upstream/keycloak
1
0
Fork 0
mirror of https://github.com/keycloak/keycloak.git synced 2026-04-25 16:18:15 -04:00
Code Issues Projects Releases Packages Wiki Activity Actions 5
28100 commits 31 branches 304 tags 892 MiB
Commit graph

60 commits

Author SHA1 Message Date
mposolda
e9283ee71d Documentation for recovery codes (deprecation of password policy and required action config) 
closes #39245

Signed-off-by: mposolda <mposolda@gmail.com>
 2025-04-29 09:29:38 +02:00
Alexander Schwartz
e7474646ee
Explicit target for cross-reference 2FA in server admin guide (#38573) 
Closes #38572

Signed-off-by: Alexander Schwartz <aschwart@redhat.com>
 2025-04-01 13:29:30 +02:00
Ricardo Martin
a7e63837db
Recovery codes documentation (#38407) 
Closes #30702

Signed-off-by: rmartinc <rmartinc@redhat.com>


Co-authored-by: andymunro <48995441+andymunro@users.noreply.github.com>
 2025-03-27 09:59:14 +01:00
andymunro
1f6f1571fd
update screens for new realm selector 
Closes #37083

Signed-off-by: AndyMunro <amunro@redhat.com>
 2025-03-15 10:54:00 +01:00
Giuseppe Graziano
bd807ceac3
Select auth flow via acr using client policies (#36441) 
Closes #24297


Co-authored-by: Ben Cresitello-Dittmar <bcresitellodittmar@mitre.org>
Signed-off-by: Giuseppe Graziano <g.graziano94@gmail.com>
 2025-01-23 19:46:07 +01:00
rmartinc
f89be1813d Check next update time for CRL in certificate validation 
Closes #35983

Signed-off-by: rmartinc <rmartinc@redhat.com>
 2025-01-22 14:58:35 +01:00
rmartinc
17d2dd58ca Add some common headers for the links check in docs 
Closes #36675

Signed-off-by: rmartinc <rmartinc@redhat.com>
 2025-01-22 12:21:29 +01:00
Stian Thorgersen
bc2665fc2a
Re-order items in release notes for 26.1 (#36346) 
* Re-order items in release notes for 26.1

Signed-off-by: stianst <stianst@gmail.com>

* Review (#161)

Signed-off-by: Alexander Schwartz <aschwart@redhat.com>

---------

Signed-off-by: stianst <stianst@gmail.com>
Signed-off-by: Alexander Schwartz <aschwart@redhat.com>
Co-authored-by: Alexander Schwartz <alexander.schwartz@gmx.net>
 2025-01-14 09:21:04 +00:00
Marek Posolda
4ab34f4816
Updating release notes with core-clients contributions and features (#36066) 
closes #35953

Signed-off-by: mposolda <mposolda@gmail.com>


Co-authored-by: andymunro <48995441+andymunro@users.noreply.github.com>
Signed-off-by: Marek Posolda <mposolda@gmail.com>
 2024-12-20 10:15:55 +01:00
Marek Posolda
a3fd076960
Adding ConditionalClientScopeAuthenticator (#36020) 
closes #36081 

Signed-off-by: mposolda <mposolda@gmail.com>


Co-authored-by: andymunro <48995441+andymunro@users.noreply.github.com>
Signed-off-by: Marek Posolda <mposolda@gmail.com>
 2024-12-20 09:53:51 +01:00
Thomas Darimont
3cdbbc5b15
Add support for Initiating User Registration via prompt=create (#10701) (#35903) 
Fixes #10701

Signed-off-by: Thomas Darimont <thomas.darimont@googlemail.com>
 2024-12-16 19:54:52 +01:00
Ricardo Martin
bbca6116b0
Implement a conditional authenticator to check if a sub-flow was executed or not previously in the process (#35668) 
Closes #35231

Signed-off-by: rmartinc <rmartinc@redhat.com>


Co-authored-by: Marek Posolda <mposolda@gmail.com>
Co-authored-by: andymunro <48995441+andymunro@users.noreply.github.com>
 2024-12-12 11:16:30 +01:00
Alexander Schwartz
b98cd12b58 Changing mis-formatted definition list of hashing algorithms to a table 
Closes #35416

Signed-off-by: Alexander Schwartz <aschwart@redhat.com>
 2024-12-02 15:05:05 -03:00
Cornelius Roemer
29abfd3e89 Fix typos in *.md and *.adoc files using codespell interactive mode 
Closes #35256

This PR fixes a bunch of typos in docs files.

I ran codespell on `*.adoc` and `*.md` files in the repo in interactive mode
carefully checking each identified typo and proposed fix for false positives.

The most widely read file with typos identified is likely the changelog/migration guide.

Signed-off-by: Cornelius Roemer <cornelius.roemer@gmail.com>
 2024-11-25 08:21:26 +01:00
AndyMunro
e2d221c4bd Address QE comments on Server Admin Guide 
Closes #34916

Signed-off-by: AndyMunro <amunro@redhat.com>
 2024-11-22 10:20:18 +01:00
Ricardo Martin
ca1c10f7ba
Use short UUID for ldap components (#34815) 
Closes #32143

Signed-off-by: rmartinc <rmartinc@redhat.com>
 2024-11-15 15:15:04 +01:00
Alexander Schwartz
d4991ce56f Fix server guide cross-references for downstream docs 
Closes #31947

Signed-off-by: Alexander Schwartz <aschwart@redhat.com>
 2024-08-13 14:51:01 -03:00
rmartinc
942d5d0aa3 Convert chapter planning for securing applications and services to guides 
Final removal of the securing_apps documentation
Final checks for links, order and other minor things
Closes #31328

Signed-off-by: rmartinc <rmartinc@redhat.com>
 2024-08-01 16:45:56 +02:00
Giuseppe Graziano
c3019fb2d3
Move oidc documentation to guides (#31627) 
Closes #31329

Signed-off-by: Giuseppe Graziano <g.graziano94@gmail.com>
 2024-07-30 09:46:14 +02:00
Pedro Igor
f4b1a5ca88 Updating docs 
Signed-off-by: Pedro Igor <pigor.craveiro@gmail.com>
 2024-07-24 15:12:16 -03:00
Maciej Mierzwa
97e89e2071 feature: password age in days policy 
Closes #30210

Signed-off-by: Maciej Mierzwa <dev.maciej.mierzwa@gmail.com>
 2024-07-24 15:12:16 -03:00
Douglas Palmer
54f4ab50f0 Broken external links 
Closes #30717

Signed-off-by: Douglas Palmer <dpalmer@redhat.com>
 2024-06-25 09:55:50 +02:00
CARBONNEAUX Mathieu
acf79b81c7
add RS256 algorithm to webauthn default policy (#30528) 
closes #28020 

Signed-off-by: Mathieu CARBONNEAUX <mathieu.carbonneaux@ch2o.info>
 2024-06-19 10:16:46 +02:00
Marek Posolda
79c8c80058
Example for X.509 direct grant flow authentication (#30203) 
closes #29639

Signed-off-by: mposolda <mposolda@gmail.com>


Co-authored-by: andymunro <48995441+andymunro@users.noreply.github.com>
 2024-06-06 11:58:09 +02:00
Marek Posolda
336b2c875f
Update release notes for Keycloak 25 (#29894) 
closes #29576

Signed-off-by: mposolda <mposolda@gmail.com>


Co-authored-by: andymunro <48995441+andymunro@users.noreply.github.com>
 2024-05-29 14:19:17 +02:00
Marek Posolda
6dc28bc7b5
Clarify the documentation about step-up authentication (#29735) 
closes #28341

Signed-off-by: mposolda <mposolda@gmail.com>


Co-authored-by: andymunro <48995441+andymunro@users.noreply.github.com>
 2024-05-21 19:46:27 +02:00
mposolda
bbd4b60163 Update documentation after adapters removal 
closes #28792

Signed-off-by: mposolda <mposolda@gmail.com>
 2024-05-21 09:34:48 +02:00
Takashi Norimatsu
b4e7d9b1aa
Passkeys: Supporting WebAuthn Conditional UI (#24305) 
closes #24264

Signed-off-by: Takashi Norimatsu <takashi.norimatsu.ws@hitachi.com>
Signed-off-by: mposolda <mposolda@gmail.com>


Co-authored-by: mposolda <mposolda@gmail.com>
 2024-05-16 07:58:43 +02:00
Dimitri Papadopoulos Orfanos
9db1443367
Fix typos found by codespell in docs (#28890) 
Run `chmod -x` on files that need not be executable.

Signed-off-by: Dimitri Papadopoulos <3234522+DimitriPapadopoulos@users.noreply.github.com>
Signed-off-by: Alexander Schwartz <aschwart@redhat.com>
Co-authored-by: Alexander Schwartz <aschwart@redhat.com>
 2024-05-03 12:41:16 +00:00
Alexander Schwartz
5b4a69a6e9 Limit the concurrency of password hashing to the number of CPU cores available 
Closes #28477

Signed-off-by: Alexander Schwartz <aschwart@redhat.com>
 2024-04-15 15:05:09 +02:00
Christopher Miles
1646315939 Deny list lower cases all passwords when loading from file 
Closes #28381

We always lower case the inbound password before comparing against the deny list
yet the deny list may contain passwords that contain upper case letters. With
this change we will now convert passwords from the deny list into lower case
while loading, ensuring that more passwords match the deny list.

Signed-off-by: Christopher Miles <twitch@nervestaple.com>
 2024-04-15 08:49:37 +02:00
Marek Posolda
13daaa55ba
Documentation for changes related to 'You are already logged in' scen… (#28595) 
closes #27879

Signed-off-by: mposolda <mposolda@gmail.com>


Co-authored-by: andymunro <48995441+andymunro@users.noreply.github.com>
 2024-04-11 08:18:41 +02:00
Stian Thorgersen
c3a98ae387
Use Argon2 as default password hashing algorithm (#28162) 
Closes #28161

Signed-off-by: stianst <stianst@gmail.com>
 2024-03-22 13:04:14 +00:00
Stian Thorgersen
cae92cbe8c
Argon2 password hashing provider (#28031) 
Closes #28030

Signed-off-by: stianst <stianst@gmail.com>
 2024-03-22 07:08:09 +01:00
AndyMunro
d61b1ddb09 Edit use of Keycloak in Server Admin Guide 
Closes #27955

Signed-off-by: AndyMunro <amunro@redhat.com>
 2024-03-18 09:51:55 +01:00
Stian Thorgersen
81f3f211f3
Delete all deprecated and unmaintained examples (#27855) 
Signed-off-by: stianst <stianst@gmail.com>
 2024-03-15 07:24:20 +01:00
Alexander Schwartz
4b697009d3
Clean up feature IDs in the docs (#27418) 
Closes #27416

Signed-off-by: Alexander Schwartz <aschwart@redhat.com>
 2024-03-06 12:32:06 +01:00
Takashi Norimatsu
3db04d8d8d Replace Security Key with Passkey in WebAuthn UIs and their documents 
closes #27147

Signed-off-by: Takashi Norimatsu <takashi.norimatsu.ws@hitachi.com>
 2024-02-29 10:31:05 +01:00
Alexander Schwartz
6de61f61f0 Adding missing explicit IDs for cross-references 
Closes #27316

Signed-off-by: Alexander Schwartz <aschwart@redhat.com>
 2024-02-28 08:37:52 +01:00
Takashi Norimatsu
849a920955 Rename Resident key to Discoverable Credential 
closes #9508

Signed-off-by: Takashi Norimatsu <takashi.norimatsu.ws@hitachi.com>
 2024-02-19 14:12:15 +01:00
Marek Posolda
e2fb8406a3
Fixing the docs about default hashing iterations (#27020) 
closes #26816

Signed-off-by: mposolda <mposolda@gmail.com>


Co-authored-by: andymunro <48995441+andymunro@users.noreply.github.com>
 2024-02-15 08:11:44 +01:00
Pedro Igor
750bc2c09c Reviewing references to user attribute management and UIs 
Closes #26155

Signed-off-by: Pedro Igor <pigor.craveiro@gmail.com>
 2024-02-12 16:01:34 +01:00
mposolda
7af753e166 Documentation for AIA 
closes #25569

Signed-off-by: mposolda <mposolda@gmail.com>

Co-authored-by: andymunro <48995441+andymunro@users.noreply.github.com>
 2024-02-12 09:42:34 +01:00
christian-2
e14b523a8d
Fixes typo in Server Administration guide (#26543) 
Signed-off-by: Christian Hörtnagl <christian2@univie.ac.at>
 2024-02-01 19:36:32 +01:00
Ben Cresitello-Dittmar
057d8a00ac Implement Authentication Method Reference (AMR) claim from OIDC specification 
This implements a method for configuring authenticator reference values for Keycloak authenticator executions and a protocol mapper for populating the AMR claim in the resulting OIDC tokens.

This implementation adds a default configuration item to each authenticator execution, allowing administrators to configure an authenticator reference value. Upon successful completion of an authenticator during an authentication flow, Keycloak tracks the execution ID in a user session note.

The protocol mapper pulls the list of completed authenticators from the user session notes and loads the associated configurations for each authenticator execution. It then captures the list of authenticator references from these configs and sets it in the AMR claim of the resulting tokens.

Closes #19190

Signed-off-by: Ben Cresitello-Dittmar <bcresitellodittmar@mitre.org>
 2024-01-03 14:59:05 -03:00
Thomas Darimont
d30d692335 Introduce MaxAuthAge Password policy (#12943) 
This policy allows to specify the maximum age of an authentication
with which a password may be changed without re-authentication.

Defaults to 300 seconds (default taken from Constants.KC_ACTION_MAX_AGE) to remain backwards compatible.
A value of 0 will always require reauthentication to update the password.
Add documentation for MaxAuthAgePasswordPolicy to server_admin

Fixes #12943

Signed-off-by: Thomas Darimont <thomas.darimont@googlemail.com>
 2023-11-20 14:48:17 +01:00
AndyMunro
20f5edc708 Addressing Server Admin review comments 
Closes #24643

Signed-off-by: AndyMunro <amunro@redhat.com>
 2023-11-13 15:48:02 +01:00
Takashi Norimatsu
1c8cddf145 passkeys: documentation 
closes #23660
 2023-10-24 14:48:13 +02:00
mposolda
57e51e9dd4 Use an original domain name of Kerberos Principal in UserModel attribute instead of configured value of Kerberos realm in User federation 
closes #20045
 2023-08-30 13:24:48 +02:00
Alexander Schwartz
08dfdffbfb
Fixed updated links for freeipa (#22040) 
Closes #22039
 2023-07-28 07:31:03 +02:00