mirror/keycloak
1
0
Fork 0
mirror of https://github.com/keycloak/keycloak.git synced 2026-01-24 16:18:51 -06:00
Code Issues Packages Projects Releases Wiki Activity
27,405 Commits 24 Branches 291 Tags
822eb4471d68d09bad89d70cc71f33db59932021
Commit Graph

56 Commits

Author SHA1 Message Date
Giuseppe Graziano
bd807ceac3 Select auth flow via acr using client policies (#36441) 
Closes #24297


Co-authored-by: Ben Cresitello-Dittmar <bcresitellodittmar@mitre.org>
Signed-off-by: Giuseppe Graziano <g.graziano94@gmail.com>
 2025-01-23 19:46:07 +01:00
rmartinc
f89be1813d Check next update time for CRL in certificate validation 
Closes #35983

Signed-off-by: rmartinc <rmartinc@redhat.com>
 2025-01-22 14:58:35 +01:00
rmartinc
17d2dd58ca Add some common headers for the links check in docs 
Closes #36675

Signed-off-by: rmartinc <rmartinc@redhat.com>
 2025-01-22 12:21:29 +01:00
Stian Thorgersen
bc2665fc2a Re-order items in release notes for 26.1 (#36346) 
* Re-order items in release notes for 26.1

Signed-off-by: stianst <stianst@gmail.com>

* Review (#161)

Signed-off-by: Alexander Schwartz <aschwart@redhat.com>

---------

Signed-off-by: stianst <stianst@gmail.com>
Signed-off-by: Alexander Schwartz <aschwart@redhat.com>
Co-authored-by: Alexander Schwartz <alexander.schwartz@gmx.net>
 2025-01-14 09:21:04 +00:00
Marek Posolda
4ab34f4816 Updating release notes with core-clients contributions and features (#36066) 
closes #35953

Signed-off-by: mposolda <mposolda@gmail.com>


Co-authored-by: andymunro <48995441+andymunro@users.noreply.github.com>
Signed-off-by: Marek Posolda <mposolda@gmail.com>
 2024-12-20 10:15:55 +01:00
Marek Posolda
a3fd076960 Adding ConditionalClientScopeAuthenticator (#36020) 
closes #36081 

Signed-off-by: mposolda <mposolda@gmail.com>


Co-authored-by: andymunro <48995441+andymunro@users.noreply.github.com>
Signed-off-by: Marek Posolda <mposolda@gmail.com>
 2024-12-20 09:53:51 +01:00
Thomas Darimont
3cdbbc5b15 Add support for Initiating User Registration via prompt=create (#10701) (#35903) 
Fixes #10701

Signed-off-by: Thomas Darimont <thomas.darimont@googlemail.com>
 2024-12-16 19:54:52 +01:00
Ricardo Martin
bbca6116b0 Implement a conditional authenticator to check if a sub-flow was executed or not previously in the process (#35668) 
Closes #35231

Signed-off-by: rmartinc <rmartinc@redhat.com>


Co-authored-by: Marek Posolda <mposolda@gmail.com>
Co-authored-by: andymunro <48995441+andymunro@users.noreply.github.com>
 2024-12-12 11:16:30 +01:00
Alexander Schwartz
b98cd12b58 Changing mis-formatted definition list of hashing algorithms to a table 
Closes #35416

Signed-off-by: Alexander Schwartz <aschwart@redhat.com>
 2024-12-02 15:05:05 -03:00
Cornelius Roemer
29abfd3e89 Fix typos in *.md and *.adoc files using codespell interactive mode 
Closes #35256

This PR fixes a bunch of typos in docs files.

I ran codespell on `*.adoc` and `*.md` files in the repo in interactive mode
carefully checking each identified typo and proposed fix for false positives.

The most widely read file with typos identified is likely the changelog/migration guide.

Signed-off-by: Cornelius Roemer <cornelius.roemer@gmail.com>
 2024-11-25 08:21:26 +01:00
AndyMunro
e2d221c4bd Address QE comments on Server Admin Guide 
Closes #34916

Signed-off-by: AndyMunro <amunro@redhat.com>
 2024-11-22 10:20:18 +01:00
Ricardo Martin
ca1c10f7ba Use short UUID for ldap components (#34815) 
Closes #32143

Signed-off-by: rmartinc <rmartinc@redhat.com>
 2024-11-15 15:15:04 +01:00
Alexander Schwartz
d4991ce56f Fix server guide cross-references for downstream docs 
Closes #31947

Signed-off-by: Alexander Schwartz <aschwart@redhat.com>
 2024-08-13 14:51:01 -03:00
rmartinc
942d5d0aa3 Convert chapter planning for securing applications and services to guides 
Final removal of the securing_apps documentation
Final checks for links, order and other minor things
Closes #31328

Signed-off-by: rmartinc <rmartinc@redhat.com>
 2024-08-01 16:45:56 +02:00
Giuseppe Graziano
c3019fb2d3 Move oidc documentation to guides (#31627) 
Closes #31329

Signed-off-by: Giuseppe Graziano <g.graziano94@gmail.com>
 2024-07-30 09:46:14 +02:00
Pedro Igor
f4b1a5ca88 Updating docs 
Signed-off-by: Pedro Igor <pigor.craveiro@gmail.com>
 2024-07-24 15:12:16 -03:00
Maciej Mierzwa
97e89e2071 feature: password age in days policy 
Closes #30210

Signed-off-by: Maciej Mierzwa <dev.maciej.mierzwa@gmail.com>
 2024-07-24 15:12:16 -03:00
Douglas Palmer
54f4ab50f0 Broken external links 
Closes #30717

Signed-off-by: Douglas Palmer <dpalmer@redhat.com>
 2024-06-25 09:55:50 +02:00
CARBONNEAUX Mathieu
acf79b81c7 add RS256 algorithm to webauthn default policy (#30528) 
closes #28020 

Signed-off-by: Mathieu CARBONNEAUX <mathieu.carbonneaux@ch2o.info>
 2024-06-19 10:16:46 +02:00
Marek Posolda
79c8c80058 Example for X.509 direct grant flow authentication (#30203) 
closes #29639

Signed-off-by: mposolda <mposolda@gmail.com>


Co-authored-by: andymunro <48995441+andymunro@users.noreply.github.com>
 2024-06-06 11:58:09 +02:00
Marek Posolda
336b2c875f Update release notes for Keycloak 25 (#29894) 
closes #29576

Signed-off-by: mposolda <mposolda@gmail.com>


Co-authored-by: andymunro <48995441+andymunro@users.noreply.github.com>
 2024-05-29 14:19:17 +02:00
Marek Posolda
6dc28bc7b5 Clarify the documentation about step-up authentication (#29735) 
closes #28341

Signed-off-by: mposolda <mposolda@gmail.com>


Co-authored-by: andymunro <48995441+andymunro@users.noreply.github.com>
 2024-05-21 19:46:27 +02:00
mposolda
bbd4b60163 Update documentation after adapters removal 
closes #28792

Signed-off-by: mposolda <mposolda@gmail.com>
 2024-05-21 09:34:48 +02:00
Takashi Norimatsu
b4e7d9b1aa Passkeys: Supporting WebAuthn Conditional UI (#24305) 
closes #24264

Signed-off-by: Takashi Norimatsu <takashi.norimatsu.ws@hitachi.com>
Signed-off-by: mposolda <mposolda@gmail.com>


Co-authored-by: mposolda <mposolda@gmail.com>
 2024-05-16 07:58:43 +02:00
Dimitri Papadopoulos Orfanos
9db1443367 Fix typos found by codespell in docs (#28890) 
Run `chmod -x` on files that need not be executable.

Signed-off-by: Dimitri Papadopoulos <3234522+DimitriPapadopoulos@users.noreply.github.com>
Signed-off-by: Alexander Schwartz <aschwart@redhat.com>
Co-authored-by: Alexander Schwartz <aschwart@redhat.com>
 2024-05-03 12:41:16 +00:00
Alexander Schwartz
5b4a69a6e9 Limit the concurrency of password hashing to the number of CPU cores available 
Closes #28477

Signed-off-by: Alexander Schwartz <aschwart@redhat.com>
 2024-04-15 15:05:09 +02:00
Christopher Miles
1646315939 Deny list lower cases all passwords when loading from file 
Closes #28381

We always lower case the inbound password before comparing against the deny list
yet the deny list may contain passwords that contain upper case letters. With
this change we will now convert passwords from the deny list into lower case
while loading, ensuring that more passwords match the deny list.

Signed-off-by: Christopher Miles <twitch@nervestaple.com>
 2024-04-15 08:49:37 +02:00
Marek Posolda
13daaa55ba Documentation for changes related to 'You are already logged in' scen… (#28595) 
closes #27879

Signed-off-by: mposolda <mposolda@gmail.com>


Co-authored-by: andymunro <48995441+andymunro@users.noreply.github.com>
 2024-04-11 08:18:41 +02:00
Stian Thorgersen
c3a98ae387 Use Argon2 as default password hashing algorithm (#28162) 
Closes #28161

Signed-off-by: stianst <stianst@gmail.com>
 2024-03-22 13:04:14 +00:00
Stian Thorgersen
cae92cbe8c Argon2 password hashing provider (#28031) 
Closes #28030

Signed-off-by: stianst <stianst@gmail.com>
 2024-03-22 07:08:09 +01:00
AndyMunro
d61b1ddb09 Edit use of Keycloak in Server Admin Guide 
Closes #27955

Signed-off-by: AndyMunro <amunro@redhat.com>
 2024-03-18 09:51:55 +01:00
Stian Thorgersen
81f3f211f3 Delete all deprecated and unmaintained examples (#27855) 
Signed-off-by: stianst <stianst@gmail.com>
 2024-03-15 07:24:20 +01:00
Alexander Schwartz
4b697009d3 Clean up feature IDs in the docs (#27418) 
Closes #27416

Signed-off-by: Alexander Schwartz <aschwart@redhat.com>
 2024-03-06 12:32:06 +01:00
Takashi Norimatsu
3db04d8d8d Replace Security Key with Passkey in WebAuthn UIs and their documents 
closes #27147

Signed-off-by: Takashi Norimatsu <takashi.norimatsu.ws@hitachi.com>
 2024-02-29 10:31:05 +01:00
Alexander Schwartz
6de61f61f0 Adding missing explicit IDs for cross-references 
Closes #27316

Signed-off-by: Alexander Schwartz <aschwart@redhat.com>
 2024-02-28 08:37:52 +01:00
Takashi Norimatsu
849a920955 Rename Resident key to Discoverable Credential 
closes #9508

Signed-off-by: Takashi Norimatsu <takashi.norimatsu.ws@hitachi.com>
 2024-02-19 14:12:15 +01:00
Marek Posolda
e2fb8406a3 Fixing the docs about default hashing iterations (#27020) 
closes #26816

Signed-off-by: mposolda <mposolda@gmail.com>


Co-authored-by: andymunro <48995441+andymunro@users.noreply.github.com>
 2024-02-15 08:11:44 +01:00
Pedro Igor
750bc2c09c Reviewing references to user attribute management and UIs 
Closes #26155

Signed-off-by: Pedro Igor <pigor.craveiro@gmail.com>
 2024-02-12 16:01:34 +01:00
mposolda
7af753e166 Documentation for AIA 
closes #25569

Signed-off-by: mposolda <mposolda@gmail.com>

Co-authored-by: andymunro <48995441+andymunro@users.noreply.github.com>
 2024-02-12 09:42:34 +01:00
christian-2
e14b523a8d Fixes typo in Server Administration guide (#26543) 
Signed-off-by: Christian Hörtnagl <christian2@univie.ac.at>
 2024-02-01 19:36:32 +01:00
Ben Cresitello-Dittmar
057d8a00ac Implement Authentication Method Reference (AMR) claim from OIDC specification 
This implements a method for configuring authenticator reference values for Keycloak authenticator executions and a protocol mapper for populating the AMR claim in the resulting OIDC tokens.

This implementation adds a default configuration item to each authenticator execution, allowing administrators to configure an authenticator reference value. Upon successful completion of an authenticator during an authentication flow, Keycloak tracks the execution ID in a user session note.

The protocol mapper pulls the list of completed authenticators from the user session notes and loads the associated configurations for each authenticator execution. It then captures the list of authenticator references from these configs and sets it in the AMR claim of the resulting tokens.

Closes #19190

Signed-off-by: Ben Cresitello-Dittmar <bcresitellodittmar@mitre.org>
 2024-01-03 14:59:05 -03:00
Thomas Darimont
d30d692335 Introduce MaxAuthAge Password policy (#12943) 
This policy allows to specify the maximum age of an authentication
with which a password may be changed without re-authentication.

Defaults to 300 seconds (default taken from Constants.KC_ACTION_MAX_AGE) to remain backwards compatible.
A value of 0 will always require reauthentication to update the password.
Add documentation for MaxAuthAgePasswordPolicy to server_admin

Fixes #12943

Signed-off-by: Thomas Darimont <thomas.darimont@googlemail.com>
 2023-11-20 14:48:17 +01:00
AndyMunro
20f5edc708 Addressing Server Admin review comments 
Closes #24643

Signed-off-by: AndyMunro <amunro@redhat.com>
 2023-11-13 15:48:02 +01:00
Takashi Norimatsu
1c8cddf145 passkeys: documentation 
closes #23660
 2023-10-24 14:48:13 +02:00
mposolda
57e51e9dd4 Use an original domain name of Kerberos Principal in UserModel attribute instead of configured value of Kerberos realm in User federation 
closes #20045
 2023-08-30 13:24:48 +02:00
Alexander Schwartz
08dfdffbfb Fixed updated links for freeipa (#22040) 
Closes #22039
 2023-07-28 07:31:03 +02:00
David Bister
9420670f14 Update regex password policy to state the specific type of regex to be used. 
Closes #21652
 2023-07-14 16:32:37 +02:00
Thomas Darimont
637fa741b0 Align naming of OTP policy window setting with actual semantics (#20469) (#21316) 
Closes #20469
 2023-07-04 12:41:21 +02:00
Joshua Sorah
c28eba6382 Fix failing External Link Checks 
Update URLs that are just redirects to another page.
Point to RFC 7517 for JWK draft docs that were hosted on personal site

Closes keycloak/keycloak#21263
 2023-06-27 20:58:17 +02:00
Daniele Martinoli
d9b271c22a Extends the conditional user attribute authenticator to check the attributes of the joined groups (#20189) 
Closes #20007
 2023-06-19 15:22:35 +02:00