upstream/keycloak
1
0
Fork 0
mirror of https://github.com/keycloak/keycloak.git synced 2026-02-03 20:39:33 -05:00
Code Issues Projects Releases Packages Wiki Activity Actions 5
Gestion d'identité et SSO
26584 commits 23 branches 291 tags 855 MiB
Java 91.5%
TypeScript 7.3%
Fluent 0.5%
FreeMarker 0.2%
JavaScript 0.1%
Other 0.1%
Find a file
Alexander Schwartz 17f0f969b7
Disable Secure Client-Initiated Renegotiation by default 
The parameter  -Djdk.tls.rejectClientInitiatedRenegotiation=true disables Secure Client-Initiated Renegotiation in Keycloak to resolve a potential DoS vulnerability. Note this is applicable only to TLS 1.2.

Closes #43020

Signed-off-by: Erasure5959 <154384607+Erasure5959@users.noreply.github.com>
Signed-off-by: Alexander Schwartz <alexander.schwartz@ibm.com>
Co-authored-by: Erasure5959 <154384607+erasure5959@users.noreply.github.com>
2025-10-02 14:47:26 -03:00
.github Remove /etc/system-fips file before executing fips-mode-setup 2025-07-10 18:23:52 +02:00
.idea Add Intellij project icon 2023-09-18 12:39:16 +02:00
.mvn Upgrade Maven and wrapper to latest version 2024-06-19 10:42:33 +02:00
adapters Restrict access to environment variables when at the server runtime 2024-12-16 10:12:52 -03:00
authz Apply a heuristic to look up by the role by ID or name 2025-02-06 08:41:29 -03:00
boms Added support for Nexus 3 repositories 2025-04-30 12:09:25 +00:00
common Fix content-type for content.json 2025-01-14 10:14:06 +01:00
core Restrict access to environment variables when at the server runtime 2024-12-16 10:12:52 -03:00
crypto Add AuthzClientCryptoProvider to authz-client in keycloak main repository 2024-10-16 18:16:19 +02:00
dependencies Remove keycloak-js-adapter-jar artifact (#33196) 2024-09-23 15:46:56 +00:00
distribution Adding SAML adapter zip distribution back to the sources 2025-01-21 11:16:19 +01:00
docs ExternalLinks are broken in documentation 2025-09-11 15:19:30 +02:00
federation Ensure LDAPStorageMapper.getGroupMembers is taking the fetch strategy in consideration when retrieving the members 2025-02-03 19:11:17 -03:00
integration Backport to expose membership type 2024-11-27 11:15:25 -03:00
js use user and client from form when on the events section (#35098) (#40389) 2025-07-23 14:06:08 -04:00
misc Remove keycloak-test-helper module 2024-09-12 09:13:26 +02:00
model Avoid invalidating the realm when managing client initial access 2025-09-26 12:54:55 +02:00
operator fix: switching to the registry addon for olm testing 2025-06-28 10:16:32 +02:00
quarkus Disable Secure Client-Initiated Renegotiation by default 2025-10-02 14:47:26 -03:00
rest Update UP via provider instead of going through the UserProfileResource 2025-01-13 14:41:53 -03:00
saml-core added DCL pattern implementation for TransformerUtil 2025-06-06 10:06:29 -03:00
saml-core-api Use a default Java version from root POM (#29927) 2024-06-21 14:19:31 +02:00
server-spi Return user session started time when client note is missing for offline 2025-05-07 11:14:50 +02:00
server-spi-private Disable email verification when email manually changed by idp review 2025-06-27 16:26:01 +02:00
services Unbounded login_hint parameter Can Corrupt KC_RESTART Cookie 2025-09-09 17:09:40 +02:00
test-framework Unbounded login_hint parameter Can Corrupt KC_RESTART Cookie 2025-09-09 17:09:40 +02:00
test-poc Move Test Framework (#32407) 2024-08-28 14:14:08 +02:00
testsuite Handle already existing user session in the store 2025-09-11 17:10:06 +02:00
themes Avoid double submit on opt login form 2025-09-19 11:24:38 -03:00
util Artifact SLF4J LOG4J-12 has been relocated (#20113) 2023-05-05 13:57:45 +02:00
.editorconfig Don't apply editorconfig auto-formatting to properties file for now 2024-05-29 19:00:06 +02:00
.gitattributes Use lf as line-ending for sh files 2022-07-19 08:57:57 +02:00
.gitignore Remove keycloak-admin-client-jee 2024-08-20 10:53:09 +02:00
.gitleaks.toml Updated .gitleaks.toml to ignore false positive in RedirectUtilsTest (#33346) 2024-09-27 14:32:36 +02:00
ADOPTERS.md add Bundesagentur für Arbeit to ADOPTERS.md (#26784) 2024-02-05 14:32:49 +01:00
CONTRIBUTING.md link translation docs to contribution document (#30477) 2024-06-17 10:30:34 +02:00
eslint.config.js Update ESLint dependencies to latest version (#31831) 2024-08-06 08:02:18 -04:00
get-version.sh Use Maven wrapper instead of platform dependent Maven version (#29988) 2024-06-03 15:45:39 +02:00
GOVERNANCE.md Update governance model around changes in maintainership (#29292) 2024-05-22 08:24:10 +02:00
LICENSE.txt Added text version of ASL2 license 2019-11-08 12:43:10 +01:00
MAINTAINERS.md Update maintainers (#31798) 2024-08-12 11:54:53 +02:00
maven-settings.xml [KEYCLOAK-11764] Upgrade to Wildfly 19 2020-04-24 08:19:43 -03:00
mvnw Upgrade Maven and wrapper to latest version 2024-06-19 10:42:33 +02:00
mvnw.cmd Upgrade Maven and wrapper to latest version 2024-06-19 10:42:33 +02:00
package.json Bump eslint-plugin-react from 7.36.1 to 7.37.1 (#33455) 2024-10-02 10:00:45 +02:00
pnpm-lock.yaml Use crypto.randomUUID() to generate UUIDs for Keycloak JS (#33518) 2024-10-03 12:07:57 -03:00
pnpm-workspace.yaml Move unrelated files out of common resources (#32285) 2024-08-22 09:57:15 +02:00
pom.xml Upgrade to Quarkus 3.15.6.2 2025-08-29 21:07:16 +02:00
PR-CHECKLIST.md Introduce CODEOWNERS (#16637) 2023-01-30 13:05:45 +01:00
README.md Add some badges to README.md (#27921) 2024-03-15 11:25:21 +01:00
SECURITY-INSIGHTS.yml Provide an OpenSSF security insights manifest file 2024-02-15 11:02:33 -03:00
set-version.sh Update set-version to update version in package.json for admin-ui (#32068) 2024-08-12 15:31:25 +02:00
tsconfig.eslint.json changed name and added version number (#28157) 2024-04-19 14:10:34 -04:00
tsconfig.json Remove the UMD distribution of Keycloak JS (#33080) 2024-09-30 14:05:18 +02:00

README.md

Keycloak

GitHub Release OpenSSF Best Practices GitHub Repo stars GitHub commit activity

Open Source Identity and Access Management

Add authentication to applications and secure services with minimum effort. No need to deal with storing users or authenticating users.

Keycloak provides user federation, strong authentication, user management, fine-grained authorization, and more.

Help and Documentation

Reporting Security Vulnerabilities

If you have found a security vulnerability, please look at the instructions on how to properly report it.

Reporting an issue

If you believe you have discovered a defect in Keycloak, please open an issue. Please remember to provide a good summary, description as well as steps to reproduce the issue.

Getting started

To run Keycloak, download the distribution from our website. Unzip and run:

bin/kc.[sh|bat] start-dev

Alternatively, you can use the Docker image by running:

docker run quay.io/keycloak/keycloak start-dev

For more details refer to the Keycloak Documentation.

Building from Source

To build from source, refer to the building and working with the code base guide.

Testing

To run tests, refer to the running tests guide.

Writing Tests

To write tests, refer to the writing tests guide.

Contributing

Before contributing to Keycloak, please read our contributing guidelines. Participation in the Keycloak project is governed by the CNCF Code of Conduct.

Other Keycloak Projects

License