upstream/keycloak
1
0
Fork 0
mirror of https://github.com/keycloak/keycloak.git synced 2026-04-10 11:36:22 -04:00
Code Issues Projects Releases Packages Wiki Activity Actions 15
30289 commits 28 branches 303 tags 892 MiB
Commit graph

75 commits

Author SHA1 Message Date
Ricardo Martin
2bd386842a
Step up authentication for saml - preview (#44185) 
Closes #10155


Signed-off-by: rmartinc <rmartinc@redhat.com>
 2026-02-23 19:57:00 +01:00
Alexander Schwartz
15a9a36569
Align formatting of referenced RFCs 
Closes #44246

Signed-off-by: Alexander Schwartz <alexander.schwartz@gmx.net>
Co-authored-by: Stian Thorgersen <stian@redhat.com>
 2025-11-17 21:30:13 +01:00
Chance Coleman
b2317dabdc
Add configurable HTTP retry mechanism for OCSP validation (#42535) 
Closes #42401


Signed-off-by: UnicornChance <chance@defenseunicorns.com>
Signed-off-by: Chance Coleman <139784371+chance-coleman@users.noreply.github.com>
 2025-11-13 13:21:13 +01:00
Alexander Schwartz
7b8626ead5
Make intra-document links work in downstream 
Closes #43544

Signed-off-by: Alexander Schwartz <alexander.schwartz@ibm.com>
 2025-10-17 10:52:58 +02:00
Niko Köbler
236d2f9f62
Add configuration option to automatically add recovery codes action after otp configuration 
closes #41836

Signed-off-by: Niko Köbler <niko@n-k.de>
Signed-off-by: Alexander Schwartz <aschwart@redhat.com>
Co-authored-by: Alexander Schwartz <aschwart@redhat.com>
 2025-08-27 17:56:59 +02:00
Ricardo Martin
ef312b570c
Final changes for passkeys documentation (#41646) 
Closes #41557

Signed-off-by: rmartinc <rmartinc@redhat.com>

Co-authored-by: andymunro <48995441+andymunro@users.noreply.github.com>
Co-authored-by: Marek Posolda <mposolda@gmail.com>
 2025-08-13 09:01:15 +02:00
rmartinc
1f608fae6e Create a new condition for credential type and add it to default flows 
Closes #41354

Signed-off-by: rmartinc <rmartinc@redhat.com>
 2025-07-31 10:14:15 +02:00
Martin Bartoš
57cb321ce0 ExternalLinks are broken in documentation 
Closes #41491

Signed-off-by: Martin Bartoš <mabartos@redhat.com>
 2025-07-30 11:21:11 +02:00
Alexander Schwartz
180745b65f
Fix em-dash in SPI options in the docs 
Closes #41152

Signed-off-by: Alexander Schwartz <aschwart@redhat.com>
Signed-off-by: Alexander Schwartz <alexander.schwartz@gmx.net>
Co-authored-by: Steven Hawkins <shawkins@redhat.com>
 2025-07-16 12:18:09 -03:00
Ricardo Martin
8624101701
Documentation changes for Passkeys (#40728) 
Closes #40705

Signed-off-by: rmartinc <rmartinc@redhat.com>


Co-authored-by: Alexander Schwartz <alexander.schwartz@gmx.net>
Signed-off-by: Ricardo Martin <rmartinc@redhat.com>
 2025-06-27 14:59:46 +02:00
Henrik S.
c952cb66ad
Update authentication flows documentation to match new GUI 
Closes #40514

Signed-off-by: Henrik S. <henrik.strath@volvocars.com>
Signed-off-by: Alexander Schwartz <aschwart@redhat.com>
Co-authored-by: Alexander Schwartz <aschwart@redhat.com>
 2025-06-16 08:24:43 +00:00
Steven Hawkins
76bc9fadcb
fix: adding a -- separator for spi options (#40005) 
* fix: adding a -- separator for spi options

closes: #39063

Signed-off-by: Steve Hawkins <shawkins@redhat.com>

* adding a warning for ambiguous spi options

also adding a note about the change

Signed-off-by: Steve Hawkins <shawkins@redhat.com>
# Conflicts:
#	docs/documentation/upgrading/topics/changes/changes-26_3_0.adoc

* updating docs to the new format

Signed-off-by: Steve Hawkins <shawkins@redhat.com>
# Conflicts:
#	docs/guides/high-availability/examples/generated/keycloak-ispn.yaml
#	docs/guides/high-availability/examples/generated/keycloak.yaml

* internally using the new spi options

also adding a deprecation notice

Signed-off-by: Steve Hawkins <shawkins@redhat.com>

* Apply suggestions from code review

Co-authored-by: Martin Bartoš <mabartos@redhat.com>
Signed-off-by: Steven Hawkins <shawkins@redhat.com>

* correcting options output

adding + + inlining where needed

Signed-off-by: Steve Hawkins <shawkins@redhat.com>

* adding test showing the env mapping with __

Signed-off-by: Steve Hawkins <shawkins@redhat.com>

---------

Signed-off-by: Steve Hawkins <shawkins@redhat.com>
Signed-off-by: Steven Hawkins <shawkins@redhat.com>
Co-authored-by: Martin Bartoš <mabartos@redhat.com>
 2025-06-13 16:13:53 +02:00
Ricardo Martin
b89f8a0225
Documentation changes for the 2FA additions 
Closes #40001

Signed-off-by: rmartinc <rmartinc@redhat.com>
 2025-06-12 09:30:27 +02:00
rmartinc
3c511635ba Skip AIA for webauthn register if a crendential of teh correct type already exists 
Closes #39191

Signed-off-by: rmartinc <rmartinc@redhat.com>
 2025-05-20 18:09:12 +02:00
rmartinc
4730dbdd8d Make recovery codes supported 
Closes #38994

Signed-off-by: rmartinc <rmartinc@redhat.com>
 2025-04-29 10:25:46 +02:00
mposolda
e9283ee71d Documentation for recovery codes (deprecation of password policy and required action config) 
closes #39245

Signed-off-by: mposolda <mposolda@gmail.com>
 2025-04-29 09:29:38 +02:00
Alexander Schwartz
e7474646ee
Explicit target for cross-reference 2FA in server admin guide (#38573) 
Closes #38572

Signed-off-by: Alexander Schwartz <aschwart@redhat.com>
 2025-04-01 13:29:30 +02:00
Ricardo Martin
a7e63837db
Recovery codes documentation (#38407) 
Closes #30702

Signed-off-by: rmartinc <rmartinc@redhat.com>


Co-authored-by: andymunro <48995441+andymunro@users.noreply.github.com>
 2025-03-27 09:59:14 +01:00
andymunro
1f6f1571fd
update screens for new realm selector 
Closes #37083

Signed-off-by: AndyMunro <amunro@redhat.com>
 2025-03-15 10:54:00 +01:00
Giuseppe Graziano
bd807ceac3
Select auth flow via acr using client policies (#36441) 
Closes #24297


Co-authored-by: Ben Cresitello-Dittmar <bcresitellodittmar@mitre.org>
Signed-off-by: Giuseppe Graziano <g.graziano94@gmail.com>
 2025-01-23 19:46:07 +01:00
rmartinc
f89be1813d Check next update time for CRL in certificate validation 
Closes #35983

Signed-off-by: rmartinc <rmartinc@redhat.com>
 2025-01-22 14:58:35 +01:00
rmartinc
17d2dd58ca Add some common headers for the links check in docs 
Closes #36675

Signed-off-by: rmartinc <rmartinc@redhat.com>
 2025-01-22 12:21:29 +01:00
Stian Thorgersen
bc2665fc2a
Re-order items in release notes for 26.1 (#36346) 
* Re-order items in release notes for 26.1

Signed-off-by: stianst <stianst@gmail.com>

* Review (#161)

Signed-off-by: Alexander Schwartz <aschwart@redhat.com>

---------

Signed-off-by: stianst <stianst@gmail.com>
Signed-off-by: Alexander Schwartz <aschwart@redhat.com>
Co-authored-by: Alexander Schwartz <alexander.schwartz@gmx.net>
 2025-01-14 09:21:04 +00:00
Marek Posolda
4ab34f4816
Updating release notes with core-clients contributions and features (#36066) 
closes #35953

Signed-off-by: mposolda <mposolda@gmail.com>


Co-authored-by: andymunro <48995441+andymunro@users.noreply.github.com>
Signed-off-by: Marek Posolda <mposolda@gmail.com>
 2024-12-20 10:15:55 +01:00
Marek Posolda
a3fd076960
Adding ConditionalClientScopeAuthenticator (#36020) 
closes #36081 

Signed-off-by: mposolda <mposolda@gmail.com>


Co-authored-by: andymunro <48995441+andymunro@users.noreply.github.com>
Signed-off-by: Marek Posolda <mposolda@gmail.com>
 2024-12-20 09:53:51 +01:00
Thomas Darimont
3cdbbc5b15
Add support for Initiating User Registration via prompt=create (#10701) (#35903) 
Fixes #10701

Signed-off-by: Thomas Darimont <thomas.darimont@googlemail.com>
 2024-12-16 19:54:52 +01:00
Ricardo Martin
bbca6116b0
Implement a conditional authenticator to check if a sub-flow was executed or not previously in the process (#35668) 
Closes #35231

Signed-off-by: rmartinc <rmartinc@redhat.com>


Co-authored-by: Marek Posolda <mposolda@gmail.com>
Co-authored-by: andymunro <48995441+andymunro@users.noreply.github.com>
 2024-12-12 11:16:30 +01:00
Alexander Schwartz
b98cd12b58 Changing mis-formatted definition list of hashing algorithms to a table 
Closes #35416

Signed-off-by: Alexander Schwartz <aschwart@redhat.com>
 2024-12-02 15:05:05 -03:00
Cornelius Roemer
29abfd3e89 Fix typos in *.md and *.adoc files using codespell interactive mode 
Closes #35256

This PR fixes a bunch of typos in docs files.

I ran codespell on `*.adoc` and `*.md` files in the repo in interactive mode
carefully checking each identified typo and proposed fix for false positives.

The most widely read file with typos identified is likely the changelog/migration guide.

Signed-off-by: Cornelius Roemer <cornelius.roemer@gmail.com>
 2024-11-25 08:21:26 +01:00
AndyMunro
e2d221c4bd Address QE comments on Server Admin Guide 
Closes #34916

Signed-off-by: AndyMunro <amunro@redhat.com>
 2024-11-22 10:20:18 +01:00
Ricardo Martin
ca1c10f7ba
Use short UUID for ldap components (#34815) 
Closes #32143

Signed-off-by: rmartinc <rmartinc@redhat.com>
 2024-11-15 15:15:04 +01:00
Alexander Schwartz
d4991ce56f Fix server guide cross-references for downstream docs 
Closes #31947

Signed-off-by: Alexander Schwartz <aschwart@redhat.com>
 2024-08-13 14:51:01 -03:00
rmartinc
942d5d0aa3 Convert chapter planning for securing applications and services to guides 
Final removal of the securing_apps documentation
Final checks for links, order and other minor things
Closes #31328

Signed-off-by: rmartinc <rmartinc@redhat.com>
 2024-08-01 16:45:56 +02:00
Giuseppe Graziano
c3019fb2d3
Move oidc documentation to guides (#31627) 
Closes #31329

Signed-off-by: Giuseppe Graziano <g.graziano94@gmail.com>
 2024-07-30 09:46:14 +02:00
Pedro Igor
f4b1a5ca88 Updating docs 
Signed-off-by: Pedro Igor <pigor.craveiro@gmail.com>
 2024-07-24 15:12:16 -03:00
Maciej Mierzwa
97e89e2071 feature: password age in days policy 
Closes #30210

Signed-off-by: Maciej Mierzwa <dev.maciej.mierzwa@gmail.com>
 2024-07-24 15:12:16 -03:00
Douglas Palmer
54f4ab50f0 Broken external links 
Closes #30717

Signed-off-by: Douglas Palmer <dpalmer@redhat.com>
 2024-06-25 09:55:50 +02:00
CARBONNEAUX Mathieu
acf79b81c7
add RS256 algorithm to webauthn default policy (#30528) 
closes #28020 

Signed-off-by: Mathieu CARBONNEAUX <mathieu.carbonneaux@ch2o.info>
 2024-06-19 10:16:46 +02:00
Marek Posolda
79c8c80058
Example for X.509 direct grant flow authentication (#30203) 
closes #29639

Signed-off-by: mposolda <mposolda@gmail.com>


Co-authored-by: andymunro <48995441+andymunro@users.noreply.github.com>
 2024-06-06 11:58:09 +02:00
Marek Posolda
336b2c875f
Update release notes for Keycloak 25 (#29894) 
closes #29576

Signed-off-by: mposolda <mposolda@gmail.com>


Co-authored-by: andymunro <48995441+andymunro@users.noreply.github.com>
 2024-05-29 14:19:17 +02:00
Marek Posolda
6dc28bc7b5
Clarify the documentation about step-up authentication (#29735) 
closes #28341

Signed-off-by: mposolda <mposolda@gmail.com>


Co-authored-by: andymunro <48995441+andymunro@users.noreply.github.com>
 2024-05-21 19:46:27 +02:00
mposolda
bbd4b60163 Update documentation after adapters removal 
closes #28792

Signed-off-by: mposolda <mposolda@gmail.com>
 2024-05-21 09:34:48 +02:00
Takashi Norimatsu
b4e7d9b1aa
Passkeys: Supporting WebAuthn Conditional UI (#24305) 
closes #24264

Signed-off-by: Takashi Norimatsu <takashi.norimatsu.ws@hitachi.com>
Signed-off-by: mposolda <mposolda@gmail.com>


Co-authored-by: mposolda <mposolda@gmail.com>
 2024-05-16 07:58:43 +02:00
Dimitri Papadopoulos Orfanos
9db1443367
Fix typos found by codespell in docs (#28890) 
Run `chmod -x` on files that need not be executable.

Signed-off-by: Dimitri Papadopoulos <3234522+DimitriPapadopoulos@users.noreply.github.com>
Signed-off-by: Alexander Schwartz <aschwart@redhat.com>
Co-authored-by: Alexander Schwartz <aschwart@redhat.com>
 2024-05-03 12:41:16 +00:00
Alexander Schwartz
5b4a69a6e9 Limit the concurrency of password hashing to the number of CPU cores available 
Closes #28477

Signed-off-by: Alexander Schwartz <aschwart@redhat.com>
 2024-04-15 15:05:09 +02:00
Christopher Miles
1646315939 Deny list lower cases all passwords when loading from file 
Closes #28381

We always lower case the inbound password before comparing against the deny list
yet the deny list may contain passwords that contain upper case letters. With
this change we will now convert passwords from the deny list into lower case
while loading, ensuring that more passwords match the deny list.

Signed-off-by: Christopher Miles <twitch@nervestaple.com>
 2024-04-15 08:49:37 +02:00
Marek Posolda
13daaa55ba
Documentation for changes related to 'You are already logged in' scen… (#28595) 
closes #27879

Signed-off-by: mposolda <mposolda@gmail.com>


Co-authored-by: andymunro <48995441+andymunro@users.noreply.github.com>
 2024-04-11 08:18:41 +02:00
Stian Thorgersen
c3a98ae387
Use Argon2 as default password hashing algorithm (#28162) 
Closes #28161

Signed-off-by: stianst <stianst@gmail.com>
 2024-03-22 13:04:14 +00:00
Stian Thorgersen
cae92cbe8c
Argon2 password hashing provider (#28031) 
Closes #28030

Signed-off-by: stianst <stianst@gmail.com>
 2024-03-22 07:08:09 +01:00
AndyMunro
d61b1ddb09 Edit use of Keycloak in Server Admin Guide 
Closes #27955

Signed-off-by: AndyMunro <amunro@redhat.com>
 2024-03-18 09:51:55 +01:00