mirror/keycloak
1
0
Fork 0
mirror of https://github.com/keycloak/keycloak.git synced 2026-01-07 07:19:55 -06:00
Code Issues Packages Projects Releases Wiki Activity
27,969 Commits 19 Branches 288 Tags
514b1b452b1bb418e7c6169934129dbd31bd87c7
Commit Graph

265 Commits

Author SHA1 Message Date
Pedro Igor
288b6dae12 More information to docs 
Closes #38798

Signed-off-by: Pedro Igor <pigor.craveiro@gmail.com>
 2025-04-10 20:03:05 +02:00
Thomas Darimont
478e0b3264 Make sure that there is single audience allowed by default in JWT tokens sent to client authentication 
closes #38819

Signed-off-by: mposolda <mposolda@gmail.com>

Co-authored-by: Thomas Darimont <thomas.darimont@googlemail.com>
Co-authored-by: mposolda <mposolda@gmail.com>
 2025-04-10 18:08:10 +02:00
Pedro Igor
87430fc181 Add impersonate-members scope to group resource type 
Closes #38566

Signed-off-by: Pedro Igor <pigor.craveiro@gmail.com>
 2025-04-07 14:56:27 +00:00
vramik
6488890585 [FGAP:V2] remove configure scope from Client resource type 
Closes #38567

Signed-off-by: vramik <vramik@redhat.com>
 2025-04-07 07:05:02 -03:00
Marek Posolda
f984644d07 Clarify in documentation that legacy token exchange requires FGAP:v1 (#38694) 
closes #38693

Signed-off-by: mposolda <mposolda@gmail.com>


Co-authored-by: andymunro <48995441+andymunro@users.noreply.github.com>
Co-authored-by: Alexander Schwartz <alexander.schwartz@gmx.net>
Signed-off-by: Marek Posolda <mposolda@gmail.com>
 2025-04-07 08:27:56 +02:00
Alexander Schwartz
d69a530d5b Check HTML head for redirects 
Closes #38655

Signed-off-by: Alexander Schwartz <aschwart@redhat.com>
 2025-04-04 18:40:41 +02:00
vramik
f076b99407 FGAP documentation 
Closes #37245

Signed-off-by: vramik <vramik@redhat.com>
 2025-04-03 09:44:32 -03:00
rmartinc
a10c8119d4 Define a max expiration window for Signed JWT client authentication 
Closes #38576

Signed-off-by: rmartinc <rmartinc@redhat.com>
 2025-04-02 18:32:54 +02:00
Stian Thorgersen
a18948f731 Reorder items in release notes for 26.2 (#38290) 
Signed-off-by: stianst <stianst@gmail.com>
 2025-03-20 11:52:53 +01:00
Marek Posolda
290905c9cf Documentation for supported token-exchange (#38008) 
closes #37126

Signed-off-by: Marek Posolda <mposolda@gmail.com>


Co-authored-by: Bruno Oliveira da Silva <bruno@abstractj.com>
Co-authored-by: andymunro <48995441+andymunro@users.noreply.github.com>
 2025-03-14 09:55:44 +01:00
Steven Hawkins
d9c3511fa5 fix: adding a check if the proxy is trusted prior to using a cert header (#37465) 
closes: #35861

Signed-off-by: Steve Hawkins <shawkins@redhat.com>
Signed-off-by: Steven Hawkins <shawkins@redhat.com>
 2025-03-12 11:21:33 +01:00
Stefan Guilhen
86b2a6a95c Fix docs to also mention roles 
Signed-off-by: Stefan Guilhen <sguilhen@redhat.com>

Closes #28569

Signed-off-by: Jakob Overrein <jakob.overrein@basefarm-orange.com>
 2025-03-10 16:13:36 -03:00
Stefan Guilhen
d44ebfd4d1 Document the addition of the Relative User Creation DN 
Signed-off-by: Stefan Guilhen <sguilhen@redhat.com>
 2025-03-10 16:13:36 -03:00
Alexander Schwartz
151e019935 Make NetworkPolicy supported and enabled by default 
Closes #36036

Signed-off-by: Alexander Schwartz <aschwart@redhat.com>
Signed-off-by: Alexander Schwartz <alexander.schwartz@gmx.net>
Co-authored-by: Pedro Ruivo <pruivo@users.noreply.github.com>
 2025-03-10 11:12:38 +01:00
Alexander Schwartz
b1785ce179 Quote a link that shouldn't be rendered as a link 
This should not be clickable.

Closes #37765

Signed-off-by: Alexander Schwartz <aschwart@redhat.com>
 2025-03-06 16:50:04 -03:00
Alexander Schwartz
bc7ec1208e Enable the TLS based JGroups encryption by default and update the docs 
Closes #37696

Signed-off-by: Alexander Schwartz <aschwart@redhat.com>
 2025-03-03 10:50:51 -03:00
Martin Bartoš
6f0ed46404 Upgrade to Quarkus 3.19.0.CR1 (#37492) 
Closes #37436

Signed-off-by: Martin Bartoš <mabartos@redhat.com>
 2025-02-24 19:52:01 +01:00
Václav Muzikář
764ca50fc4 Upgrade to Quarkus 3.18.2 (#37300) 
* Upgrade to Quarkus 3.18.2

Closes #37056

Signed-off-by: Václav Muzikář <vmuzikar@redhat.com>

* Update docs/documentation/upgrading/topics/changes/changes-26_2_0.adoc

Co-authored-by: Alexander Schwartz <alexander.schwartz@gmx.net>
Signed-off-by: Václav Muzikář <vaclav@muzikari.cz>

---------

Signed-off-by: Václav Muzikář <vmuzikar@redhat.com>
Signed-off-by: Václav Muzikář <vaclav@muzikari.cz>
Co-authored-by: Alexander Schwartz <alexander.schwartz@gmx.net>
 2025-02-17 16:30:05 +01:00
rmartinc
6850f41060 Force login in reset-credentials to federated users 
Closes #37207

Signed-off-by: rmartinc <rmartinc@redhat.com>
 2025-02-12 13:47:39 -03:00
Giuseppe Graziano
7896af5827 Remove Node.js adapter documentation (#36573) 
closes #36440

Signed-off-by: Giuseppe Graziano <g.graziano94@gmail.com>
 2025-01-28 12:23:17 +01:00
vramik
b5c95e9f1c Update index-creation-threshold in migrate_db.adoc 
Closes #36669

Signed-off-by: vramik <vramik@redhat.com>
 2025-01-23 15:45:13 +01:00
Martin Bartoš
af3f6281b8 ExternalLinksTest is broken after Keycloak 26.1.0 release 
Fixes #36486

Signed-off-by: Martin Bartoš <mabartos@redhat.com>
 2025-01-15 13:12:55 +01:00
Stian Thorgersen
c1c147cb17 Restrict access to environment variables when at the server runtime (#36472) 
Signed-off-by: Pedro Igor <pigor.craveiro@gmail.com>
Co-authored-by: Pedro Igor <pigor.craveiro@gmail.com>
 2025-01-15 09:36:19 +01:00
Selvi
db5a8466ad Remove duplicate "the" in documentation (#36329) 
Signed-off-by: Selvi <SelviA@users.noreply.github.com>
 2025-01-09 16:12:30 +01:00
Marek Posolda
4ab34f4816 Updating release notes with core-clients contributions and features (#36066) 
closes #35953

Signed-off-by: mposolda <mposolda@gmail.com>


Co-authored-by: andymunro <48995441+andymunro@users.noreply.github.com>
Signed-off-by: Marek Posolda <mposolda@gmail.com>
 2024-12-20 10:15:55 +01:00
Jan Verhaeghe
56246096e0 Align on one realm-name placeholder 
Closes #36047

Signed-off-by: Jan Verhaeghe <jan@hwfaq.be>
 2024-12-19 13:48:18 +00:00
Steven Hawkins
cb1d28d043 fix: deprecating the default db value in production mode (#35674) 
closes: #23805



Fix typo in docs, some improvements



adding a negative assertion



Update docs/documentation/upgrading/topics/changes/changes-26_1_0.adoc

Signed-off-by: Steven Hawkins <shawkins@redhat.com>
Co-authored-by: Václav Muzikář <vaclav@muzikari.cz>
 2024-12-13 11:59:55 +01:00
Marek Posolda
0265cb6254 Update upgrading notes with the changes related to core clients (#35860) 
closes #35859

Signed-off-by: mposolda <mposolda@gmail.com>


Co-authored-by: andymunro <48995441+andymunro@users.noreply.github.com>
Signed-off-by: Marek Posolda <mposolda@gmail.com>
 2024-12-13 10:12:37 +01:00
Alexander Schwartz
7c4a5aed77 Restructuring the migration guide (#35724) 
Closes #35487

Signed-off-by: Alexander Schwartz <aschwart@redhat.com>
 2024-12-10 12:07:32 +01:00
Alexander Schwartz
13e3439246 Upgrading guide 26.0.6 is missing in the upgrading guide (#35545) 
Closes #35544

Signed-off-by: Alexander Schwartz <aschwart@redhat.com>
 2024-12-03 11:58:32 +01:00
Stefan Guilhen
9861acc2aa UserSessionProvider.removeUserSessions now removes all user sessions (both regular and offline) 
Closes #31359

Signed-off-by: Stefan Guilhen <sguilhen@redhat.com>
 2024-11-29 12:35:15 -03:00
Giuseppe Graziano
a659c8d1cb Sign AUTH_SESSION_ID cookie (#35297) 
closes #34027

Signed-off-by: Giuseppe Graziano <g.graziano94@gmail.com>
 2024-11-28 17:28:52 +01:00
Martin Kanis
20770d8aaa Fix upgrading guide about deprecation of getAll() methods in the organization APIs 
Closes #34975

Signed-off-by: Martin Kanis <mkanis@redhat.com>
 2024-11-25 10:10:02 +01:00
rmartinc
b0b247f1f1 Passivate imported keys if the associate certificate is expired 
Closes #34973

Signed-off-by: rmartinc <rmartinc@redhat.com>
 2024-11-25 09:40:59 +01:00
Cornelius Roemer
29abfd3e89 Fix typos in *.md and *.adoc files using codespell interactive mode 
Closes #35256

This PR fixes a bunch of typos in docs files.

I ran codespell on `*.adoc` and `*.md` files in the repo in interactive mode
carefully checking each identified typo and proposed fix for false positives.

The most widely read file with typos identified is likely the changelog/migration guide.

Signed-off-by: Cornelius Roemer <cornelius.roemer@gmail.com>
 2024-11-25 08:21:26 +01:00
Cornelius Roemer
e11db03d76 fix(doc): v24 changelog grammar typo "longer" -> "no longer" () 
Closes #35163

The missing "no" makes this really confusing to read

Signed-off-by: Cornelius Roemer <cornelius.roemer@gmail.com>
 2024-11-22 11:56:48 +01:00
Václav Muzikář
d60cb9aaef fix: prevent inclusion of characters that could lead to FileVault path traversal (#35223) 
Closes: #35215

Signed-off-by: Peter Zaoral <pzaoral@redhat.com>
Co-authored-by: Peter Zaoral <pepo48@gmail.com>
 2024-11-22 10:18:00 +01:00
Marek Posolda
a56378e989 Remove upgrading client libraries from the server documentation (#35101) 
closes #34949

Signed-off-by: mposolda <mposolda@gmail.com>


Co-authored-by: andymunro <48995441+andymunro@users.noreply.github.com>
Signed-off-by: Marek Posolda <mposolda@gmail.com>
 2024-11-20 16:14:42 +01:00
michielpeeters
cec081961b Update upgrade guide docs 25.0.0 cache options 
Closes #34987

Signed-off-by: michielpeeters <michielpeeters@users.noreply.github.com>
Signed-off-by: Alexander Schwartz <aschwart@redhat.com>
Co-authored-by: Alexander Schwartz <aschwart@redhat.com>
 2024-11-15 14:27:57 +01:00
Marek Posolda
92d9ac6621 Update KEYCLOAK_SESSION cookie to not have sessionId in plaintext (#34551) 
closes #34026

Signed-off-by: mposolda <mposolda@gmail.com>
 2024-11-11 18:47:18 +01:00
Pedro Ruivo
d7e5319f70 Document network ports for Keycloak clustering 
Also switch the default to jdbc-ping as this  should be a drop-in replacement looking at the networking behavior of udp.

Closes #34658

Signed-off-by: Pedro Ruivo <pruivo@redhat.com>
Signed-off-by: Alexander Schwartz <aschwart@redhat.com>
Co-authored-by: Alexander Schwartz <aschwart@redhat.com>
 2024-11-11 13:28:15 +01:00
Pedro Igor
0a05ba49d1 Adding a details map to admin events to store additional contextual data when the event is fired 
Signed-off-by: Pedro Igor <pigor.craveiro@gmail.com>
 2024-11-07 17:19:43 -03:00
Pedro Ruivo
33cae33ae4 Remove JGroups thread pool docs from HA Guide 
Clustering is disabled with multi-site deployment and there is no
JGroups thread pool to configure.

Closes #34715

Signed-off-by: Pedro Ruivo <pruivo@redhat.com>
Signed-off-by: Alexander Schwartz <aschwart@redhat.com>
Co-authored-by: Alexander Schwartz <aschwart@redhat.com>
 2024-11-07 09:00:48 +00:00
Ricardo Martin
226daa41c7 Add service account mappers via client scope instead of dedicated scope (#34664) 
Closes #10417

Signed-off-by: rmartinc <rmartinc@redhat.com>


Co-authored-by: andymunro <48995441+andymunro@users.noreply.github.com>
Signed-off-by: Ricardo Martin <rmartinc@redhat.com>
 2024-11-07 08:45:11 +01:00
Ricardo Martin
ce454bda47 Remove online session when offline access is requested as the first request (#34346) 
Closes #34001

Signed-off-by: rmartinc <rmartinc@redhat.com>


Co-authored-by: andymunro <48995441+andymunro@users.noreply.github.com>
Signed-off-by: Marek Posolda <mposolda@gmail.com>

---------

Signed-off-by: rmartinc <rmartinc@redhat.com>
Signed-off-by: Marek Posolda <mposolda@gmail.com>
Co-authored-by: Marek Posolda <mposolda@gmail.com>
Co-authored-by: andymunro <48995441+andymunro@users.noreply.github.com>
 2024-11-06 08:33:12 +01:00
Ryan Emerson
a79b67cac8 Deprecate other transport stacks (ec2, azure, google) 
Closes #34253

Signed-off-by: Ryan Emerson <remerson@redhat.com>
 2024-10-31 11:47:13 +01:00
Andy
f994cc54d5 Remove robots.txt entirely 
* remove robots.txt entirely, as blocking page-
crawling prevents the `X-Robots-Tag` headers
(and similar meta tags) from working as intended.

Closes #17433

Signed-off-by: Andy <andy@slice.is>
Signed-off-by: Alexander Schwartz <aschwart@redhat.com>
Co-authored-by: Alexander Schwartz <aschwart@redhat.com>
 2024-10-25 12:09:50 +00:00
Ryan Emerson
902abfdae4 JDBC_PING as default discovery protocol 
Closes #29399

- Add ProviderFactory#dependsOn to allow dependencies between
  ProviderFactories to be explicitly defined
- Disable Infinispan default shutdownhook disabled to ensure lifecycle
  is managed exclusively by Keycloak
- Remove Infinispan shutdown hook in KeycloakRecorder and manage
  EmbeddedCacheManager lifecycle only in DefaultInfinispanConnectionProviderFactory#close

Signed-off-by: Ryan Emerson <remerson@redhat.com>
Signed-off-by: Alexander Schwartz <aschwart@redhat.com>
Co-authored-by: Alexander Schwartz <aschwart@redhat.com>
 2024-10-22 20:19:19 +00:00
Pedro Ruivo
fffa9aa72e Enable virtual threads in Infinispan and JGroups by default 
Closes #33939

Signed-off-by: Pedro Ruivo <pruivo@redhat.com>
Signed-off-by: Alexander Schwartz <aschwart@redhat.com>
Co-authored-by: Alexander Schwartz <aschwart@redhat.com>
 2024-10-21 16:02:28 +00:00
Jon Koops
7657e71be1 Automatically retrieve configuration for authorization 
Closes #14562

Signed-off-by: Jon Koops <jonkoops@gmail.com>
 2024-10-18 14:03:36 +02:00