mirror/keycloak
1
0
Fork 0
mirror of https://github.com/keycloak/keycloak.git synced 2026-01-05 22:39:52 -06:00
Code Issues Packages Projects Releases Wiki Activity
29,218 Commits 18 Branches 287 Tags
b95cb0c27699fb2466733a0133ebe767cdd91c6f
Commit Graph

288 Commits

Author SHA1 Message Date
Alexander Schwartz
b95cb0c276 Adding explicit anchor for downstream docs 
Closes #42868

Signed-off-by: Alexander Schwartz <alexander.schwartz@ibm.com>
 2025-09-24 11:21:08 +02:00
Marek Posolda
e09ce9e18d Documentation update for DPoP (#42865) 
closes #42728


Signed-off-by: mposolda <mposolda@gmail.com>
Signed-off-by: Marek Posolda <mposolda@gmail.com>
Co-authored-by: andymunro <48995441+andymunro@users.noreply.github.com>
 2025-09-24 10:00:23 +02:00
vramik
23043b40b4 Fix reset-password scope documentation and upgrading guide 
Closes #42790

Signed-off-by: vramik <vramik@redhat.com>
 2025-09-23 07:31:35 -03:00
rmartinc
2015e08e38 Move DPoP option to the capability section in the admin UI 
Closes #42746

Signed-off-by: rmartinc <rmartinc@redhat.com>
 2025-09-22 17:27:48 +02:00
stianst
fb83a8ba09 Documentation for federated client authentication 
Closes #42721

Signed-off-by: stianst <stianst@gmail.com>
 2025-09-19 11:54:03 +01:00
Stan Silvert
f99c91291c Remove duplicated themes documentation. (#42571) 
* Remove duplicated themes documentation.

Signed-off-by: Stan Silvert <ssilvert@redhat.com>

* Move Theme SPI documentation to Themes Guide

Signed-off-by: Stan Silvert <ssilvert@redhat.com>

* Fix link so test will pass.

Fixes #42396

Signed-off-by: Stan Silvert <ssilvert@redhat.com>

* Fix broken links.

Closes #42396

Signed-off-by: Stan Silvert <ssilvert@redhat.com>

* Fix broken link.

Closes #42396

Signed-off-by: Stan Silvert <ssilvert@redhat.com>

---------

Signed-off-by: Stan Silvert <ssilvert@redhat.com>
 2025-09-18 10:31:52 +02:00
Marek Posolda
d9d19791a4 Clarifying OIDC logout documentation. Removing obsolete unused docs p… (#42636) 
closes #41792


Signed-off-by: mposolda <mposolda@gmail.com>
Signed-off-by: Marek Posolda <mposolda@gmail.com>
Co-authored-by: andymunro <48995441+andymunro@users.noreply.github.com>
 2025-09-16 17:37:42 +02:00
Ricardo Martin
a2acdda535 Automatic download and cache of the SAML client public keys (#41947) 
Closes #17028

Signed-off-by: rmartinc <rmartinc@redhat.com>
 2025-09-16 13:07:33 +02:00
Alexander Schwartz
5cfdaebcea Add missing fields for client offline session timeout and lifespan 
Closes #42369

Signed-off-by: Alexander Schwartz <aschwart@redhat.com>
 2025-09-11 11:46:50 +02:00
Bagautdino
d225bce21f feat(FGAPv2): introduce RESET_PASSWORD scope and evaluation 
- Add RESET_PASSWORD to AdminPermissionsSchema.USERS
- Require RESET_PASSWORD in UserResource.resetPassword()
- Expose canResetPassword()/requireResetPassword()
- Implement FGAP v2 deny-overrides + secure-by-default + optional fallback
- Include access.resetPassword for Admin Console

Closes #41901

Co-authored-by: Pedro Igor <pigor.craveiro@gmail.com>
Signed-off-by: Bagautdino <336373@edu.itmo.ru>
 2025-09-03 15:10:56 -03:00
Alexander Schwartz
665f4140da Adding missing docs for 26.4 release notes 
Closes #42252

Signed-off-by: Alexander Schwartz <alexander.schwartz@gmx.net>
Signed-off-by: Alexander Schwartz <aschwart@redhat.com>
Co-authored-by: Vinod Anandan <vinod@owasp.org>
 2025-09-02 17:47:12 -03:00
Tobias Genannt
ca93863d60 fix: Update to new dash standard 
Closes #42270

Signed-off-by: Tobias Genannt <tobias.genannt@gmail.com>
 2025-09-01 12:49:02 +00:00
Alexis Rico
224ccbb79d Make organization domains optional 
Closes #31285

Signed-off-by: Alexis Rico <sferadev@gmail.com>
 2025-08-27 18:11:15 -03:00
Niko Köbler
236d2f9f62 Add configuration option to automatically add recovery codes action after otp configuration 
closes #41836

Signed-off-by: Niko Köbler <niko@n-k.de>
Signed-off-by: Alexander Schwartz <aschwart@redhat.com>
Co-authored-by: Alexander Schwartz <aschwart@redhat.com>
 2025-08-27 17:56:59 +02:00
Ricardo Martin
46e990b7a7 Check for non-ascii local part on emails depending on SMTP configuration 
Closes #41994

Signed-off-by: rmartinc <rmartinc@redhat.com>
 2025-08-21 08:16:47 +00:00
Steven Hawkins
b6f039a4cc fix: adding a default for ldap connection timeout (#41726) 
closes: #39299

Signed-off-by: Steve Hawkins <shawkins@redhat.com>
Signed-off-by: Steven Hawkins <shawkins@redhat.com>
 2025-08-19 16:43:42 +00:00
Sebastian Łaskawiec
988bf9cb0b WelcomeResource do not create temporary admins (#41416) 
Signed-off-by: Sebastian Łaskawiec <sebastian.laskawiec@defenseunicorns.com>
 2025-08-18 17:31:26 +02:00
Ricardo Martin
949ef35a3b Allow and control sending UTF-8 emails in the default email sender impl 
Closes #41023

Signed-off-by: rmartinc <rmartinc@redhat.com>
Signed-off-by: Alexander Schwartz <aschwart@redhat.com>
Co-authored-by: Alexander Schwartz <aschwart@redhat.com>
 2025-08-15 10:43:38 +00:00
Pedro Igor
3bf46e5421 "linked-accounts" endpoint displays all Identity providers 
Closes #19732

Signed-off-by: Réda Housni Alaoui <reda-alaoui@hey.com>
Co-authored-by: Réda Housni Alaoui <reda-alaoui@hey.com>
 2025-08-14 15:21:03 +02:00
Ricardo Martin
ef312b570c Final changes for passkeys documentation (#41646) 
Closes #41557

Signed-off-by: rmartinc <rmartinc@redhat.com>

Co-authored-by: andymunro <48995441+andymunro@users.noreply.github.com>
Co-authored-by: Marek Posolda <mposolda@gmail.com>
 2025-08-13 09:01:15 +02:00
Peter Skopek
651d651c30 Add missing artifact descriptions to allow Maven Central Portal Publisher pass validation process. (#40822) 
Signed-off-by: Peter Skopek <pskopek@redhat.com>
 2025-08-12 16:50:17 +02:00
Alexander Schwartz
c2515bbb88 Fixing typo and formatting 
Closes #41620

Signed-off-by: Alexander Schwartz <aschwart@redhat.com>
Signed-off-by: Alexander Schwartz <alexander.schwartz@gmx.net>
Co-authored-by: andymunro <48995441+andymunro@users.noreply.github.com>
 2025-08-11 08:26:10 +02:00
Pedro Igor
84fc9bb3e5 Allow forwarding parameters set as a client note in the authentication session 
Closes #41670

Signed-off-by: Pedro Igor <pigor.craveiro@gmail.com>
 2025-08-06 14:57:47 -03:00
huyenvu2101
5436f9781c Allow setting default value for userprofile attribute 
Closes #36160

Signed-off-by: huyenvu2101 <vhuyen2101@gmail.com>
 2025-08-06 13:59:54 -03:00
Takashi Norimatsu
cb4e06b6f8 FAPI 2.0 Security Profile Final - Documentation 
closes #41121

Signed-off-by: Takashi Norimatsu <takashi.norimatsu.ws@hitachi.com>
 2025-08-01 09:24:30 +02:00
forkimenjeckayang
43610cfa67 [OID4VCI] Update SD-JWT VCs Format Identifier to dc+sd-jwt (#41233) 
Closes #39293

Signed-off-by: forkimenjeckayang <forkimenjeckayang@gmail.com>
 2025-08-01 09:13:35 +02:00
Alexander Schwartz
e1b3afb686 Refresh token for an OAuth2 based IDP when retrieving the IDP token 
Closes #14644

Signed-off-by: Alexander Schwartz <aschwart@redhat.com>
 2025-07-31 11:11:34 +02:00
rmartinc
1f608fae6e Create a new condition for credential type and add it to default flows 
Closes #41354

Signed-off-by: rmartinc <rmartinc@redhat.com>
 2025-07-31 10:14:15 +02:00
Martin Bartoš
57cb321ce0 ExternalLinks are broken in documentation 
Closes #41491

Signed-off-by: Martin Bartoš <mabartos@redhat.com>
 2025-07-30 11:21:11 +02:00
rmartinc
e0bba39da0 Allow configure encryption details for SAML clients 
Closes #40933

Signed-off-by: rmartinc <rmartinc@redhat.com>
 2025-07-18 20:13:40 +02:00
Martin Kanis
85b494ec51 Review and update the documentation regarding the UPDATE EMAIL feature 
Closes #40226

Signed-off-by: Martin Kanis <mkanis@redhat.com>
 2025-07-17 15:27:09 +00:00
Alexander Schwartz
180745b65f Fix em-dash in SPI options in the docs 
Closes #41152

Signed-off-by: Alexander Schwartz <aschwart@redhat.com>
Signed-off-by: Alexander Schwartz <alexander.schwartz@gmx.net>
Co-authored-by: Steven Hawkins <shawkins@redhat.com>
 2025-07-16 12:18:09 -03:00
Pedro Igor
87f30a6285 Adding a config to the UPDATE_EMAIL action to force users to verify email 
Closes #32569

Signed-off-by: Pedro Igor <pigor.craveiro@gmail.com>
 2025-07-16 16:21:08 +02:00
mposolda
274afa88fa Add option 'Requires short state parameter' to OIDC IDP 
closes #40237

Signed-off-by: mposolda <mposolda@gmail.com>
 2025-07-11 16:17:03 +02:00
Pascal Knüppel
f39a37d8d1 [OID4VCI] Move realm attributes to clientScope and protocol-mappers (#39768) 
fixes #39527


Signed-off-by: Pascal Knüppel <pascal.knueppel@governikus.de>
Signed-off-by: Captain-P-Goldfish <captain.p.goldfish@gmx.de>
 2025-07-10 14:46:36 +02:00
Pedro Ruivo
9322d71d61 UserSession Offline removed from DB if not in cache 
Fixes #40754

Signed-off-by: Pedro Ruivo <pruivo@redhat.com>
Signed-off-by: Alexander Schwartz <alexander.schwartz@gmx.net>
Co-authored-by: Alexander Schwartz <alexander.schwartz@gmx.net>
 2025-07-07 20:52:06 +02:00
Ricardo Martin
8624101701 Documentation changes for Passkeys (#40728) 
Closes #40705

Signed-off-by: rmartinc <rmartinc@redhat.com>


Co-authored-by: Alexander Schwartz <alexander.schwartz@gmx.net>
Signed-off-by: Ricardo Martin <rmartinc@redhat.com>
 2025-06-27 14:59:46 +02:00
andymunro
e7b4f745ad Clarify OpenShift instructions (#40488) 
Closes #40487

Signed-off-by: AndyMunro <amunro@redhat.com>
 2025-06-20 17:07:48 +02:00
Henrik S.
c952cb66ad Update authentication flows documentation to match new GUI 
Closes #40514

Signed-off-by: Henrik S. <henrik.strath@volvocars.com>
Signed-off-by: Alexander Schwartz <aschwart@redhat.com>
Co-authored-by: Alexander Schwartz <aschwart@redhat.com>
 2025-06-16 08:24:43 +00:00
Steven Hawkins
76bc9fadcb fix: adding a -- separator for spi options (#40005) 
* fix: adding a -- separator for spi options

closes: #39063

Signed-off-by: Steve Hawkins <shawkins@redhat.com>

* adding a warning for ambiguous spi options

also adding a note about the change

Signed-off-by: Steve Hawkins <shawkins@redhat.com>
# Conflicts:
#	docs/documentation/upgrading/topics/changes/changes-26_3_0.adoc

* updating docs to the new format

Signed-off-by: Steve Hawkins <shawkins@redhat.com>
# Conflicts:
#	docs/guides/high-availability/examples/generated/keycloak-ispn.yaml
#	docs/guides/high-availability/examples/generated/keycloak.yaml

* internally using the new spi options

also adding a deprecation notice

Signed-off-by: Steve Hawkins <shawkins@redhat.com>

* Apply suggestions from code review

Co-authored-by: Martin Bartoš <mabartos@redhat.com>
Signed-off-by: Steven Hawkins <shawkins@redhat.com>

* correcting options output

adding + + inlining where needed

Signed-off-by: Steve Hawkins <shawkins@redhat.com>

* adding test showing the env mapping with __

Signed-off-by: Steve Hawkins <shawkins@redhat.com>

---------

Signed-off-by: Steve Hawkins <shawkins@redhat.com>
Signed-off-by: Steven Hawkins <shawkins@redhat.com>
Co-authored-by: Martin Bartoš <mabartos@redhat.com>
 2025-06-13 16:13:53 +02:00
Ricardo Martin
b89f8a0225 Documentation changes for the 2FA additions 
Closes #40001

Signed-off-by: rmartinc <rmartinc@redhat.com>
 2025-06-12 09:30:27 +02:00
mposolda
b03b9f9e3a Improve documentation of service-accounts and make it more clear. Delete the unused file service-accounts.adoc 
closes #39748

Signed-off-by: mposolda <mposolda@gmail.com>
 2025-06-05 08:45:12 +02:00
Pedro Igor
7cc055f8a6 Verify brokered user email based on the email_verified claim from the ID Token returned by the OP 
Closes #39885

Signed-off-by: Pedro Igor <pigor.craveiro@gmail.com>
 2025-05-29 10:45:18 -03:00
Pedro Igor
e6e6fa60fa Adding OAuth2-based identity broker 
Closes #35266

Signed-off-by: Pedro Igor <pigor.craveiro@gmail.com>
 2025-05-27 12:07:01 -03:00
rmartinc
3c511635ba Skip AIA for webauthn register if a crendential of teh correct type already exists 
Closes #39191

Signed-off-by: rmartinc <rmartinc@redhat.com>
 2025-05-20 18:09:12 +02:00
Kai J. Witt
c76bb0683c Make max auth age configurable for all required actions by default 
Moved the current configuration implementation for the update password

Closes #39408

Signed-off-by: Kai Josef Witt <KWitt@vhv.de>
Signed-off-by: Marek Posolda <mposolda@gmail.com>
Co-authored-by: Kai Josef Witt <KWitt@vhv.de>
Co-authored-by: Marek Posolda <mposolda@gmail.com>
 2025-05-15 08:44:38 +02:00
Awambeng
ea4ef74917 Fix doc(oid4vc): Correct realm-attributes example and update HTTP method in docs (#39409) 
Closes #39264

Signed-off-by: Awambeng Rodrick <awambengrodrick@gmail.com>
 2025-05-13 10:09:14 +02:00
rmartinc
4730dbdd8d Make recovery codes supported 
Closes #38994

Signed-off-by: rmartinc <rmartinc@redhat.com>
 2025-04-29 10:25:46 +02:00
mposolda
e9283ee71d Documentation for recovery codes (deprecation of password policy and required action config) 
closes #39245

Signed-off-by: mposolda <mposolda@gmail.com>
 2025-04-29 09:29:38 +02:00
Emmanuel Lécharny
a48469896e Added a link to the ApacheDS doc for server side password hashing 
Closes #39136

Signed-off-by: Emmanuel Lécharny <elecharny@gmail.com>
 2025-04-24 09:25:03 +00:00