schwartz <alexander.schwartz@ibm.com>	2025-10-02 10:15:58 +02:00
Alexander Schwartz	6b615650ec	Moving section to the correct place Closes #43104 Signed-off-by: Alexander Schwartz <alexander.schwartz@ibm.com>	2025-10-01 09:53:04 +02:00
Václav Muzikář	367fbdb78f	Remove a link to Docker web from the docs Closes #43072 Signed-off-by: Václav Muzikář <vmuzikar@redhat.com>	2025-09-30 11:35:15 +00:00
Alexander Schwartz	37c808bd11	Reorder the release notes (#43026 ) * Reorder the release notes Closes #42994 Signed-off-by: Alexander Schwartz <alexander.schwartz@ibm.com> * Update docs/documentation/release_notes/topics/26_4_0.adoc Co-authored-by: Stian Thorgersen <stian@redhat.com> Signed-off-by: Alexander Schwartz <alexander.schwartz@gmx.net> * Update docs/documentation/release_notes/topics/26_4_0.adoc Co-authored-by: Stian Thorgersen <stian@redhat.com> Signed-off-by: Alexander Schwartz <alexander.schwartz@gmx.net> * Review Signed-off-by: Alexander Schwartz <alexander.schwartz@ibm.com> * Review Signed-off-by: Alexander Schwartz <alexander.schwartz@ibm.com> * Review Signed-off-by: Alexander Schwartz <alexander.schwartz@ibm.com> * Review Signed-off-by: Alexander Schwartz <alexander.schwartz@ibm.com> * Review Signed-off-by: Alexander Schwartz <alexander.schwartz@ibm.com> * Review Signed-off-by: Alexander Schwartz <alexander.schwartz@ibm.com> --------- Signed-off-by: Alexander Schwartz <alexander.schwartz@ibm.com> Signed-off-by: Alexander Schwartz <alexander.schwartz@gmx.net> Co-authored-by: Stian Thorgersen <stian@redhat.com>	2025-09-30 06:47:55 +00:00
Pedro Igor	a3db07a8f5	Re-adding max age setting to the update email action (#43036 ) Closes #43035 Signed-off-by: Pedro Igor <pigor.craveiro@gmail.com>	2025-09-30 05:31:23 +02:00
Alexander Schwartz	7bcf08fa31	Adding AWS reference to the documentation Closes #43032 Signed-off-by: Alexander Schwartz <alexander.schwartz@ibm.com>	2025-09-29 22:28:53 +02:00
Vít Zikmund	896f147075	docs: Use BASH TCP redirect for HEALTHCHECK (#38131 ) * docs: Use BASH TCP redirect for HEALTHCHECK Add a BASH script to perform an in-container healtcheck. For the curious, here's how this works: 1. For the code within braces, a TCP connection is made to the keycloak's management port and a successful connection is redirected in the read-write fashion to the descriptor 0 (stdin). - When bash fails to connect (TCP RST), it ends up with an error right away. - When the connection is hanging (no reply till TCP retry timeout, usually about 1 minute), it just hangs, virtually being a subject to the HEALTHCHECK's timeout (which should be definitely smaller than the usual TCP retry timeout). 2. Then a simple hand-crafted HTTP HEAD request is sent to the socket using printf. This is supposed to always succeed, unless the send buffer of the socket is set ridiculously small on the target OS. In the other case it will just hang again, not being able to push all the bytes through, until that eventually happens or times out. 3. Next, the eventual response is being checked with grep to be the successful one. Only at this time it's return code (and the final) is 0. - When no response comes, it's hanging forever and is subject to timeout. - When a 503 response comes, grep doesn't match anything and returns 1. Closes: #38126 Signed-off-by: Vit Zikmund <vit.zikmund@themama.ai> * expanding bash healthcheck for scenarios that enable http health checks Signed-off-by: Steve Hawkins <shawkins@redhat.com> * Update docs/guides/observability/health.adoc Co-authored-by: Alexander Schwartz <alexander.schwartz@gmx.net> Signed-off-by: Steven Hawkins <shawkins@redhat.com> * Update docs/guides/observability/health.adoc Co-authored-by: Alexander Schwartz <alexander.schwartz@gmx.net> Signed-off-by: Steven Hawkins <shawkins@redhat.com> * Update docs/guides/observability/health.adoc Signed-off-by: Steven Hawkins <shawkins@redhat.com> --------- Signed-off-by: Vit Zikmund <vit.zikmund@themama.ai> Signed-off-by: Steve Hawkins <shawkins@redhat.com> Signed-off-by: Steven Hawkins <shawkins@redhat.com> Co-authored-by: Steve Hawkins <shawkins@redhat.com> Co-authored-by: Alexander Schwartz <alexander.schwartz@gmx.net>	2025-09-29 18:04:02 +02:00
Pedro Ruivo	53007546ad	Deprecate AuthenticatedClientSessionModel timestamp Closes #42815 Signed-off-by: Pedro Ruivo <1492066+pruivo@users.noreply.github.com> Signed-off-by: Alexander Schwartz <alexander.schwartz@ibm.com> Co-authored-by: Pedro Ruivo <1492066+pruivo@users.noreply.github.com> Co-authored-by: Alexander Schwartz <alexander.schwartz@ibm.com>	2025-09-29 14:16:39 +00:00
rmartinc	a44758d4ae	Upgrade bc-fips testing and documentation to 2.1.2 Closes #42958 Signed-off-by: rmartinc <rmartinc@redhat.com>	2025-09-29 09:04:43 +02:00
Takashi Norimatsu	1649f8c847	Follow-up: FAPI 2.0 Message Signing final version support - updating the link to the final spec closes #42499 Signed-off-by: Takashi Norimatsu <takashi.norimatsu.ws@hitachi.com>	2025-09-29 08:52:27 +02:00
Stian Thorgersen	dbd516f8e6	Refactor SimpleHttp to make it injectable and usable outside server (#42936 ) Closes #42902 Signed-off-by: stianst <stianst@gmail.com>	2025-09-29 08:37:05 +02:00
Václav Muzikář	97ab82e483	Mark Azure SQL as supported (#42985 ) Closes #42743 Signed-off-by: Václav Muzikář <vmuzikar@redhat.com>	2025-09-29 08:31:08 +02:00
Martin Bartoš	f53e5ebdac	[Docs] Additional datasources support (#42655 ) * [Docs] Additional datasources support Closes #40388 Closes #42263 Co-authored-by: Václav Muzikář <vaclav@muzikari.cz> Signed-off-by: Martin Bartoš <mabartos@redhat.com> * Rename namedKey to wildcardKey in the code Signed-off-by: Martin Bartoš <mabartos@redhat.com> * Clarify the defaults for DB kind Signed-off-by: Martin Bartoš <mabartos@redhat.com> * Be more clear about the Named key reference in guide Signed-off-by: Martin Bartoš <mabartos@redhat.com> * Vasek's review Signed-off-by: Martin Bartoš <mabartos@redhat.com> --------- Signed-off-by: Martin Bartoš <mabartos@redhat.com> Co-authored-by: Václav Muzikář <vaclav@muzikari.cz>	2025-09-27 08:45:12 +00:00
Václav Muzikář	b65a60e40d	Support for EDB 17 (#42341 ) Closes #42742 Closes #42293 Signed-off-by: Václav Muzikář <vmuzikar@redhat.com>	2025-09-26 16:04:47 +02:00
Pedro Ruivo	746a8211ff	Update documentation to prefer CacheCR in multi-site Closes #42980 Signed-off-by: Pedro Ruivo <1492066+pruivo@users.noreply.github.com> Signed-off-by: Alexander Schwartz <alexander.schwartz@ibm.com> Co-authored-by: Pedro Ruivo <1492066+pruivo@users.noreply.github.com> Co-authored-by: Alexander Schwartz <alexander.schwartz@ibm.com>	2025-09-26 11:06:28 +00:00
Pedro Ruivo	56c1823082	Document Caffeine cache metrics Closes #42705 Signed-off-by: Pedro Ruivo <1492066+pruivo@users.noreply.github.com> Co-authored-by: Pedro Ruivo <1492066+pruivo@users.noreply.github.com>	2025-09-25 12:55:31 +02:00
Vinod Anandan	f001b9dde1	Trigger Build. Signed-off-by: Vinod Anandan <vinod@owasp.org>	2025-09-25 10:14:15 +02:00
mposolda	389314a65e	Typo in the latest documentation closes #42918 Signed-off-by: mposolda <mposolda@gmail.com>	2025-09-24 17:23:52 +02:00
rmartinc	1d28c0cd35	Expose system-info information in the serverinfo endpoint only for users in the admin realm Closes #42828 Signed-off-by: rmartinc <rmartinc@redhat.com>	2025-09-24 17:21:57 +02:00

1 2 3 4 5 ...

1427 Commits