upstream/keycloak
1
0
Fork 0
mirror of https://github.com/keycloak/keycloak.git synced 2026-02-03 20:39:33 -05:00
Code Issues Projects Releases Packages Wiki Activity Actions 5
29040 commits 23 branches 291 tags 855 MiB
Commit graph

1334 commits

Author SHA1 Message Date
Bagautdino
d225bce21f feat(FGAPv2): introduce RESET_PASSWORD scope and evaluation 
- Add RESET_PASSWORD to AdminPermissionsSchema.USERS
- Require RESET_PASSWORD in UserResource.resetPassword()
- Expose canResetPassword()/requireResetPassword()
- Implement FGAP v2 deny-overrides + secure-by-default + optional fallback
- Include access.resetPassword for Admin Console

Closes #41901

Co-authored-by: Pedro Igor <pigor.craveiro@gmail.com>
Signed-off-by: Bagautdino <336373@edu.itmo.ru>
 2025-09-03 15:10:56 -03:00
Ryan Emerson
4fec0a8630
Document that single-cluster deployments expect all Keycloak instances to serve traffic 
Closes #42305

Signed-off-by: Ryan Emerson <remerson@ibm.com>
Signed-off-by: Alexander Schwartz <alexander.schwartz@gmx.net>
Co-authored-by: Alexander Schwartz <alexander.schwartz@gmx.net>
 2025-09-03 18:30:13 +02:00
Alexander Schwartz
665f4140da
Adding missing docs for 26.4 release notes 
Closes #42252

Signed-off-by: Alexander Schwartz <alexander.schwartz@gmx.net>
Signed-off-by: Alexander Schwartz <aschwart@redhat.com>
Co-authored-by: Vinod Anandan <vinod@owasp.org>
 2025-09-02 17:47:12 -03:00
vramik
4aa604ad04 Updated the screenshot to correctly show "Apply to Resource Type" enabled, 
which is required for typed resource permissions.

Closes #42159

Signed-off-by: vramik <vramik@redhat.com>
 2025-09-02 12:27:36 -03:00
Pedro Ruivo
935caa97ea
Disable peristent user session batching 
Closes #41662

Signed-off-by: Pedro Ruivo <1492066+pruivo@users.noreply.github.com>
Signed-off-by: Alexander Schwartz <aschwart@redhat.com>
Co-authored-by: Pedro Ruivo <1492066+pruivo@users.noreply.github.com>
Co-authored-by: Alexander Schwartz <aschwart@redhat.com>
 2025-09-01 14:33:21 +00:00
Tobias Genannt
ca93863d60
fix: Update to new dash standard 
Closes #42270

Signed-off-by: Tobias Genannt <tobias.genannt@gmail.com>
 2025-09-01 12:49:02 +00:00
Pedro Ruivo
f4ec4cff1a
Configure topology information in Infinispan 
Closes #41933

Signed-off-by: Pedro Ruivo <1492066+pruivo@users.noreply.github.com>
Co-authored-by: Pedro Ruivo <1492066+pruivo@users.noreply.github.com>
 2025-09-01 14:40:39 +02:00
am97
0c91d106a2
Add build documentation for REST API and Javadoc 
Closes #42176

Signed-off-by: Andrés Maldonado <maldonado@codelutin.com>
Signed-off-by: Alexander Schwartz <alexander.schwartz@gmx.net>
Co-authored-by: Alexander Schwartz <alexander.schwartz@gmx.net>
 2025-09-01 11:37:26 +00:00
Alexander Schwartz
1eba022149
Document network latency requirements for high available setups 
Closes #42186

Signed-off-by: Alexander Schwartz <aschwart@redhat.com>
 2025-08-28 23:46:20 +02:00
Steven Hawkins
e891336167
fix: expands our warnings/notes around placeholder usage (#42151) 
addresses CVE-2025-9162

closes: #42046

Signed-off-by: Steve Hawkins <shawkins@redhat.com>
 2025-08-28 17:06:55 +02:00
Steven Hawkins
183a96d6a1
enhance: adding the ability to set truststores via configmaps (#41796) 
closes: #34114

Signed-off-by: Steve Hawkins <shawkins@redhat.com>
 2025-08-28 16:55:52 +02:00
Steven Hawkins
565e195f48
enhance: allow for control over what port health checks are exposed on (#41759) 
closes: #39506

Signed-off-by: Steve Hawkins <shawkins@redhat.com>
 2025-08-28 10:18:22 +02:00
Alexis Rico
224ccbb79d Make organization domains optional 
Closes #31285

Signed-off-by: Alexis Rico <sferadev@gmail.com>
 2025-08-27 18:11:15 -03:00
Niko Köbler
236d2f9f62
Add configuration option to automatically add recovery codes action after otp configuration 
closes #41836

Signed-off-by: Niko Köbler <niko@n-k.de>
Signed-off-by: Alexander Schwartz <aschwart@redhat.com>
Co-authored-by: Alexander Schwartz <aschwart@redhat.com>
 2025-08-27 17:56:59 +02:00
laureat-natzka
edbe28147e
Pass IDP config values to themes (#40373) 
Signed-off-by: Laureat Grepi <laureat@Laureat-MacBook-Pro.local>
Co-authored-by: Laureat Grepi <laureat@Laureat-MacBook-Pro.local>
 2025-08-25 17:50:06 +00:00
Sebastian Łaskawiec
4c0f071d45
Upgrade Prep doc polishing 
Closes #41898

Signed-off-by: Sebastian Łaskawiec <sebastian.laskawiec@defenseunicorns.com>
 2025-08-21 13:19:59 +02:00
Martin Bartoš
6149d66405
Update screenshot for traces in Jaeger (#42036) 
Signed-off-by: Martin Bartoš <mabartos@redhat.com>
 2025-08-21 13:17:20 +02:00
Pedro Ruivo
2f131fa56c
Detect and handle KC split brain clusters 
Closes #41561

Signed-off-by: Pedro Ruivo <1492066+pruivo@users.noreply.github.com>
Signed-off-by: Pedro Ruivo <pruivo@users.noreply.github.com>
Signed-off-by: Alexander Schwartz <aschwart@redhat.com>
Co-authored-by: Pedro Ruivo <1492066+pruivo@users.noreply.github.com>
Co-authored-by: Alexander Schwartz <alexander.schwartz@gmx.net>
Co-authored-by: Alexander Schwartz <aschwart@redhat.com>
 2025-08-21 11:18:34 +02:00
Ricardo Martin
46e990b7a7
Check for non-ascii local part on emails depending on SMTP configuration 
Closes #41994

Signed-off-by: rmartinc <rmartinc@redhat.com>
 2025-08-21 08:16:47 +00:00
Ryan Emerson
481555c97e
Define default topologySpreadConstraints 
Closes #41729

Signed-off-by: Ryan Emerson <remerson@ibm.com>
 2025-08-20 13:58:37 +02:00
Ryan Emerson
cd42a503d2
Update observability metrics guides to reference single and multi-cluster architectures 
Closes #41938

Signed-off-by: Ryan Emerson <remerson@ibm.com>
 2025-08-20 13:31:52 +02:00
Steven Hawkins
b6f039a4cc
fix: adding a default for ldap connection timeout (#41726) 
closes: #39299

Signed-off-by: Steve Hawkins <shawkins@redhat.com>
Signed-off-by: Steven Hawkins <shawkins@redhat.com>
 2025-08-19 16:43:42 +00:00
Ryan Emerson
b0f4b4efee
Log applied cache configurations as part of debug logs 
Closes #41950

Signed-off-by: Ryan Emerson <remerson@ibm.com>
 2025-08-19 17:01:19 +02:00
Sebastian Łaskawiec
988bf9cb0b
WelcomeResource do not create temporary admins (#41416) 
Signed-off-by: Sebastian Łaskawiec <sebastian.laskawiec@defenseunicorns.com>
 2025-08-18 17:31:26 +02:00
Steven Hawkins
85324fddeb
fix: add a warning about provider jars (#41855) 
* fix: add a warning about provider jars

closes: #41820

Signed-off-by: Steve Hawkins <shawkins@redhat.com>

* Update docs/guides/server/configuration-provider.adoc

Co-authored-by: Václav Muzikář <vaclav@muzikari.cz>
Signed-off-by: Steven Hawkins <shawkins@redhat.com>

---------

Signed-off-by: Steve Hawkins <shawkins@redhat.com>
Signed-off-by: Steven Hawkins <shawkins@redhat.com>
Co-authored-by: Václav Muzikář <vaclav@muzikari.cz>
 2025-08-18 08:54:53 +02:00
Ryan Emerson
168d9cc090
Simplify Cache Configuration file by removing built-in cache configurations 
Closes #41559

Signed-off-by: Ryan Emerson <remerson@ibm.com>
Signed-off-by: Alexander Schwartz <aschwart@redhat.com>
Co-authored-by: Alexander Schwartz <aschwart@redhat.com>
 2025-08-15 16:16:56 +00:00
Ricardo Martin
949ef35a3b
Allow and control sending UTF-8 emails in the default email sender impl 
Closes #41023

Signed-off-by: rmartinc <rmartinc@redhat.com>
Signed-off-by: Alexander Schwartz <aschwart@redhat.com>
Co-authored-by: Alexander Schwartz <aschwart@redhat.com>
 2025-08-15 10:43:38 +00:00
Moshie Samuel
6958f57f0a
add configurable cooldown for email resend in VerifyEmail 
Closes #41331

Signed-off-by: Moshie Samuel <moshie.samuel@gmail.com>
Signed-off-by: moshiem <moshiem@hardcorebiometric.com>
Signed-off-by: Alexander Schwartz <aschwart@redhat.com>
Co-authored-by: moshiem <moshiem@hardcorebiometric.com>
Co-authored-by: Alexander Schwartz <aschwart@redhat.com>
 2025-08-15 07:31:00 +02:00
Alexander Schwartz
7629b7dc53
Show required fields when configuring protocol mappers 
Closes #40619

Signed-off-by: Alexander Schwartz <aschwart@redhat.com>
 2025-08-15 07:28:45 +02:00
Steven Hawkins
c1afa376b2
fix: adding raw environment variables (#41768) 
closes: #41766

Signed-off-by: Steve Hawkins <shawkins@redhat.com>
 2025-08-14 20:17:15 +02:00
RAMLAH MUNIR
e5c38f8a63
Fix typo in caching docs: 'Proving' → 'Providing' 
Closes #41663

Signed-off-by: Ramlah7 <ramlahmunir786@gmail.com>
 2025-08-14 16:16:18 +00:00
Pedro Igor
3bf46e5421
"linked-accounts" endpoint displays all Identity providers 
Closes #19732

Signed-off-by: Réda Housni Alaoui <reda-alaoui@hey.com>
Co-authored-by: Réda Housni Alaoui <reda-alaoui@hey.com>
 2025-08-14 15:21:03 +02:00
Dmytro Filipenko
bd5818c4c8
Add HTML5 attributes to prevent password manager interference with OTP 
* Closes #41831

Signed-off-by: dmfilipenko <wind.fd@gmail.com>
Signed-off-by: Alexander Schwartz <aschwart@redhat.com>
Co-authored-by: Alexander Schwartz <aschwart@redhat.com>
 2025-08-14 07:45:53 +00:00
Dennis Kniep
d74a10d87a
Add TiDB as supported db 
Closes #41455

Signed-off-by: Dennis Kniep <kniepdennis@gmail.com>
Signed-off-by: Alexander Schwartz <aschwart@redhat.com>
Co-authored-by: Alexander Schwartz <aschwart@redhat.com>
 2025-08-14 07:27:21 +00:00
dependabot[bot]
1a262cc899
Bump commons-io:commons-io from 2.7 to 2.14.0 in /docs/documentation/tests (#41463) 
Bumps commons-io:commons-io from 2.7 to 2.14.0.

---
updated-dependencies:
- dependency-name: commons-io:commons-io
  dependency-version: 2.14.0
  dependency-type: direct:development
...

Signed-off-by: Alexander Schwartz <aschwart@redhat.com>
Signed-off-by: dependabot[bot] <support@github.com>
Signed-off-by: Alexander Schwartz <aschwart@redhat.com>
Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com>
Co-authored-by: Alexander Schwartz <aschwart@redhat.com>
 2025-08-14 06:08:39 +00:00
Ricardo Martin
ef312b570c
Final changes for passkeys documentation (#41646) 
Closes #41557

Signed-off-by: rmartinc <rmartinc@redhat.com>

Co-authored-by: andymunro <48995441+andymunro@users.noreply.github.com>
Co-authored-by: Marek Posolda <mposolda@gmail.com>
 2025-08-13 09:01:15 +02:00
Peter Skopek
651d651c30 Add missing artifact descriptions to allow Maven Central Portal Publisher pass validation process. (#40822) 
Signed-off-by: Peter Skopek <pskopek@redhat.com>
 2025-08-12 16:50:17 +02:00
Alexander Schwartz
c2515bbb88
Fixing typo and formatting 
Closes #41620

Signed-off-by: Alexander Schwartz <aschwart@redhat.com>
Signed-off-by: Alexander Schwartz <alexander.schwartz@gmx.net>
Co-authored-by: andymunro <48995441+andymunro@users.noreply.github.com>
 2025-08-11 08:26:10 +02:00
Robin Meese
134b00abb1
Add Russian and traditional Chinese to translation.md 
Closes: #41742

Signed-off-by: Robin Meese <39960884+robson90@users.noreply.github.com>
 2025-08-08 17:46:34 +02:00
Ryan Emerson
a2fe32617c
Default to stretched clusters on Kubernetes when possible 
Closes #41666

Signed-off-by: Ryan Emerson <remerson@ibm.com>
 2025-08-08 08:09:04 +02:00
Ryan Emerson
907ee2e4e2
High-availability guide restructuring 
* Refactor high-availability guide to include both single and multi cluster architectures

Closes #30095
Closes #41585

Signed-off-by: Ryan Emerson <remerson@ibm.com>
Signed-off-by: Alexander Schwartz <aschwart@redhat.com>
Signed-off-by: Alexander Schwartz <alexander.schwartz@gmx.net>
Co-authored-by: Alexander Schwartz <aschwart@redhat.com>
Co-authored-by: Alexander Schwartz <alexander.schwartz@gmx.net>
 2025-08-06 18:38:37 +00:00
Pedro Igor
84fc9bb3e5 Allow forwarding parameters set as a client note in the authentication session 
Closes #41670

Signed-off-by: Pedro Igor <pigor.craveiro@gmail.com>
 2025-08-06 14:57:47 -03:00
huyenvu2101
5436f9781c Allow setting default value for userprofile attribute 
Closes #36160

Signed-off-by: huyenvu2101 <vhuyen2101@gmail.com>
 2025-08-06 13:59:54 -03:00
Pedro Ruivo
75afda4104 Ensure cache configuration has correct number of owners 
Closes #41558

Signed-off-by: Pedro Ruivo <1492066+pruivo@users.noreply.github.com>
 2025-08-05 15:19:03 +01:00
Ryan Emerson
50181816b6
Utilise table to display Features 
Closes #41328

Signed-off-by: Ryan Emerson <remerson@ibm.com>
 2025-08-04 20:14:20 +02:00
Martin Bartoš
0c213c2f3d
Fix formatting issue for Operator Realm Import docs (#41644) 
Signed-off-by: Martin Bartoš <mabartos@redhat.com>
 2025-08-04 13:55:42 -04:00
Steven Hawkins
f5f93ef6e1
fix: adding the ability to set the ingress tlsSecret (#41426) 
* fix: adding the ability to set the ingress tlsSecret

closes: #34777

Signed-off-by: Steve Hawkins <shawkins@redhat.com>

* Apply suggestions from code review

Co-authored-by: Martin Bartoš <mabartos@redhat.com>
Signed-off-by: Steven Hawkins <shawkins@redhat.com>

---------

Signed-off-by: Steve Hawkins <shawkins@redhat.com>
Signed-off-by: Steven Hawkins <shawkins@redhat.com>
Co-authored-by: Martin Bartoš <mabartos@redhat.com>
 2025-08-04 09:28:46 -03:00
mposolda
3cc8808465 Wrap deprecated passkeys authenticator behind the feature 
closes #40696

Signed-off-by: mposolda <mposolda@gmail.com>
 2025-08-01 16:48:57 +02:00
Ricardo Martin
f45280a65d
Add a securing-apps guide with the specifications implemented by keycloak 
Closes #41176

Signed-off-by: rmartinc <rmartinc@redhat.com>
Signed-off-by: Alexander Schwartz <aschwart@redhat.com>
Co-authored-by: Alexander Schwartz <aschwart@redhat.com>
 2025-08-01 09:28:37 +00:00
Takashi Norimatsu
cb4e06b6f8 FAPI 2.0 Security Profile Final - Documentation 
closes #41121

Signed-off-by: Takashi Norimatsu <takashi.norimatsu.ws@hitachi.com>
 2025-08-01 09:24:30 +02:00