upstream/keycloak
1
0
Fork 0
mirror of https://github.com/keycloak/keycloak.git synced 2026-04-15 22:09:46 -04:00
Code Issues Projects Releases Packages Wiki Activity Actions 21
30693 commits 34 branches 304 tags 876 MiB
Commit graph

22 commits

Author SHA1 Message Date
Oluwatobi Mustapha
24a819eabc
Fix FGAP deny evaluation for manage-group-membership 
Add the missing Users FGAP scope alias from manage-group-membership to Groups manage-membership so deny permissions on group members apply during user membership updates.

Add a regression test covering a protected group member, an unrelated user, and the no-mutation postcondition after a forbidden request.

Closes keycloak#46693
 2026-03-09 12:01:17 -03:00
Pedro Igor
13cf35ded3
Only realm admins can manage workflows
Some checks failed
Weblate Sync / Trigger Weblate to pull the latest changes (push) Has been cancelled
Details 
Closes #45875

Signed-off-by: Pedro Igor <pigor.craveiro@gmail.com>
 2026-01-30 21:18:06 +01:00
Alexander Schwartz
dd0214bc78
Do not use whitelist/blacklist in the UI 
Closes #45539

Signed-off-by: Alexander Schwartz <alexander.schwartz@ibm.com>
 2026-01-20 11:12:23 +01:00
Pedro Igor
ab351170b4
Support aggregated policies during partial evaluation 
Closes #45324

Signed-off-by: Pedro Igor <pigor.craveiro@gmail.com>
 2026-01-15 15:20:52 +01:00
Pedro Igor
c33d94da65 Allow admins with any admin role to map roles if the constraints apply 
Closes #44371
Closes #45182

Signed-off-by: Pedro Igor <pigor.craveiro@gmail.com>
 2026-01-12 12:56:30 -03:00
Stan Silvert
eb77c055f5 Clarify documentation. 
Signed-off-by: Stan Silvert <ssilvert@redhat.com>
 2026-01-12 10:36:10 -03:00
vramik
5dbc91e028 Deprecate Fine-Grained Admin Permissions v1 
Closes #44121

Signed-off-by: vramik <vramik@redhat.com>
 2025-12-08 10:26:27 -03:00
Pedro Igor
2b785425fa Allow managing realm admin roles if the the realm-admin role is granted 
Closes #43579
Closes #43578

Signed-off-by: Pedro Igor <pigor.craveiro@gmail.com>
Co-authored-by: Vlasta Ramik <vramik@users.noreply.github.com>
 2025-10-23 08:02:05 -03:00
Alexander Schwartz
7b8626ead5
Make intra-document links work in downstream 
Closes #43544

Signed-off-by: Alexander Schwartz <alexander.schwartz@ibm.com>
 2025-10-17 10:52:58 +02:00
vramik
23043b40b4 Fix reset-password scope documentation and upgrading guide 
Closes #42790

Signed-off-by: vramik <vramik@redhat.com>
 2025-09-23 07:31:35 -03:00
Bagautdino
d225bce21f feat(FGAPv2): introduce RESET_PASSWORD scope and evaluation 
- Add RESET_PASSWORD to AdminPermissionsSchema.USERS
- Require RESET_PASSWORD in UserResource.resetPassword()
- Expose canResetPassword()/requireResetPassword()
- Implement FGAP v2 deny-overrides + secure-by-default + optional fallback
- Include access.resetPassword for Admin Console

Closes #41901

Co-authored-by: Pedro Igor <pigor.craveiro@gmail.com>
Signed-off-by: Bagautdino <336373@edu.itmo.ru>
 2025-09-03 15:10:56 -03:00
Alexander Schwartz
c2515bbb88
Fixing typo and formatting 
Closes #41620

Signed-off-by: Alexander Schwartz <aschwart@redhat.com>
Signed-off-by: Alexander Schwartz <alexander.schwartz@gmx.net>
Co-authored-by: andymunro <48995441+andymunro@users.noreply.github.com>
 2025-08-11 08:26:10 +02:00
Pedro Igor
288b6dae12
More information to docs 
Closes #38798

Signed-off-by: Pedro Igor <pigor.craveiro@gmail.com>
 2025-04-10 20:03:05 +02:00
Pedro Igor
ae88d7921f
Improvements to partial evaluation 
Closes #38732

Signed-off-by: Pedro Igor <pigor.craveiro@gmail.com>
 2025-04-09 18:15:28 +02:00
Pedro Igor
87430fc181
Add impersonate-members scope to group resource type 
Closes #38566

Signed-off-by: Pedro Igor <pigor.craveiro@gmail.com>
 2025-04-07 14:56:27 +00:00
vramik
6488890585 [FGAP:V2] remove configure scope from Client resource type 
Closes #38567

Signed-off-by: vramik <vramik@redhat.com>
 2025-04-07 07:05:02 -03:00
Vlasta Ramik
18c8308bb4
[FGAP] Remove redundant sentense from fine grained admin permissions docs 
Closes #38677

Signed-off-by: vramik <vramik@redhat.com>
 2025-04-04 09:41:17 +02:00
vramik
f076b99407 FGAP documentation 
Closes #37245

Signed-off-by: vramik <vramik@redhat.com>
 2025-04-03 09:44:32 -03:00
Stefan Guilhen
d87f67b4e6
Fix duplicated screenshots in the Fine grain admin permissions section of the Server Admin Guide 
Closes #31083

Signed-off-by: Stefan Guilhen <sguilhen@redhat.com>
Co-authored-by: andymunro <48995441+andymunro@users.noreply.github.com>
 2024-09-27 09:04:01 +02:00
Alexander Schwartz
4b697009d3
Clean up feature IDs in the docs (#27418) 
Closes #27416

Signed-off-by: Alexander Schwartz <aschwart@redhat.com>
 2024-03-06 12:32:06 +01:00
Pedro Igor
750bc2c09c Reviewing references to user attribute management and UIs 
Closes #26155

Signed-off-by: Pedro Igor <pigor.craveiro@gmail.com>
 2024-02-12 16:01:34 +01:00
Alexander Schwartz
4dcb819c06 Moving docs to new folder 
CIAM-5056
 2023-03-20 09:07:58 +01:00