mirror/keycloak
1
0
Fork 0
mirror of https://github.com/keycloak/keycloak.git synced 2026-01-05 22:39:52 -06:00
Code Issues Packages Projects Releases Wiki Activity
28,815 Commits 18 Branches 287 Tags
c2515bbb88485391d76706fc24ec46afd75ba57a
Commit Graph

267 Commits

Author SHA1 Message Date
Alexander Schwartz
c2515bbb88 Fixing typo and formatting 
Closes #41620

Signed-off-by: Alexander Schwartz <aschwart@redhat.com>
Signed-off-by: Alexander Schwartz <alexander.schwartz@gmx.net>
Co-authored-by: andymunro <48995441+andymunro@users.noreply.github.com>
 2025-08-11 08:26:10 +02:00
Pedro Igor
84fc9bb3e5 Allow forwarding parameters set as a client note in the authentication session 
Closes #41670

Signed-off-by: Pedro Igor <pigor.craveiro@gmail.com>
 2025-08-06 14:57:47 -03:00
huyenvu2101
5436f9781c Allow setting default value for userprofile attribute 
Closes #36160

Signed-off-by: huyenvu2101 <vhuyen2101@gmail.com>
 2025-08-06 13:59:54 -03:00
Takashi Norimatsu
cb4e06b6f8 FAPI 2.0 Security Profile Final - Documentation 
closes #41121

Signed-off-by: Takashi Norimatsu <takashi.norimatsu.ws@hitachi.com>
 2025-08-01 09:24:30 +02:00
forkimenjeckayang
43610cfa67 [OID4VCI] Update SD-JWT VCs Format Identifier to dc+sd-jwt (#41233) 
Closes #39293

Signed-off-by: forkimenjeckayang <forkimenjeckayang@gmail.com>
 2025-08-01 09:13:35 +02:00
Alexander Schwartz
e1b3afb686 Refresh token for an OAuth2 based IDP when retrieving the IDP token 
Closes #14644

Signed-off-by: Alexander Schwartz <aschwart@redhat.com>
 2025-07-31 11:11:34 +02:00
rmartinc
1f608fae6e Create a new condition for credential type and add it to default flows 
Closes #41354

Signed-off-by: rmartinc <rmartinc@redhat.com>
 2025-07-31 10:14:15 +02:00
Martin Bartoš
57cb321ce0 ExternalLinks are broken in documentation 
Closes #41491

Signed-off-by: Martin Bartoš <mabartos@redhat.com>
 2025-07-30 11:21:11 +02:00
rmartinc
e0bba39da0 Allow configure encryption details for SAML clients 
Closes #40933

Signed-off-by: rmartinc <rmartinc@redhat.com>
 2025-07-18 20:13:40 +02:00
Martin Kanis
85b494ec51 Review and update the documentation regarding the UPDATE EMAIL feature 
Closes #40226

Signed-off-by: Martin Kanis <mkanis@redhat.com>
 2025-07-17 15:27:09 +00:00
Alexander Schwartz
180745b65f Fix em-dash in SPI options in the docs 
Closes #41152

Signed-off-by: Alexander Schwartz <aschwart@redhat.com>
Signed-off-by: Alexander Schwartz <alexander.schwartz@gmx.net>
Co-authored-by: Steven Hawkins <shawkins@redhat.com>
 2025-07-16 12:18:09 -03:00
Pedro Igor
87f30a6285 Adding a config to the UPDATE_EMAIL action to force users to verify email 
Closes #32569

Signed-off-by: Pedro Igor <pigor.craveiro@gmail.com>
 2025-07-16 16:21:08 +02:00
mposolda
274afa88fa Add option 'Requires short state parameter' to OIDC IDP 
closes #40237

Signed-off-by: mposolda <mposolda@gmail.com>
 2025-07-11 16:17:03 +02:00
Pascal Knüppel
f39a37d8d1 [OID4VCI] Move realm attributes to clientScope and protocol-mappers (#39768) 
fixes #39527


Signed-off-by: Pascal Knüppel <pascal.knueppel@governikus.de>
Signed-off-by: Captain-P-Goldfish <captain.p.goldfish@gmx.de>
 2025-07-10 14:46:36 +02:00
Pedro Ruivo
9322d71d61 UserSession Offline removed from DB if not in cache 
Fixes #40754

Signed-off-by: Pedro Ruivo <pruivo@redhat.com>
Signed-off-by: Alexander Schwartz <alexander.schwartz@gmx.net>
Co-authored-by: Alexander Schwartz <alexander.schwartz@gmx.net>
 2025-07-07 20:52:06 +02:00
Ricardo Martin
8624101701 Documentation changes for Passkeys (#40728) 
Closes #40705

Signed-off-by: rmartinc <rmartinc@redhat.com>


Co-authored-by: Alexander Schwartz <alexander.schwartz@gmx.net>
Signed-off-by: Ricardo Martin <rmartinc@redhat.com>
 2025-06-27 14:59:46 +02:00
andymunro
e7b4f745ad Clarify OpenShift instructions (#40488) 
Closes #40487

Signed-off-by: AndyMunro <amunro@redhat.com>
 2025-06-20 17:07:48 +02:00
Henrik S.
c952cb66ad Update authentication flows documentation to match new GUI 
Closes #40514

Signed-off-by: Henrik S. <henrik.strath@volvocars.com>
Signed-off-by: Alexander Schwartz <aschwart@redhat.com>
Co-authored-by: Alexander Schwartz <aschwart@redhat.com>
 2025-06-16 08:24:43 +00:00
Steven Hawkins
76bc9fadcb fix: adding a -- separator for spi options (#40005) 
* fix: adding a -- separator for spi options

closes: #39063

Signed-off-by: Steve Hawkins <shawkins@redhat.com>

* adding a warning for ambiguous spi options

also adding a note about the change

Signed-off-by: Steve Hawkins <shawkins@redhat.com>
# Conflicts:
#	docs/documentation/upgrading/topics/changes/changes-26_3_0.adoc

* updating docs to the new format

Signed-off-by: Steve Hawkins <shawkins@redhat.com>
# Conflicts:
#	docs/guides/high-availability/examples/generated/keycloak-ispn.yaml
#	docs/guides/high-availability/examples/generated/keycloak.yaml

* internally using the new spi options

also adding a deprecation notice

Signed-off-by: Steve Hawkins <shawkins@redhat.com>

* Apply suggestions from code review

Co-authored-by: Martin Bartoš <mabartos@redhat.com>
Signed-off-by: Steven Hawkins <shawkins@redhat.com>

* correcting options output

adding + + inlining where needed

Signed-off-by: Steve Hawkins <shawkins@redhat.com>

* adding test showing the env mapping with __

Signed-off-by: Steve Hawkins <shawkins@redhat.com>

---------

Signed-off-by: Steve Hawkins <shawkins@redhat.com>
Signed-off-by: Steven Hawkins <shawkins@redhat.com>
Co-authored-by: Martin Bartoš <mabartos@redhat.com>
 2025-06-13 16:13:53 +02:00
Ricardo Martin
b89f8a0225 Documentation changes for the 2FA additions 
Closes #40001

Signed-off-by: rmartinc <rmartinc@redhat.com>
 2025-06-12 09:30:27 +02:00
mposolda
b03b9f9e3a Improve documentation of service-accounts and make it more clear. Delete the unused file service-accounts.adoc 
closes #39748

Signed-off-by: mposolda <mposolda@gmail.com>
 2025-06-05 08:45:12 +02:00
Pedro Igor
7cc055f8a6 Verify brokered user email based on the email_verified claim from the ID Token returned by the OP 
Closes #39885

Signed-off-by: Pedro Igor <pigor.craveiro@gmail.com>
 2025-05-29 10:45:18 -03:00
Pedro Igor
e6e6fa60fa Adding OAuth2-based identity broker 
Closes #35266

Signed-off-by: Pedro Igor <pigor.craveiro@gmail.com>
 2025-05-27 12:07:01 -03:00
rmartinc
3c511635ba Skip AIA for webauthn register if a crendential of teh correct type already exists 
Closes #39191

Signed-off-by: rmartinc <rmartinc@redhat.com>
 2025-05-20 18:09:12 +02:00
Kai J. Witt
c76bb0683c Make max auth age configurable for all required actions by default 
Moved the current configuration implementation for the update password

Closes #39408

Signed-off-by: Kai Josef Witt <KWitt@vhv.de>
Signed-off-by: Marek Posolda <mposolda@gmail.com>
Co-authored-by: Kai Josef Witt <KWitt@vhv.de>
Co-authored-by: Marek Posolda <mposolda@gmail.com>
 2025-05-15 08:44:38 +02:00
Awambeng
ea4ef74917 Fix doc(oid4vc): Correct realm-attributes example and update HTTP method in docs (#39409) 
Closes #39264

Signed-off-by: Awambeng Rodrick <awambengrodrick@gmail.com>
 2025-05-13 10:09:14 +02:00
rmartinc
4730dbdd8d Make recovery codes supported 
Closes #38994

Signed-off-by: rmartinc <rmartinc@redhat.com>
 2025-04-29 10:25:46 +02:00
mposolda
e9283ee71d Documentation for recovery codes (deprecation of password policy and required action config) 
closes #39245

Signed-off-by: mposolda <mposolda@gmail.com>
 2025-04-29 09:29:38 +02:00
Emmanuel Lécharny
a48469896e Added a link to the ApacheDS doc for server side password hashing 
Closes #39136

Signed-off-by: Emmanuel Lécharny <elecharny@gmail.com>
 2025-04-24 09:25:03 +00:00
Emmanuel Lécharny
1dc97d5d4d Update ldap.adoc with ApacheDS details 
Added some precision about ApacheDS password management.

Closes #39136

Signed-off-by: Emmanuel Lécharny <elecharny@apache.org>
Signed-off-by: Alexander Schwartz <alexander.schwartz@gmx.net>
Co-authored-by: Alexander Schwartz <alexander.schwartz@gmx.net>
 2025-04-23 07:55:59 +02:00
Marek Posolda
f8a4a8da86 Unexpected AIA Cause Server Errors 
closes #37526

Signed-off-by: mposolda <mposolda@gmail.com>
 2025-04-17 14:15:07 +00:00
Pedro Igor
1ba8fe16ac Deprecate for removal Instagram Identity Broker (#38998) 
Closes #37967
Closes #36562

Signed-off-by: Pedro Igor <pigor.craveiro@gmail.com>
 2025-04-17 09:07:06 +02:00
Pedro Igor
288b6dae12 More information to docs 
Closes #38798

Signed-off-by: Pedro Igor <pigor.craveiro@gmail.com>
 2025-04-10 20:03:05 +02:00
Pedro Igor
ae88d7921f Improvements to partial evaluation 
Closes #38732

Signed-off-by: Pedro Igor <pigor.craveiro@gmail.com>
 2025-04-09 18:15:28 +02:00
Pedro Igor
87430fc181 Add impersonate-members scope to group resource type 
Closes #38566

Signed-off-by: Pedro Igor <pigor.craveiro@gmail.com>
 2025-04-07 14:56:27 +00:00
vramik
6488890585 [FGAP:V2] remove configure scope from Client resource type 
Closes #38567

Signed-off-by: vramik <vramik@redhat.com>
 2025-04-07 07:05:02 -03:00
Stefan Guilhen
c4c3e2eee6 Allow redirection to idp when user email matches any of the org domains 
Signed-off-by: Stefan Guilhen <sguilhen@redhat.com>
Co-authored-by: Martin Panzer <martin.panzer@active-logistics.com>

Closes #33804
 2025-04-04 11:28:04 -03:00
Vlasta Ramik
18c8308bb4 [FGAP] Remove redundant sentense from fine grained admin permissions docs 
Closes #38677

Signed-off-by: vramik <vramik@redhat.com>
 2025-04-04 09:41:17 +02:00
vramik
f076b99407 FGAP documentation 
Closes #37245

Signed-off-by: vramik <vramik@redhat.com>
 2025-04-03 09:44:32 -03:00
Marek Posolda
6654e56a7c Polish documentation for audience and client scopes (#38484) 
closes #19127

Signed-off-by: mposolda <mposolda@gmail.com>


Co-authored-by: Bruno Oliveira da Silva <bruno@abstractj.com>
Signed-off-by: Marek Posolda <mposolda@gmail.com>
 2025-04-03 08:43:06 +02:00
rmartinc
a10c8119d4 Define a max expiration window for Signed JWT client authentication 
Closes #38576

Signed-off-by: rmartinc <rmartinc@redhat.com>
 2025-04-02 18:32:54 +02:00
Alexander Schwartz
e7474646ee Explicit target for cross-reference 2FA in server admin guide (#38573) 
Closes #38572

Signed-off-by: Alexander Schwartz <aschwart@redhat.com>
 2025-04-01 13:29:30 +02:00
mposolda
cd4e5bc784 Release notes for oid4vci docs 
closes #38485

Signed-off-by: mposolda <mposolda@gmail.com>
 2025-03-29 19:25:24 +01:00
Stefan Guilhen
89d659ee36 Add section about support for federated members in the organization documentation 
Signed-off-by: Stefan Guilhen <sguilhen@redhat.com>

Closes #38471
 2025-03-27 08:03:35 -03:00
Ricardo Martin
a7e63837db Recovery codes documentation (#38407) 
Closes #30702

Signed-off-by: rmartinc <rmartinc@redhat.com>


Co-authored-by: andymunro <48995441+andymunro@users.noreply.github.com>
 2025-03-27 09:59:14 +01:00
Awambeng
27a7a301e7 Add documentation for configuring Keycloak as a VC issuer 
closes #38256

Signed-off-by: Awambeng Rodrick <awambengrodrick@gmail.com>
 2025-03-26 20:50:43 +01:00
Marek Posolda
db23d8e665 Clarify that XOAUTH2 configuration with Microsoft Office365 is community contributed 
Closes #38376

Signed-off-by: mposolda <mposolda@gmail.com>
Signed-off-by: Marek Posolda <mposolda@gmail.com>
Co-authored-by: Alexander Schwartz <alexander.schwartz@gmx.net>
Co-authored-by: andymunro <48995441+andymunro@users.noreply.github.com>
 2025-03-26 15:54:38 +01:00
Sebastian Rose
4fb1c41155 Sending Mails via SMTP and XOAUTH2 authentication mechanism 
Closes #17432

Signed-off-by: Sebastian Rose <sebastian.rose@gmail.com>
 2025-03-21 10:12:18 +01:00
Takashi Norimatsu
eb2153379a DPoP: Refresh token created with DPoP can be refreshed without proof 
closes #36475

Signed-off-by: Takashi Norimatsu <takashi.norimatsu.ws@hitachi.com>
 2025-03-17 12:53:19 +01:00
andymunro
1f6f1571fd update screens for new realm selector 
Closes #37083

Signed-off-by: AndyMunro <amunro@redhat.com>
 2025-03-15 10:54:00 +01:00