upstream/keycloak
1
0
Fork 0
mirror of https://github.com/keycloak/keycloak.git synced 2026-04-23 15:17:16 -04:00
Code Issues Projects Releases Packages Wiki Activity Actions 15
30289 commits 31 branches 304 tags 885 MiB
Commit graph

65 commits

Author SHA1 Message Date
Giuseppe Graziano
ebfc294c85
Executor for client uris pattern validation (#46300)
Some checks failed
Weblate Sync / Trigger Weblate to pull the latest changes (push) Has been cancelled
Details 
Closes #45645

Signed-off-by: Giuseppe Graziano <g.graziano94@gmail.com>
 2026-02-24 16:26:00 +01:00
Ricardo Martin
2bd386842a
Step up authentication for saml - preview (#44185) 
Closes #10155


Signed-off-by: rmartinc <rmartinc@redhat.com>
 2026-02-23 19:57:00 +01:00
rmartinc
c63f54ba3a Client policy executor to allow extra audiences for JWT authorization grant 
Closes #45180

Signed-off-by: rmartinc <rmartinc@redhat.com>
 2026-02-03 13:39:31 +01:00
Tero Saarni
cb4c533464
Add support for looking up client secrets via Vault SPI (#39650) 
Fixes #13102


Signed-off-by: Tero Saarni <tero.saarni@est.tech>
 2026-01-28 16:45:30 +01:00
Giuseppe Graziano
23aad2a942
DPoP Guide (#45274) 
Closes #42747

Signed-off-by: Giuseppe Graziano <g.graziano94@gmail.com>
 2026-01-13 11:01:28 +01:00
mposolda
1273c8db0e DCR endpoint ignores client's requested token_endpoint_auth_method in case it is client_secret_post 
closes #44403

Signed-off-by: mposolda <mposolda@gmail.com>
 2026-01-12 09:54:04 +01:00
rmartinc
c9686cc040 Documentation for JWT Authorization Grant 
Closes #44136

Signed-off-by: rmartinc <rmartinc@redhat.com>
 2025-12-09 12:13:21 +01:00
Sebastian Łaskawiec
aa789dd023 Logout confirmation 
Signed-off-by: Sebastian Łaskawiec <sebastian.laskawiec@gmail.com>
 2025-11-28 14:24:32 +01:00
Ricardo Martin
de49500393
Client policy to enforce only downscoping in Token Exchange (#44030) 
Closes #43931

Signed-off-by: rmartinc <rmartinc@redhat.com>
 2025-11-12 08:48:42 +01:00
mposolda
c2e49c8c59 'Service accounts roles' should be 'Service account roles' 
closes #43087

Signed-off-by: mposolda <mposolda@gmail.com>
 2025-10-10 11:25:37 +02:00
mposolda
389314a65e Typo in the latest documentation 
closes #42918

Signed-off-by: mposolda <mposolda@gmail.com>
 2025-09-24 17:23:52 +02:00
Marek Posolda
e09ce9e18d
Documentation update for DPoP (#42865) 
closes #42728


Signed-off-by: mposolda <mposolda@gmail.com>
Signed-off-by: Marek Posolda <mposolda@gmail.com>
Co-authored-by: andymunro <48995441+andymunro@users.noreply.github.com>
 2025-09-24 10:00:23 +02:00
rmartinc
2015e08e38 Move DPoP option to the capability section in the admin UI 
Closes #42746

Signed-off-by: rmartinc <rmartinc@redhat.com>
 2025-09-22 17:27:48 +02:00
stianst
fb83a8ba09 Documentation for federated client authentication 
Closes #42721

Signed-off-by: stianst <stianst@gmail.com>
 2025-09-19 11:54:03 +01:00
Marek Posolda
d9d19791a4
Clarifying OIDC logout documentation. Removing obsolete unused docs p… (#42636) 
closes #41792


Signed-off-by: mposolda <mposolda@gmail.com>
Signed-off-by: Marek Posolda <mposolda@gmail.com>
Co-authored-by: andymunro <48995441+andymunro@users.noreply.github.com>
 2025-09-16 17:37:42 +02:00
Ricardo Martin
a2acdda535
Automatic download and cache of the SAML client public keys (#41947) 
Closes #17028

Signed-off-by: rmartinc <rmartinc@redhat.com>
 2025-09-16 13:07:33 +02:00
rmartinc
e0bba39da0 Allow configure encryption details for SAML clients 
Closes #40933

Signed-off-by: rmartinc <rmartinc@redhat.com>
 2025-07-18 20:13:40 +02:00
mposolda
b03b9f9e3a Improve documentation of service-accounts and make it more clear. Delete the unused file service-accounts.adoc 
closes #39748

Signed-off-by: mposolda <mposolda@gmail.com>
 2025-06-05 08:45:12 +02:00
vramik
f076b99407 FGAP documentation 
Closes #37245

Signed-off-by: vramik <vramik@redhat.com>
 2025-04-03 09:44:32 -03:00
Marek Posolda
6654e56a7c
Polish documentation for audience and client scopes (#38484) 
closes #19127

Signed-off-by: mposolda <mposolda@gmail.com>


Co-authored-by: Bruno Oliveira da Silva <bruno@abstractj.com>
Signed-off-by: Marek Posolda <mposolda@gmail.com>
 2025-04-03 08:43:06 +02:00
rmartinc
a10c8119d4 Define a max expiration window for Signed JWT client authentication 
Closes #38576

Signed-off-by: rmartinc <rmartinc@redhat.com>
 2025-04-02 18:32:54 +02:00
Takashi Norimatsu
eb2153379a
DPoP: Refresh token created with DPoP can be refreshed without proof 
closes #36475

Signed-off-by: Takashi Norimatsu <takashi.norimatsu.ws@hitachi.com>
 2025-03-17 12:53:19 +01:00
Marek Posolda
290905c9cf
Documentation for supported token-exchange (#38008) 
closes #37126

Signed-off-by: Marek Posolda <mposolda@gmail.com>


Co-authored-by: Bruno Oliveira da Silva <bruno@abstractj.com>
Co-authored-by: andymunro <48995441+andymunro@users.noreply.github.com>
 2025-03-14 09:55:44 +01:00
Giuseppe Graziano
690b5ecb25
Grant Type condition for client policies (#37665) 
Closes #37124

Signed-off-by: Giuseppe Graziano <g.graziano94@gmail.com>
 2025-02-27 11:51:06 +01:00
Giuseppe Graziano
bd807ceac3
Select auth flow via acr using client policies (#36441) 
Closes #24297


Co-authored-by: Ben Cresitello-Dittmar <bcresitellodittmar@mitre.org>
Signed-off-by: Giuseppe Graziano <g.graziano94@gmail.com>
 2025-01-23 19:46:07 +01:00
Jan Verhaeghe
56246096e0
Align on one realm-name placeholder 
Closes #36047

Signed-off-by: Jan Verhaeghe <jan@hwfaq.be>
 2024-12-19 13:48:18 +00:00
AndyMunro
e2d221c4bd Address QE comments on Server Admin Guide 
Closes #34916

Signed-off-by: AndyMunro <amunro@redhat.com>
 2024-11-22 10:20:18 +01:00
Simon Levermann
dcf1d83199
Enable enforcement of a minimum ACR at the client level (#16884) (#33205) 
closes #16884 

Signed-off-by: Simon Levermann <github@simon.slevermann.de>
 2024-10-21 13:54:02 +02:00
mposolda
dbcb3151a9 Align admin console for client for backchannel and frontchannel logout 
closes #10138

Signed-off-by: mposolda <mposolda@gmail.com>

Co-authored-by: Erik Jan de Wit <edewit@redhat.com>
Signed-off-by: Marek Posolda <mposolda@gmail.com>
 2024-10-21 11:32:03 +02:00
Yoshiyuki Tabata
cb6eb187ac Client Policy - Condition : Client - Client Attribute 
Closes https://github.com/keycloak/keycloak/issues/31766

Signed-off-by: Yoshiyuki Tabata <yoshiyuki.tabata.jy@hitachi.com>
 2024-08-14 09:56:56 +02:00
rmartinc
942d5d0aa3 Convert chapter planning for securing applications and services to guides 
Final removal of the securing_apps documentation
Final checks for links, order and other minor things
Closes #31328

Signed-off-by: rmartinc <rmartinc@redhat.com>
 2024-08-01 16:45:56 +02:00
rmartinc
b07b120f2a Convert chapter client registration CLI from securing apps into guides 
Closes #31333

Signed-off-by: rmartinc <rmartinc@redhat.com>
 2024-07-30 18:30:46 +02:00
Giuseppe Graziano
c3019fb2d3
Move oidc documentation to guides (#31627) 
Closes #31329

Signed-off-by: Giuseppe Graziano <g.graziano94@gmail.com>
 2024-07-30 09:46:14 +02:00
rmartinc
9f2eddead8 Re-add notes about not supporting DPoP and holder-of-key in the remaining adapters 
Closes #30874

Signed-off-by: rmartinc <rmartinc@redhat.com>
 2024-07-24 11:55:47 +02:00
rmartinc
e80c3fee9b Change link to https://github.com/eclipse/microprofile/wiki/JWT_Auth 
Closes #31219

Signed-off-by: rmartinc <rmartinc@redhat.com>
 2024-07-11 18:03:57 +02:00
Marek Posolda
193439788e
Release notes for support application/jwt response in token introspec… (#30105) 
closes #30104

Signed-off-by: mposolda <mposolda@gmail.com>


Co-authored-by: andymunro <48995441+andymunro@users.noreply.github.com>
 2024-06-04 06:49:13 +02:00
Marek Posolda
336b2c875f
Update release notes for Keycloak 25 (#29894) 
closes #29576

Signed-off-by: mposolda <mposolda@gmail.com>


Co-authored-by: andymunro <48995441+andymunro@users.noreply.github.com>
 2024-05-29 14:19:17 +02:00
mposolda
bbd4b60163 Update documentation after adapters removal 
closes #28792

Signed-off-by: mposolda <mposolda@gmail.com>
 2024-05-21 09:34:48 +02:00
Ricardo Martin
fc6b6f0d94
Perform exact string match if redirect URI contains userinfo, encoded slashes or parent access (#131) (#28872) 
Closes keycloak/keycloak-private#113
Closes keycloak/keycloak-private#134

Signed-off-by: rmartinc <rmartinc@redhat.com>
Co-authored-by: Stian Thorgersen <stianst@gmail.com>
 2024-04-18 16:02:24 +02:00
Marek Posolda
e6747bfd23
Adjust priority of SubMapper (#28663) 
closes #28661


Co-authored-by: andymunro <48995441+andymunro@users.noreply.github.com>
 2024-04-12 14:13:03 +02:00
Giuseppe Graziano
c76cbc94d8 Add sub via protocol mapper to access token 
Closes #21185

Signed-off-by: Giuseppe Graziano <g.graziano94@gmail.com>
 2024-04-10 10:40:42 +02:00
Giuseppe Graziano
b4f791b632 Remove session_state from tokens 
Closes #27624

Signed-off-by: Giuseppe Graziano <g.graziano94@gmail.com>
 2024-04-08 08:12:51 +02:00
Giuseppe Graziano
fe06df67c2 New default client scope for 'basic' claims with 'auth_time' protocol mapper 
Closes #27623

Signed-off-by: Giuseppe Graziano <g.graziano94@gmail.com>
 2024-04-02 08:44:28 +02:00
Alexander Schwartz
4b697009d3
Clean up feature IDs in the docs (#27418) 
Closes #27416

Signed-off-by: Alexander Schwartz <aschwart@redhat.com>
 2024-03-06 12:32:06 +01:00
Marek Posolda
8dd0eb451d
Additional release notes for Keycloak 24 (#27339) 
closes #27142

Signed-off-by: mposolda <mposolda@gmail.com>


Co-authored-by: andymunro <48995441+andymunro@users.noreply.github.com>
 2024-02-29 08:43:22 +01:00
Takashi Norimatsu
1e12b15890 Supporting OAuth 2.1 for public clients 
closes #25316

Co-authored-by: shigeyuki kabano <shigeyuki.kabano.sj@hitachi.com>
Signed-off-by: Takashi Norimatsu <takashi.norimatsu.ws@hitachi.com>
 2024-02-22 10:57:29 +01:00
Takashi Norimatsu
9ea679ff35 Supporting OAuth 2.1 for confidential clients 
closes #25314

Co-authored-by: shigeyuki kabano <shigeyuki.kabano.sj@hitachi.com>
Signed-off-by: Takashi Norimatsu <takashi.norimatsu.ws@hitachi.com>
 2024-02-22 08:34:21 +01:00
Takashi Norimatsu
1bdbaa2ca5 Client policies: executor for validate and match a redirect URI 
closes #25637

Signed-off-by: Takashi Norimatsu <takashi.norimatsu.ws@hitachi.com>
 2024-02-20 08:37:33 +01:00
Joshua Sorah
018914d7fd Change Open ID Connect to OpenID Connect in UI and docs 
Closes #27093

Signed-off-by: Joshua Sorah <jsorah@redhat.com>
 2024-02-19 17:01:57 +01:00
mposolda
56a605fae7 Documentation for SuppressRefreshTokenRotationExecutor 
closes #26587

Signed-off-by: mposolda <mposolda@gmail.com>

Co-authored-by: andymunro <48995441+andymunro@users.noreply.github.com>
 2024-02-01 17:18:50 +01:00