mirror/keycloak
1
0
Fork 0
mirror of https://github.com/keycloak/keycloak.git synced 2025-12-30 11:29:57 -06:00
Code Issues Packages Projects Releases Wiki Activity
29,645 Commits 20 Branches 287 Tags
5ab371f1ff075fb089bc393ead5e5c29765d8287
Commit Graph

312 Commits

Author SHA1 Message Date
Awambeng
8406cf34fb [OID4VCI]: Realm-Configurable Time-Claim Normalization (Randomize/Round) to Mitigate Correlation (#43834) 
Closes #43399


Signed-off-by: Awambeng <awambengrodrick@gmail.com>
 2025-11-24 11:07:07 +01:00
Sebastian Łaskawiec
081d8e5a01 Move Kubernetes IdP to preview 
Closes #42947

Signed-off-by: Sebastian Łaskawiec <sebastian.laskawiec@defenseunicorns.com>
Signed-off-by: Alexander Schwartz <alexander.schwartz@ibm.com>
Co-authored-by: Alexander Schwartz <alexander.schwartz@ibm.com>
 2025-11-22 12:56:09 +01:00
Stian Thorgersen
2a78bc67d7 Refactoring around federated client authenticator to better handling lookup of IdPs and clients. Also, introducing updates to documentation. (#44325) 
Closes #44253
Closes #42987
Closes #44063

Signed-off-by: stianst <stianst@gmail.com>
Co-authored-by: Alexander Schwartz <alexander.schwartz@gmx.net>
 2025-11-22 12:53:22 +01:00
Pedro Ruivo
13ef89664c More accurate user session expiration logic 
Closes #44204

Signed-off-by: Pedro Ruivo <1492066+pruivo@users.noreply.github.com>
Co-authored-by: Pedro Ruivo <1492066+pruivo@users.noreply.github.com>
 2025-11-19 21:06:17 +01:00
Alexander Schwartz
15a9a36569 Align formatting of referenced RFCs 
Closes #44246

Signed-off-by: Alexander Schwartz <alexander.schwartz@gmx.net>
Co-authored-by: Stian Thorgersen <stian@redhat.com>
 2025-11-17 21:30:13 +01:00
Alexander Schwartz
167249dd6c Updating the specifics around kubernetes service accounts 
Closes #44064

Signed-off-by: Alexander Schwartz <alexander.schwartz@ibm.com>
 2025-11-17 11:23:39 +01:00
Ricardo Martin
20f9bb1570 Fix recaptcha links to the new docs.cloud.google.com site 
Closes #44187

Signed-off-by: rmartinc <rmartinc@redhat.com>
 2025-11-14 09:37:54 +01:00
Chance Coleman
b2317dabdc Add configurable HTTP retry mechanism for OCSP validation (#42535) 
Closes #42401


Signed-off-by: UnicornChance <chance@defenseunicorns.com>
Signed-off-by: Chance Coleman <139784371+chance-coleman@users.noreply.github.com>
 2025-11-13 13:21:13 +01:00
Sebastian Łaskawiec
3288f83dc9 Adding an integration test with Minikube for Kubernetes Service Account Federated Authenticator 
Closes #42983

Signed-off-by: Sebastian Łaskawiec <sebastian.laskawiec@defenseunicorns.com>
Signed-off-by: Alexander Schwartz <alexander.schwartz@ibm.com>
Co-authored-by: Alexander Schwartz <alexander.schwartz@ibm.com>
 2025-11-13 08:52:46 +01:00
Ricardo Martin
de49500393 Client policy to enforce only downscoping in Token Exchange (#44030) 
Closes #43931

Signed-off-by: rmartinc <rmartinc@redhat.com>
 2025-11-12 08:48:42 +01:00
KONSTANTINOS GEORGILAKIS
1c0d4616a5 hide scopes from scopes_supported in discovery endpoint 
Closes #10388

Signed-off-by: cgeorgilakis-grnet <cgeorgilakis@admin.grnet.gr>
Signed-off-by: Alexander Schwartz <alexander.schwartz@ibm.com>
Co-authored-by: Alexander Schwartz <alexander.schwartz@ibm.com>
 2025-11-03 16:26:12 +00:00
蔡秀吉
e84a1d6363 Fix typos and formatting in OIDC auth flows documentation 
Closes #43818

Signed-off-by: thc1006 <84045975+thc1006@users.noreply.github.com>
 2025-11-01 19:14:41 +00:00
Alexander Schwartz
aadffb94fb Fix typo in LDAP edit mode in the docs 
Closes #43720

Signed-off-by: Alexander Schwartz <alexander.schwartz@ibm.com>
 2025-10-27 08:42:44 -03:00
Pedro Igor
6527b139dc Do not lower-case username and email if users are not imported from LDAP 
Closes #43621

Signed-off-by: Pedro Igor <pigor.craveiro@gmail.com>
 2025-10-23 13:02:33 +02:00
Pedro Igor
2b785425fa Allow managing realm admin roles if the the realm-admin role is granted 
Closes #43579
Closes #43578

Signed-off-by: Pedro Igor <pigor.craveiro@gmail.com>
Co-authored-by: Vlasta Ramik <vramik@users.noreply.github.com>
 2025-10-23 08:02:05 -03:00
Stian Thorgersen
f6ac64907d SPIFFE should support OIDC JWK endpoint (#43651) 
Closes #43650

Signed-off-by: stianst <stianst@gmail.com>
 2025-10-22 15:19:56 +02:00
Alexander Schwartz
7b8626ead5 Make intra-document links work in downstream 
Closes #43544

Signed-off-by: Alexander Schwartz <alexander.schwartz@ibm.com>
 2025-10-17 10:52:58 +02:00
Martin Kanis
3f70da04f6 Final review and update for UPDATE_EMAIL documentation 
Closes #42991

Signed-off-by: Martin Kanis <mkanis@redhat.com>
 2025-10-16 09:57:23 -03:00
Giuseppe Graziano
bda0e2a67c Invalidate sessions created with remember me when remember me is disabled for realm 
Closes #43328

Signed-off-by: Giuseppe Graziano <g.graziano94@gmail.com>
 2025-10-14 15:00:41 +00:00
mposolda
c2e49c8c59 'Service accounts roles' should be 'Service account roles' 
closes #43087

Signed-off-by: mposolda <mposolda@gmail.com>
 2025-10-10 11:25:37 +02:00
Martin Kanis
a493213ad4 Hide read-only email attribute in update profile context with update … …email enabled (#43024) 
* Hide read-only email attribute in update profile context with update email enabled

Closes #42990

Signed-off-by: Martin Kanis <mkanis@redhat.com>

* Simplifying conditions when checking read/write on email attribute and more tests

Signed-off-by: Pedro Igor <pigor.craveiro@gmail.com>

---------

Signed-off-by: Martin Kanis <mkanis@redhat.com>
Signed-off-by: Pedro Igor <pigor.craveiro@gmail.com>
Co-authored-by: Pedro Igor <pigor.craveiro@gmail.com>
 2025-10-07 12:52:55 +02:00
Pedro Igor
a3db07a8f5 Re-adding max age setting to the update email action (#43036) 
Closes #43035

Signed-off-by: Pedro Igor <pigor.craveiro@gmail.com>
 2025-09-30 05:31:23 +02:00
Vinod Anandan
f001b9dde1 Trigger Build. 
Signed-off-by: Vinod Anandan <vinod@owasp.org>
 2025-09-25 10:14:15 +02:00
mposolda
389314a65e Typo in the latest documentation 
closes #42918

Signed-off-by: mposolda <mposolda@gmail.com>
 2025-09-24 17:23:52 +02:00
Alexander Schwartz
b95cb0c276 Adding explicit anchor for downstream docs 
Closes #42868

Signed-off-by: Alexander Schwartz <alexander.schwartz@ibm.com>
 2025-09-24 11:21:08 +02:00
Marek Posolda
e09ce9e18d Documentation update for DPoP (#42865) 
closes #42728


Signed-off-by: mposolda <mposolda@gmail.com>
Signed-off-by: Marek Posolda <mposolda@gmail.com>
Co-authored-by: andymunro <48995441+andymunro@users.noreply.github.com>
 2025-09-24 10:00:23 +02:00
vramik
23043b40b4 Fix reset-password scope documentation and upgrading guide 
Closes #42790

Signed-off-by: vramik <vramik@redhat.com>
 2025-09-23 07:31:35 -03:00
rmartinc
2015e08e38 Move DPoP option to the capability section in the admin UI 
Closes #42746

Signed-off-by: rmartinc <rmartinc@redhat.com>
 2025-09-22 17:27:48 +02:00
stianst
fb83a8ba09 Documentation for federated client authentication 
Closes #42721

Signed-off-by: stianst <stianst@gmail.com>
 2025-09-19 11:54:03 +01:00
Stan Silvert
f99c91291c Remove duplicated themes documentation. (#42571) 
* Remove duplicated themes documentation.

Signed-off-by: Stan Silvert <ssilvert@redhat.com>

* Move Theme SPI documentation to Themes Guide

Signed-off-by: Stan Silvert <ssilvert@redhat.com>

* Fix link so test will pass.

Fixes #42396

Signed-off-by: Stan Silvert <ssilvert@redhat.com>

* Fix broken links.

Closes #42396

Signed-off-by: Stan Silvert <ssilvert@redhat.com>

* Fix broken link.

Closes #42396

Signed-off-by: Stan Silvert <ssilvert@redhat.com>

---------

Signed-off-by: Stan Silvert <ssilvert@redhat.com>
 2025-09-18 10:31:52 +02:00
Marek Posolda
d9d19791a4 Clarifying OIDC logout documentation. Removing obsolete unused docs p… (#42636) 
closes #41792


Signed-off-by: mposolda <mposolda@gmail.com>
Signed-off-by: Marek Posolda <mposolda@gmail.com>
Co-authored-by: andymunro <48995441+andymunro@users.noreply.github.com>
 2025-09-16 17:37:42 +02:00
Ricardo Martin
a2acdda535 Automatic download and cache of the SAML client public keys (#41947) 
Closes #17028

Signed-off-by: rmartinc <rmartinc@redhat.com>
 2025-09-16 13:07:33 +02:00
Alexander Schwartz
5cfdaebcea Add missing fields for client offline session timeout and lifespan 
Closes #42369

Signed-off-by: Alexander Schwartz <aschwart@redhat.com>
 2025-09-11 11:46:50 +02:00
Bagautdino
d225bce21f feat(FGAPv2): introduce RESET_PASSWORD scope and evaluation 
- Add RESET_PASSWORD to AdminPermissionsSchema.USERS
- Require RESET_PASSWORD in UserResource.resetPassword()
- Expose canResetPassword()/requireResetPassword()
- Implement FGAP v2 deny-overrides + secure-by-default + optional fallback
- Include access.resetPassword for Admin Console

Closes #41901

Co-authored-by: Pedro Igor <pigor.craveiro@gmail.com>
Signed-off-by: Bagautdino <336373@edu.itmo.ru>
 2025-09-03 15:10:56 -03:00
Alexander Schwartz
665f4140da Adding missing docs for 26.4 release notes 
Closes #42252

Signed-off-by: Alexander Schwartz <alexander.schwartz@gmx.net>
Signed-off-by: Alexander Schwartz <aschwart@redhat.com>
Co-authored-by: Vinod Anandan <vinod@owasp.org>
 2025-09-02 17:47:12 -03:00
Tobias Genannt
ca93863d60 fix: Update to new dash standard 
Closes #42270

Signed-off-by: Tobias Genannt <tobias.genannt@gmail.com>
 2025-09-01 12:49:02 +00:00
Alexis Rico
224ccbb79d Make organization domains optional 
Closes #31285

Signed-off-by: Alexis Rico <sferadev@gmail.com>
 2025-08-27 18:11:15 -03:00
Niko Köbler
236d2f9f62 Add configuration option to automatically add recovery codes action after otp configuration 
closes #41836

Signed-off-by: Niko Köbler <niko@n-k.de>
Signed-off-by: Alexander Schwartz <aschwart@redhat.com>
Co-authored-by: Alexander Schwartz <aschwart@redhat.com>
 2025-08-27 17:56:59 +02:00
Ricardo Martin
46e990b7a7 Check for non-ascii local part on emails depending on SMTP configuration 
Closes #41994

Signed-off-by: rmartinc <rmartinc@redhat.com>
 2025-08-21 08:16:47 +00:00
Steven Hawkins
b6f039a4cc fix: adding a default for ldap connection timeout (#41726) 
closes: #39299

Signed-off-by: Steve Hawkins <shawkins@redhat.com>
Signed-off-by: Steven Hawkins <shawkins@redhat.com>
 2025-08-19 16:43:42 +00:00
Sebastian Łaskawiec
988bf9cb0b WelcomeResource do not create temporary admins (#41416) 
Signed-off-by: Sebastian Łaskawiec <sebastian.laskawiec@defenseunicorns.com>
 2025-08-18 17:31:26 +02:00
Ricardo Martin
949ef35a3b Allow and control sending UTF-8 emails in the default email sender impl 
Closes #41023

Signed-off-by: rmartinc <rmartinc@redhat.com>
Signed-off-by: Alexander Schwartz <aschwart@redhat.com>
Co-authored-by: Alexander Schwartz <aschwart@redhat.com>
 2025-08-15 10:43:38 +00:00
Pedro Igor
3bf46e5421 "linked-accounts" endpoint displays all Identity providers 
Closes #19732

Signed-off-by: Réda Housni Alaoui <reda-alaoui@hey.com>
Co-authored-by: Réda Housni Alaoui <reda-alaoui@hey.com>
 2025-08-14 15:21:03 +02:00
Ricardo Martin
ef312b570c Final changes for passkeys documentation (#41646) 
Closes #41557

Signed-off-by: rmartinc <rmartinc@redhat.com>

Co-authored-by: andymunro <48995441+andymunro@users.noreply.github.com>
Co-authored-by: Marek Posolda <mposolda@gmail.com>
 2025-08-13 09:01:15 +02:00
Peter Skopek
651d651c30 Add missing artifact descriptions to allow Maven Central Portal Publisher pass validation process. (#40822) 
Signed-off-by: Peter Skopek <pskopek@redhat.com>
 2025-08-12 16:50:17 +02:00
Alexander Schwartz
c2515bbb88 Fixing typo and formatting 
Closes #41620

Signed-off-by: Alexander Schwartz <aschwart@redhat.com>
Signed-off-by: Alexander Schwartz <alexander.schwartz@gmx.net>
Co-authored-by: andymunro <48995441+andymunro@users.noreply.github.com>
 2025-08-11 08:26:10 +02:00
Pedro Igor
84fc9bb3e5 Allow forwarding parameters set as a client note in the authentication session 
Closes #41670

Signed-off-by: Pedro Igor <pigor.craveiro@gmail.com>
 2025-08-06 14:57:47 -03:00
huyenvu2101
5436f9781c Allow setting default value for userprofile attribute 
Closes #36160

Signed-off-by: huyenvu2101 <vhuyen2101@gmail.com>
 2025-08-06 13:59:54 -03:00
Takashi Norimatsu
cb4e06b6f8 FAPI 2.0 Security Profile Final - Documentation 
closes #41121

Signed-off-by: Takashi Norimatsu <takashi.norimatsu.ws@hitachi.com>
 2025-08-01 09:24:30 +02:00
forkimenjeckayang
43610cfa67 [OID4VCI] Update SD-JWT VCs Format Identifier to dc+sd-jwt (#41233) 
Closes #39293

Signed-off-by: forkimenjeckayang <forkimenjeckayang@gmail.com>
 2025-08-01 09:13:35 +02:00