mirror/keycloak
1
0
Fork 0
mirror of https://github.com/keycloak/keycloak.git synced 2026-05-04 22:21:01 -05:00
Code Issues Packages Projects Releases Wiki Activity
29,014 Commits 33 Branches 304 Tags
d225bce21f62fbbc95f7535d95f00a1923069716
Commit Graph

331 Commits

Author SHA1 Message Date
Bagautdino d225bce21f feat(FGAPv2): introduce RESET_PASSWORD scope and evaluation 
- Add RESET_PASSWORD to AdminPermissionsSchema.USERS
- Require RESET_PASSWORD in UserResource.resetPassword()
- Expose canResetPassword()/requireResetPassword()
- Implement FGAP v2 deny-overrides + secure-by-default + optional fallback
- Include access.resetPassword for Admin Console

Closes #41901

Co-authored-by: Pedro Igor <pigor.craveiro@gmail.com>
Signed-off-by: Bagautdino <336373@edu.itmo.ru>
 2025-09-03 15:10:56 -03:00
Pedro Ruivo 935caa97ea Disable peristent user session batching 
Closes #41662

Signed-off-by: Pedro Ruivo <1492066+pruivo@users.noreply.github.com>
Signed-off-by: Alexander Schwartz <aschwart@redhat.com>
Co-authored-by: Pedro Ruivo <1492066+pruivo@users.noreply.github.com>
Co-authored-by: Alexander Schwartz <aschwart@redhat.com>
 2025-09-01 14:33:21 +00:00
Sebastian Łaskawiec 4c0f071d45 Upgrade Prep doc polishing 
Closes #41898

Signed-off-by: Sebastian Łaskawiec <sebastian.laskawiec@defenseunicorns.com>
 2025-08-21 13:19:59 +02:00
Ricardo Martin 46e990b7a7 Check for non-ascii local part on emails depending on SMTP configuration 
Closes #41994

Signed-off-by: rmartinc <rmartinc@redhat.com>
 2025-08-21 08:16:47 +00:00
Steven Hawkins b6f039a4cc fix: adding a default for ldap connection timeout (#41726) 
closes: #39299

Signed-off-by: Steve Hawkins <shawkins@redhat.com>
Signed-off-by: Steven Hawkins <shawkins@redhat.com>
 2025-08-19 16:43:42 +00:00
Sebastian Łaskawiec 988bf9cb0b WelcomeResource do not create temporary admins (#41416) 
Signed-off-by: Sebastian Łaskawiec <sebastian.laskawiec@defenseunicorns.com>
 2025-08-18 17:31:26 +02:00
Ryan Emerson 168d9cc090 Simplify Cache Configuration file by removing built-in cache configurations 
Closes #41559

Signed-off-by: Ryan Emerson <remerson@ibm.com>
Signed-off-by: Alexander Schwartz <aschwart@redhat.com>
Co-authored-by: Alexander Schwartz <aschwart@redhat.com>
 2025-08-15 16:16:56 +00:00
Ricardo Martin 949ef35a3b Allow and control sending UTF-8 emails in the default email sender impl 
Closes #41023

Signed-off-by: rmartinc <rmartinc@redhat.com>
Signed-off-by: Alexander Schwartz <aschwart@redhat.com>
Co-authored-by: Alexander Schwartz <aschwart@redhat.com>
 2025-08-15 10:43:38 +00:00
Moshie Samuel 6958f57f0a add configurable cooldown for email resend in VerifyEmail 
Closes #41331

Signed-off-by: Moshie Samuel <moshie.samuel@gmail.com>
Signed-off-by: moshiem <moshiem@hardcorebiometric.com>
Signed-off-by: Alexander Schwartz <aschwart@redhat.com>
Co-authored-by: moshiem <moshiem@hardcorebiometric.com>
Co-authored-by: Alexander Schwartz <aschwart@redhat.com>
 2025-08-15 07:31:00 +02:00
Alexander Schwartz 7629b7dc53 Show required fields when configuring protocol mappers 
Closes #40619

Signed-off-by: Alexander Schwartz <aschwart@redhat.com>
 2025-08-15 07:28:45 +02:00
Dmytro Filipenko bd5818c4c8 Add HTML5 attributes to prevent password manager interference with OTP 
* Closes #41831

Signed-off-by: dmfilipenko <wind.fd@gmail.com>
Signed-off-by: Alexander Schwartz <aschwart@redhat.com>
Co-authored-by: Alexander Schwartz <aschwart@redhat.com>
 2025-08-14 07:45:53 +00:00
Peter Skopek 651d651c30 Add missing artifact descriptions to allow Maven Central Portal Publisher pass validation process. (#40822) 
Signed-off-by: Peter Skopek <pskopek@redhat.com>
 2025-08-12 16:50:17 +02:00
Ryan Emerson a2fe32617c Default to stretched clusters on Kubernetes when possible 
Closes #41666

Signed-off-by: Ryan Emerson <remerson@ibm.com>
 2025-08-08 08:09:04 +02:00
mposolda 3cc8808465 Wrap deprecated passkeys authenticator behind the feature 
closes #40696

Signed-off-by: mposolda <mposolda@gmail.com>
 2025-08-01 16:48:57 +02:00
Alexander Schwartz e1b3afb686 Refresh token for an OAuth2 based IDP when retrieving the IDP token 
Closes #14644

Signed-off-by: Alexander Schwartz <aschwart@redhat.com>
 2025-07-31 11:11:34 +02:00
Oliver 27cd19e68e add index for user_id and type on event_entity 
Closes #26995

Signed-off-by: Oliver Cremerius <antikalk@users.noreply.github.com>
Signed-off-by: Alexander Schwartz <aschwart@redhat.com>
Co-authored-by: Alexander Schwartz <aschwart@redhat.com>
 2025-07-30 20:52:48 +00:00
Martin Bartoš 57cb321ce0 ExternalLinks are broken in documentation 
Closes #41491

Signed-off-by: Martin Bartoš <mabartos@redhat.com>
 2025-07-30 11:21:11 +02:00
秉虎 d2e9b09ebc Migrate to zh-Hant / zh-Hans for Chinese language 
Closes: #41239

Signed-off-by: 秉虎 <s96016641@gmail.com>
Signed-off-by: Allen <s96016641@gmail.com>
Signed-off-by: Alexander Schwartz <aschwart@redhat.com>
Co-authored-by: Alexander Schwartz <aschwart@redhat.com>
 2025-07-28 11:47:55 +02:00
Alexander Schwartz 7fd3380b19 OpenTelemetry Tracing: Visualize JGroups communication (#39659) 
Closes #39658

Signed-off-by: Alexander Schwartz <aschwart@redhat.com>
 2025-07-22 11:51:58 +02:00
rmartinc e0bba39da0 Allow configure encryption details for SAML clients 
Closes #40933

Signed-off-by: rmartinc <rmartinc@redhat.com>
 2025-07-18 20:13:40 +02:00
Martin Kanis 85b494ec51 Review and update the documentation regarding the UPDATE EMAIL feature 
Closes #40226

Signed-off-by: Martin Kanis <mkanis@redhat.com>
 2025-07-17 15:27:09 +00:00
Alexander Schwartz 180745b65f Fix em-dash in SPI options in the docs 
Closes #41152

Signed-off-by: Alexander Schwartz <aschwart@redhat.com>
Signed-off-by: Alexander Schwartz <alexander.schwartz@gmx.net>
Co-authored-by: Steven Hawkins <shawkins@redhat.com>
 2025-07-16 12:18:09 -03:00
Pedro Ruivo 9322d71d61 UserSession Offline removed from DB if not in cache 
Fixes #40754

Signed-off-by: Pedro Ruivo <pruivo@redhat.com>
Signed-off-by: Alexander Schwartz <alexander.schwartz@gmx.net>
Co-authored-by: Alexander Schwartz <alexander.schwartz@gmx.net>
 2025-07-07 20:52:06 +02:00
Alexis Rico c834e7473c Fix typo in consent scope) 
* Deprecate `displayTest`

Closes #40786

Signed-off-by: Alexis Rico <sferadev@gmail.com>
Signed-off-by: Alexander Schwartz <aschwart@redhat.com>
Co-authored-by: Alexander Schwartz <aschwart@redhat.com>
 2025-07-07 16:38:47 +00:00
Ryan Emerson eb7ce6ae15 Provide CLI Parameters for jgroups.* options 
Closes #40481

Signed-off-by: Ryan Emerson <remerson@redhat.com>
 2025-07-07 13:07:45 +02:00
Alexander Schwartz 05d0c34681 Automatically connect to a writer instance of PostgreSQL (#40384) 
Closes #40383

Signed-off-by: Alexander Schwartz <alexander.schwartz@gmx.net>
Co-authored-by: Václav Muzikář <vaclav@muzikari.cz>
Co-authored-by: Martin Bartoš <mabartos@redhat.com>
 2025-07-04 16:46:49 +02:00
Michael-AT-Corporation ff9e7c2371 Added new searchByAttributes function to UsersResource with the exact parameter 
Closes #39609

Signed-off-by: Michael-AT-Corporation <michael-hu@ooutlook.de>
 2025-07-03 13:51:46 -03:00
Martin Bartoš b8ce83772b Mark options for additional datasources as preview (#40839) 
* Mark options for additional datasources as preview

Closes #40838

Signed-off-by: Martin Bartoš <mabartos@redhat.com>

* Update docs/documentation/upgrading/topics/changes/changes-26_3_1.adoc

Co-authored-by: Václav Muzikář <vaclav@muzikari.cz>
Signed-off-by: Martin Bartoš <mabartos@redhat.com>

---------

Signed-off-by: Martin Bartoš <mabartos@redhat.com>
Co-authored-by: Václav Muzikář <vaclav@muzikari.cz>
 2025-07-02 10:46:45 +00:00
Pedro Igor 2a9f4336c3 Updating upgrading guide about changes in user-profile-commons.ftl template 
Closes #39562

Signed-off-by: Pedro Igor <pigor.craveiro@gmail.com>
 2025-07-01 13:11:23 +02:00
Ricardo Martin 8624101701 Documentation changes for Passkeys (#40728) 
Closes #40705

Signed-off-by: rmartinc <rmartinc@redhat.com>


Co-authored-by: Alexander Schwartz <alexander.schwartz@gmx.net>
Signed-off-by: Ricardo Martin <rmartinc@redhat.com>
 2025-06-27 14:59:46 +02:00
Alexander Schwartz 7e2a38ae4c Move section in the upgrading guide 
Closes #39063

Signed-off-by: Alexander Schwartz <aschwart@redhat.com>
 2025-06-27 13:25:25 +02:00
Martin Bartoš d475c5aecc Missing Quarkus flag for Syslog counting framing (#40621) 
* Missing Quarkus flag for Syslog counting framing

Closes #39893

Signed-off-by: Martin Bartoš <mabartos@redhat.com>

* Remove handling of mapFrom

Signed-off-by: Martin Bartoš <mabartos@redhat.com>

* Add notable change

Signed-off-by: Martin Bartoš <mabartos@redhat.com>

---------

Signed-off-by: Martin Bartoš <mabartos@redhat.com>
 2025-06-25 17:36:41 +02:00
Steven Hawkins a50d15be05 fix: refining breaking behavior (#40697) 
closes: #39063

Signed-off-by: Steve Hawkins <shawkins@redhat.com>
 2025-06-25 17:28:00 +02:00
rmartinc 86f0a7864f Disable email verification when email manually changed by idp review 
Closes #40446

Signed-off-by: rmartinc <rmartinc@redhat.com>
 2025-06-25 08:56:03 +02:00
Pedro Ruivo f4d5fa68c1 Update documentation about volatile sessions 
Closes #40639

Signed-off-by: Pedro Ruivo <pruivo@redhat.com>
Signed-off-by: Alexander Schwartz <aschwart@redhat.com>
Co-authored-by: Alexander Schwartz <aschwart@redhat.com>
 2025-06-20 16:45:22 +00:00
Alexander Schwartz c4eafcf2ae Rework AsciiDoc warnings 
Closes #40445

Signed-off-by: Alexander Schwartz <alexander.schwartz@gmx.net>
 2025-06-18 14:57:39 +02:00
Alexander Schwartz 872a56f237 Reworking the release notes for the upcoming release 
Closes #40547
Signed-off-by: Alexander Schwartz <aschwart@redhat.com>
Signed-off-by: Alexander Schwartz <alexander.schwartz@gmx.net>
Co-authored-by: Pedro Ruivo <pruivo@users.noreply.github.com>
 2025-06-18 10:45:31 +02:00
Alexander Schwartz 61586ff328 Disabling persistent sessions affects also offline session cache 
Closes #40483

Signed-off-by: Alexander Schwartz <alexander.schwartz@gmx.net>
Signed-off-by: Alexander Schwartz <aschwart@redhat.com>
 2025-06-17 08:02:28 +00:00
Ryan Emerson 78f575b53b Default to num_owners=2 when the persistent-user-sessions feature is disabled 
Closes #39429
Closes #40472

Signed-off-by: Ryan Emerson <remerson@redhat.com>
 2025-06-16 09:43:39 +02:00
Steven Hawkins 76bc9fadcb fix: adding a -- separator for spi options (#40005) 
* fix: adding a -- separator for spi options

closes: #39063

Signed-off-by: Steve Hawkins <shawkins@redhat.com>

* adding a warning for ambiguous spi options

also adding a note about the change

Signed-off-by: Steve Hawkins <shawkins@redhat.com>
# Conflicts:
#	docs/documentation/upgrading/topics/changes/changes-26_3_0.adoc

* updating docs to the new format

Signed-off-by: Steve Hawkins <shawkins@redhat.com>
# Conflicts:
#	docs/guides/high-availability/examples/generated/keycloak-ispn.yaml
#	docs/guides/high-availability/examples/generated/keycloak.yaml

* internally using the new spi options

also adding a deprecation notice

Signed-off-by: Steve Hawkins <shawkins@redhat.com>

* Apply suggestions from code review

Co-authored-by: Martin Bartoš <mabartos@redhat.com>
Signed-off-by: Steven Hawkins <shawkins@redhat.com>

* correcting options output

adding + + inlining where needed

Signed-off-by: Steve Hawkins <shawkins@redhat.com>

* adding test showing the env mapping with __

Signed-off-by: Steve Hawkins <shawkins@redhat.com>

---------

Signed-off-by: Steve Hawkins <shawkins@redhat.com>
Signed-off-by: Steven Hawkins <shawkins@redhat.com>
Co-authored-by: Martin Bartoš <mabartos@redhat.com>
 2025-06-13 16:13:53 +02:00
Martin Bartoš 21bd46cb18 Add templates for release notes and migration guide 
Closes #40441

Signed-off-by: Martin Bartoš <mabartos@redhat.com>
 2025-06-12 11:38:06 +02:00
Alexander Schwartz 0b3950529e Re-sort the release notes and upgrading guide (#40424) 
Closes #40422

Signed-off-by: Alexander Schwartz <aschwart@redhat.com>
Signed-off-by: Alexander Schwartz <alexander.schwartz@gmx.net>
Co-authored-by: Michal Hajas <mhajas@redhat.com>
 2025-06-12 10:25:42 +02:00
Ricardo Martin b89f8a0225 Documentation changes for the 2FA additions 
Closes #40001

Signed-off-by: rmartinc <rmartinc@redhat.com>
 2025-06-12 09:30:27 +02:00
Ryan Emerson 0c62bd0878 Change discovery in Kubernetes to jdbc-ping 
Closes #39544

Signed-off-by: Ryan Emerson <remerson@redhat.com>
 2025-06-05 16:48:30 +02:00
rmartinc abd7f88526 Make the checkbox "Sign out from other devices" unchecked by default 
Closes #39975

Signed-off-by: rmartinc <rmartinc@redhat.com>
 2025-06-04 14:11:29 +02:00
Alexander Schwartz 2b2d7bbcbe Updated documentation to handle the conf folder on upgrades (#40175) 
Closes #40046
Signed-off-by: Alexander Schwartz <aschwart@redhat.com>
 2025-06-03 16:14:11 +02:00
Pedro Igor 7cc055f8a6 Verify brokered user email based on the email_verified claim from the ID Token returned by the OP 
Closes #39885

Signed-off-by: Pedro Igor <pigor.craveiro@gmail.com>
 2025-05-29 10:45:18 -03:00
Pedro Igor b22b1f298c Adding parameter to control whether the count of subgroups of subgroups should be returned 
Closes #39668

Signed-off-by: Pedro Igor <pigor.craveiro@gmail.com>
 2025-05-22 11:15:38 -03:00
Kai J. Witt c76bb0683c Make max auth age configurable for all required actions by default 
Moved the current configuration implementation for the update password

Closes #39408

Signed-off-by: Kai Josef Witt <KWitt@vhv.de>
Signed-off-by: Marek Posolda <mposolda@gmail.com>
Co-authored-by: Kai Josef Witt <KWitt@vhv.de>
Co-authored-by: Marek Posolda <mposolda@gmail.com>
 2025-05-15 08:44:38 +02:00
Douglas Palmer 64cb66f451 Inconsistency in User enabled status in Rest query results. 
Closes #39549 #28713

Signed-off-by: Douglas Palmer <dpalmer@redhat.com>
 2025-05-14 20:10:14 +02:00