Martin Bartoš
548a89c823
[OTel] Micrometer to OpenTelemetry bridge support for metrics ( #41716 )
...
* [OTel] Micrometer to OpenTelemetry bridge support for metrics
Closes #41006
Signed-off-by: Martin Bartoš <mabartos@redhat.com >
* Review: Docs rewording
Signed-off-by: Ryan Emerson <remerson@ibm.com >
* Review: Make TELEMETRY Option descriptions consistently use OpenTelemetry to reflect pattern established by telemetry-enabled, telemetry-endpoint etc
Signed-off-by: Ryan Emerson <remerson@ibm.com >
---------
Signed-off-by: Martin Bartoš <mabartos@redhat.com >
Signed-off-by: Ryan Emerson <remerson@ibm.com >
Co-authored-by: Ryan Emerson <remerson@ibm.com >
2025-12-17 17:03:56 +01:00
Sebastian Łaskawiec
9597537bf3
Additional fields for the Welcome Resource ( #44758 )
...
* Additional fields added to the Welcome Page
Signed-off-by: Sebastian Łaskawiec <sebastian.laskawiec@gmail.com >
* Updated the order of fields
Signed-off-by: Sebastian Łaskawiec <sebastian.laskawiec@gmail.com >
---------
Signed-off-by: Sebastian Łaskawiec <sebastian.laskawiec@gmail.com >
2025-12-17 13:11:44 +01:00
Martin Kanis
012cefb654
The existence of an organization attribute called id is not validated
...
Closes #44522
Signed-off-by: Martin Kanis <mkanis@redhat.com >
2025-12-17 08:05:32 -03:00
Steven Hawkins
148d14816c
fix: allowing settable connection request timeout ( #44592 )
...
also defaulting to 5000
closes : #44500
Signed-off-by: Steve Hawkins <shawkins@redhat.com >
2025-12-16 16:35:01 +00:00
Palpable
94ee6d81fb
[OID4VCI] Realign naming of attribute configuring algorithms for credential ( #44765 )
...
Closes #44621
Signed-off-by: Vitalisn4 <ngamvitalisyuh@gmail.com >
Signed-off-by: mposolda <mposolda@gmail.com >
Signed-off-by: Ingrid Kamga <Ingrid.Kamga@adorsys.com >
Co-authored-by: Marek Posolda <mposolda@gmail.com >
Co-authored-by: Ingrid Kamga <Ingrid.Kamga@adorsys.com >
2025-12-16 14:46:17 +01:00
Martin Bartoš
29fdcedbc8
[OTel] Introduce preview support for OpenTelemetry Logs ( #41265 )
...
Closes #41264
Co-authored-by: Ryan Emerson <remerson@redhat.com
Signed-off-by: Martin Bartoš <mabartos@redhat.com >
2025-12-15 10:50:30 +01:00
Václav Muzikář
da6c4df5ec
Support EDB 18 ( #44856 )
...
* Support EDB 18
Closes #44494
Signed-off-by: Václav Muzikář <vmuzikar@redhat.com >
* Update test-framework/db-edb/container/README.md
Co-authored-by: Steven Hawkins <shawkins@redhat.com >
Signed-off-by: Václav Muzikář <vaclav@muzikari.cz >
---------
Signed-off-by: Václav Muzikář <vmuzikar@redhat.com >
Signed-off-by: Václav Muzikář <vaclav@muzikari.cz >
Co-authored-by: Steven Hawkins <shawkins@redhat.com >
2025-12-15 07:36:26 +01:00
Ruchika Jha
26fe8dc7d8
Added validation for client session timeout post comparing the realm session timeouts
...
Closes #41019
Signed-off-by: ruchikajha95 <Ruchika.Jha1@ibm.com >
Signed-off-by: Alexander Schwartz <alexander.schwartz@ibm.com >
2025-12-11 13:58:04 +01:00
Giuseppe Graziano
c0c4067bdd
JWT Authorization Grant feature to preview
...
Closes #44492
Signed-off-by: Giuseppe Graziano <g.graziano94@gmail.com >
2025-12-11 10:37:30 +01:00
Martin Bartoš
8def691053
[OTel] Provide general options for telemetry settings ( #41705 )
...
* [OTel] Provide general options for telemetry settings
Closes #41263
Co-authored-by: Ryan Emerson <remerson@redhat.com >
Signed-off-by: Martin Bartoš <mabartos@redhat.com >
* Update docs/guides/observability/telemetry.adoc
Co-authored-by: Václav Muzikář <vaclav@muzikari.cz >
Signed-off-by: Martin Bartoš <mabartos@redhat.com >
* Provide release notes and deprecation note
Signed-off-by: Martin Bartoš <mabartos@redhat.com >
* Ignore link to the telemetry guide for now
Signed-off-by: Martin Bartoš <mabartos@redhat.com >
---------
Signed-off-by: Martin Bartoš <mabartos@redhat.com >
Co-authored-by: Ryan Emerson <remerson@redhat.com >
Co-authored-by: Václav Muzikář <vaclav@muzikari.cz >
2025-12-10 12:03:46 +00:00
Christian Glasmachers
921b10ee80
Login failure cache: Evict entries after the configured failure reset time
...
Closes #44801
Signed-off-by: Alexander Schwartz <alexander.schwartz@ibm.com >
Signed-off-by: Alexander Schwartz <alexander.schwartz@gmx.net >
Signed-off-by: Pedro Ruivo <pruivo@redhat.com >
Co-authored-by: Christian Glasmachers <Christian.Glasmachers-extern@deutschebahn.com >
Co-authored-by: Alexander Schwartz <alexander.schwartz@ibm.com >
Co-authored-by: Alexander Schwartz <alexander.schwartz@gmx.net >
Co-authored-by: Pedro Ruivo <pruivo@users.noreply.github.com >
2025-12-10 11:20:19 +01:00
rmartinc
c9686cc040
Documentation for JWT Authorization Grant
...
Closes #44136
Signed-off-by: rmartinc <rmartinc@redhat.com >
2025-12-09 12:13:21 +01:00
vramik
5dbc91e028
Deprecate Fine-Grained Admin Permissions v1
...
Closes #44121
Signed-off-by: vramik <vramik@redhat.com >
2025-12-08 10:26:27 -03:00
Alexander Schwartz
2f81a2fb76
Updating and ordering the release notes
...
Closes #44706
Signed-off-by: Alexander Schwartz <alexander.schwartz@ibm.com >
2025-12-08 10:55:33 +01:00
Pascal Knüppel
46e5979b17
[OID4VCI] Handle key_attestation_required in metadata endpoint ( #44471 )
...
fixes #43801
Signed-off-by: Pascal Knüppel <pascal.knueppel@governikus.de >
Signed-off-by: Pascal Knüppel <captain.p.goldfish@gmx.de >
Signed-off-by: Captain-P-Goldfish <captain.p.goldfish@gmx.de >
Co-authored-by: Ingrid Kamga <xingridkamga@gmail.com >
2025-12-05 16:00:32 +01:00
Sebastian Schuster
b5178a2bec
Added section on recommended isolation level to db guides
...
Closes #44611
Signed-off-by: Sebastian Schuster <sebastian.schuster@bosch.com >
Signed-off-by: Alexander Schwartz <alexander.schwartz@ibm.com >
Co-authored-by: Alexander Schwartz <alexander.schwartz@ibm.com >
2025-12-05 14:48:31 +01:00
forkimenjeckayang
4dd68c0316
[OID4VCI] Conformance Test Fixes ( #44439 )
...
closes #44659
Signed-off-by: forkimenjeckayang <forkimenjeckayang@gmail.com >
2025-12-04 09:03:38 +01:00
Sebastian Łaskawiec
aa789dd023
Logout confirmation
...
Signed-off-by: Sebastian Łaskawiec <sebastian.laskawiec@gmail.com >
2025-11-28 14:24:32 +01:00
Pedro Ruivo
3ed15e740a
Add new option to schedule user session expiration
...
Closes #44068
Signed-off-by: Pedro Ruivo <1492066+pruivo@users.noreply.github.com >
Signed-off-by: Alexander Schwartz <alexander.schwartz@ibm.com >
Signed-off-by: Ryan Emerson <remerson@ibm.com >
Co-authored-by: Pedro Ruivo <1492066+pruivo@users.noreply.github.com >
Co-authored-by: Alexander Schwartz <alexander.schwartz@ibm.com >
Co-authored-by: Ryan Emerson <remerson@ibm.com >
2025-11-27 23:01:32 +01:00
Alexis Rico
b0b38176f0
Manage Organization Invites
...
Closes #38809
Signed-off-by: Alexis Rico <sferadev@gmail.com >
Signed-off-by: Pedro Igor <pigor.craveiro@gmail.com >
Co-authored-by: Pedro Igor <pigor.craveiro@gmail.com >
2025-11-27 10:28:52 +01:00
Alexander Schwartz
2210b1ed50
Avoid un-escaped strings in the login templates for HTML entities
...
Closes #44296
Signed-off-by: Alexander Schwartz <alexander.schwartz@ibm.com >
2025-11-26 07:55:35 -03:00
ruchikajha95
570ac40025
Promote MDC Logging Feature to Supported State
...
Closes #41205
Signed-off-by: Ruchika Jha <ruchika@li-0551ffcc-341d-11b2-a85c-a28deda416be.ibm.com >
Signed-off-by: Alexander Schwartz <alexander.schwartz@ibm.com >
Co-authored-by: Ruchika Jha <ruchika@li-0551ffcc-341d-11b2-a85c-a28deda416be.ibm.com >
Co-authored-by: Alexander Schwartz <alexander.schwartz@ibm.com >
2025-11-25 18:53:34 +00:00
Awambeng
8406cf34fb
[OID4VCI]: Realm-Configurable Time-Claim Normalization (Randomize/Round) to Mitigate Correlation ( #43834 )
...
Closes #43399
Signed-off-by: Awambeng <awambengrodrick@gmail.com >
2025-11-24 11:07:07 +01:00
Sebastian Łaskawiec
081d8e5a01
Move Kubernetes IdP to preview
...
Closes #42947
Signed-off-by: Sebastian Łaskawiec <sebastian.laskawiec@defenseunicorns.com >
Signed-off-by: Alexander Schwartz <alexander.schwartz@ibm.com >
Co-authored-by: Alexander Schwartz <alexander.schwartz@ibm.com >
2025-11-22 12:56:09 +01:00
Stian Thorgersen
2a78bc67d7
Refactoring around federated client authenticator to better handling lookup of IdPs and clients. Also, introducing updates to documentation. ( #44325 )
...
Closes #44253
Closes #42987
Closes #44063
Signed-off-by: stianst <stianst@gmail.com >
Co-authored-by: Alexander Schwartz <alexander.schwartz@gmx.net >
2025-11-22 12:53:22 +01:00
Alexander Schwartz
bb971dc6fc
Efficient row-count on PostgreSQL
...
Closes #44057
Signed-off-by: Alexander Schwartz <alexander.schwartz@ibm.com >
2025-11-21 12:28:09 +01:00
Pedro Ruivo
13ef89664c
More accurate user session expiration logic
...
Closes #44204
Signed-off-by: Pedro Ruivo <1492066+pruivo@users.noreply.github.com >
Co-authored-by: Pedro Ruivo <1492066+pruivo@users.noreply.github.com >
2025-11-19 21:06:17 +01:00
Alexander Schwartz
15a9a36569
Align formatting of referenced RFCs
...
Closes #44246
Signed-off-by: Alexander Schwartz <alexander.schwartz@gmx.net >
Co-authored-by: Stian Thorgersen <stian@redhat.com >
2025-11-17 21:30:13 +01:00
Alexander Schwartz
167249dd6c
Updating the specifics around kubernetes service accounts
...
Closes #44064
Signed-off-by: Alexander Schwartz <alexander.schwartz@ibm.com >
2025-11-17 11:23:39 +01:00
Ricardo Martin
20f9bb1570
Fix recaptcha links to the new docs.cloud.google.com site
...
Closes #44187
Signed-off-by: rmartinc <rmartinc@redhat.com >
2025-11-14 09:37:54 +01:00
Chance Coleman
b2317dabdc
Add configurable HTTP retry mechanism for OCSP validation ( #42535 )
...
Closes #42401
Signed-off-by: UnicornChance <chance@defenseunicorns.com >
Signed-off-by: Chance Coleman <139784371+chance-coleman@users.noreply.github.com >
2025-11-13 13:21:13 +01:00
vramik
748b58bf64
Remove creation of default policy, resource and permission upon enabling authorization for a client
...
Closes #43867
Signed-off-by: vramik <vramik@redhat.com >
2025-11-13 09:14:56 -03:00
Sebastian Łaskawiec
3288f83dc9
Adding an integration test with Minikube for Kubernetes Service Account Federated Authenticator
...
Closes #42983
Signed-off-by: Sebastian Łaskawiec <sebastian.laskawiec@defenseunicorns.com >
Signed-off-by: Alexander Schwartz <alexander.schwartz@ibm.com >
Co-authored-by: Alexander Schwartz <alexander.schwartz@ibm.com >
2025-11-13 08:52:46 +01:00
Ricardo Martin
de49500393
Client policy to enforce only downscoping in Token Exchange ( #44030 )
...
Closes #43931
Signed-off-by: rmartinc <rmartinc@redhat.com >
2025-11-12 08:48:42 +01:00
Martin Kanis
39e1e40be4
Document missing artifact dependency for UserStoragePrivateUtil
...
Closes #43212
Signed-off-by: Martin Kanis <mkanis@redhat.com >
2025-11-10 10:41:12 -03:00
Martin Bartoš
1f9694358f
Ability to enable/disable feature via single property ( #43542 )
...
* Ability to enable/disable feature via single property
Closes #43541
Signed-off-by: Martin Bartoš <mabartos@redhat.com >
* Provide support for specifying profile preview
Signed-off-by: Martin Bartoš <mabartos@redhat.com >
* Remove duplication check, use the new WildcardOptionUtil
Signed-off-by: Martin Bartoš <mabartos@redhat.com >
* Create quarkus specific single profile config resolver
Signed-off-by: Martin Bartoš <mabartos@redhat.com >
* Remove the feature profile capability for single feature option
Signed-off-by: Martin Bartoš <mabartos@redhat.com >
---------
Signed-off-by: Martin Bartoš <mabartos@redhat.com >
2025-11-07 13:35:39 +01:00
Stian Thorgersen
b278dbbb3d
Allow identity provider configuration without defaults for user authentication ( #43963 )
...
Closes #43552
Signed-off-by: stianst <stianst@gmail.com >
2025-11-05 10:13:40 -03:00
KONSTANTINOS GEORGILAKIS
1c0d4616a5
hide scopes from scopes_supported in discovery endpoint
...
Closes #10388
Signed-off-by: cgeorgilakis-grnet <cgeorgilakis@admin.grnet.gr >
Signed-off-by: Alexander Schwartz <alexander.schwartz@ibm.com >
Co-authored-by: Alexander Schwartz <alexander.schwartz@ibm.com >
2025-11-03 16:26:12 +00:00
蔡秀吉
e84a1d6363
Fix typos and formatting in OIDC auth flows documentation
...
Closes #43818
Signed-off-by: thc1006 <84045975+thc1006@users.noreply.github.com >
2025-11-01 19:14:41 +00:00
Tobi
479859a7a3
Add new indices on offline_client_session
...
Closes #43566
Signed-off-by: twobiers <22715034+twobiers@users.noreply.github.com >
Signed-off-by: Alexander Schwartz <alexander.schwartz@ibm.com >
Co-authored-by: Alexander Schwartz <alexander.schwartz@ibm.com >
2025-10-31 17:49:47 +01:00
Martin Bartoš
8502cc3ae1
Including OTLP headers for tracing ( #43122 )
...
* Including OTLP headers for tracing
Closes #41007
Signed-off-by: Martin Bartoš <mabartos@redhat.com >
* Polishing, add test for the util class, address review
Signed-off-by: Martin Bartoš <mabartos@redhat.com >
* Remove the WildcardOptionsUtil#isKcWildcardOption
Signed-off-by: Martin Bartoš <mabartos@redhat.com >
---------
Signed-off-by: Martin Bartoš <mabartos@redhat.com >
2025-10-31 15:46:05 +01:00
Pedro Ruivo
e40c5de050
Session cache affinity
...
Closes #42776
Signed-off-by: Pedro Ruivo <1492066+pruivo@users.noreply.github.com >
Signed-off-by: Alexander Schwartz <alexander.schwartz@gmx.net >
Signed-off-by: Alexander Schwartz <alexander.schwartz@ibm.com >
Co-authored-by: Pedro Ruivo <1492066+pruivo@users.noreply.github.com >
Co-authored-by: Alexander Schwartz <alexander.schwartz@gmx.net >
Co-authored-by: Steven Hawkins <shawkins@redhat.com >
Co-authored-by: Alexander Schwartz <alexander.schwartz@ibm.com >
2025-10-30 21:01:09 +00:00
Alexander Schwartz
0f01444543
Allow only normalized paths in requests ( #43765 )
...
Closes #43763
Signed-off-by: Martin Bartoš <mabartos@redhat.com >
Signed-off-by: Alexander Schwartz <alexander.schwartz@ibm.com >
Co-authored-by: Martin Bartoš <mabartos@redhat.com >
2025-10-30 14:37:50 +01:00
Pedro Ruivo
6317c02a27
Refactor AuthenticationSessionManager
...
Closes #43825
Signed-off-by: Pedro Ruivo <1492066+pruivo@users.noreply.github.com >
Signed-off-by: Alexander Schwartz <alexander.schwartz@ibm.com >
Co-authored-by: Pedro Ruivo <1492066+pruivo@users.noreply.github.com >
Co-authored-by: Alexander Schwartz <alexander.schwartz@ibm.com >
2025-10-30 12:26:07 +01:00
Marek Posolda
2fc5419676
Avoid using UserCredentialManager from user storage extensions ( #43695 )
...
closes #43694
Signed-off-by: mposolda <mposolda@gmail.com >
2025-10-29 16:26:59 +01:00
Alexander Schwartz
aadffb94fb
Fix typo in LDAP edit mode in the docs
...
Closes #43720
Signed-off-by: Alexander Schwartz <alexander.schwartz@ibm.com >
2025-10-27 08:42:44 -03:00
Pedro Igor
6527b139dc
Do not lower-case username and email if users are not imported from LDAP
...
Closes #43621
Signed-off-by: Pedro Igor <pigor.craveiro@gmail.com >
2025-10-23 13:02:33 +02:00
Pedro Igor
2b785425fa
Allow managing realm admin roles if the the realm-admin role is granted
...
Closes #43579
Closes #43578
Signed-off-by: Pedro Igor <pigor.craveiro@gmail.com >
Co-authored-by: Vlasta Ramik <vramik@users.noreply.github.com >
2025-10-23 08:02:05 -03:00
Stian Thorgersen
f6ac64907d
SPIFFE should support OIDC JWK endpoint ( #43651 )
...
Closes #43650
Signed-off-by: stianst <stianst@gmail.com >
2025-10-22 15:19:56 +02:00
Stian Thorgersen
84a161d4dd
Extract related methods from IdentityProvider to UserIdentityProvider ( #43535 )
...
Closes #43534
Signed-off-by: stianst <stianst@gmail.com >
2025-10-21 14:27:07 +00:00