mirrors/keycloak
1
0
Fork 0
mirror of https://github.com/keycloak/keycloak.git synced 2026-01-25 16:42:34 +00:00
Code Issues Packages Projects Releases Wiki Activity
NaN Commits 24 Branches 291 Tags
main
Commit Graph

1554 Commits

Author SHA1 Message Date
Pedro Ruivo
2f4f36eabc Add realm id column to offline_client_session table 
Closes #44424

Signed-off-by: Pedro Ruivo <1492066+pruivo@users.noreply.github.com>
Co-authored-by: Pedro Ruivo <1492066+pruivo@users.noreply.github.com>
 2026-01-23 16:28:34 +01:00
Alexander Schwartz
e278a2f6fd Changing default clock skew for not-issued-before to 10 seconds 
Closes #45620

Signed-off-by: Alexander Schwartz <alexander.schwartz@ibm.com>
 2026-01-22 19:11:10 +01:00
Martin Bartoš
57f0b15c80 OTEL: Add Telemetry options to Keycloak CR (#45397) 
* OTEL: Add Telemetry options to Keycloak CR

Closes #45348

Signed-off-by: Martin Bartoš <mabartos@redhat.com>
Co-authored-by: Steven Hawkins <shawkins@redhat.com>
Co-authored-by: Václav Muzikář <vaclav@muzikari.cz>

* Add validation to resource attributes

Signed-off-by: Martin Bartoš <mabartos@redhat.com>

* Avoid unnecessary warning logs during the operator tests execution

Closes #45623

Signed-off-by: Martin Bartoš <mabartos@redhat.com>

* Update docs/documentation/upgrading/topics/changes/changes-26_6_0.adoc

Signed-off-by: Václav Muzikář <vaclav@muzikari.cz>

---------

Signed-off-by: Martin Bartoš <mabartos@redhat.com>
Signed-off-by: Václav Muzikář <vaclav@muzikari.cz>
Co-authored-by: Steven Hawkins <shawkins@redhat.com>
Co-authored-by: Václav Muzikář <vaclav@muzikari.cz>
 2026-01-22 16:02:06 +00:00
rmartinc
50366f03a6 Documentation for Authorization Chaining Across Domains 
Closes #45466

Signed-off-by: rmartinc <rmartinc@redhat.com>
 2026-01-22 16:33:27 +01:00
Nate Drake
139de283cc Add missing space to fix markdown code rendering (#45621) 
Signed-off-by: Nate Drake <ndrake@gmail.com>
 2026-01-22 15:59:24 +01:00
Alexander Schwartz
2cfef40ee3 Fix broken link for link in upgrading guide 
Closes #45643

Signed-off-by: Alexander Schwartz <alexander.schwartz@ibm.com>
 2026-01-22 11:50:06 +01:00
Vlasta Ramik
2f0689576b Possible mismatch of charset/collation between columns on mysql/mariadb (#45632) 
* Possible mismatch of charset/collation between columns on mysql/mariadb

Closes #45597

Signed-off-by: vramik <vramik@redhat.com>
 2026-01-22 07:17:04 -03:00
rmartinc
7e20b87136 Add abstract property for themes and do not display base for selection 
Closes #41924

Signed-off-by: rmartinc <rmartinc@redhat.com>
 2026-01-21 15:42:52 +01:00
Ruchika Jha
dbd8d47036 Upgrade command rolling updates for patch releases / step 3: Infinispan/JGroups 
Closes #38884

Signed-off-by: Ruchika <ruchika.jha1@ibm.com>
 2026-01-21 15:16:18 +01:00
Alexander Schwartz
cc8947a060 Keycloak should not allow matrix parameters in URLs as we don't use them 
Closes #45533

Signed-off-by: Alexander Schwartz <alexander.schwartz@ibm.com>
 2026-01-20 19:45:02 -03:00
Martin Bartoš
1138952ba7 Provide HTTP access logs written to file with rotation (#45437) 
Closes #41353

Signed-off-by: Martin Bartoš <mabartos@redhat.com>
 2026-01-20 15:16:33 +01:00
Luca Tronchin
a351784c33 Remove empty labels from keycloak_user_events_total metric (#45583) 
Closes #45582

Signed-off-by: Luca Tronchin <ltronky@gmail.com>
 2026-01-20 13:18:27 +01:00
Alexander Schwartz
dd0214bc78 Do not use whitelist/blacklist in the UI 
Closes #45539

Signed-off-by: Alexander Schwartz <alexander.schwartz@ibm.com>
 2026-01-20 11:12:23 +01:00
Alexander Schwartz
5724ae1534 Updating specifications list to show DPoP as supported 
Closes #45584

Signed-off-by: Alexander Schwartz <alexander.schwartz@ibm.com>
 2026-01-20 09:35:26 +01:00
Martin Bartoš
137a35c110 Mask certain HTTP headers and cookies in the HTTP access log (#45400) 
* Mask certain HTTP headers and cookies in the HTTP access log

Closes #43811

Signed-off-by: Martin Bartoš <mabartos@redhat.com>
Co-authored-by: Václav Muzikář <vaclav@muzikari.cz>

* Improve tests, Improve docs

Signed-off-by: Martin Bartoš <mabartos@redhat.com>

* Fix test

Signed-off-by: Martin Bartoš <mabartos@redhat.com>

---------

Signed-off-by: Martin Bartoš <mabartos@redhat.com>
Co-authored-by: Václav Muzikář <vaclav@muzikari.cz>
 2026-01-19 19:01:45 +01:00
Pedro Igor
c8a41dea99 Reverting format changes, updating docs, and only exposing the method to fetch first-factor credentials 
Signed-off-by: Pedro Igor <pigor.craveiro@gmail.com>
 2026-01-19 08:30:47 -03:00
rmartinc
07b9b9656b Allow client_id as an audience in the JWT Authorization Grant and Client Assertions 
Closes #45178

Signed-off-by: rmartinc <rmartinc@redhat.com>
 2026-01-16 15:48:28 +01:00
Ruchika Jha
e2e11a3b8e Hide Remember Me session settings when Remember Me is disabled in realm settings edit page in UI 
Closes #44973

Signed-off-by: Ruchika <ruchika.jha1@ibm.com>
Signed-off-by: Ruchika Jha <Ruchika.Jha1@ibm.com>
Signed-off-by: Alexander Schwartz <alexander.schwartz@ibm.com>
Co-authored-by: Alexander Schwartz <alexander.schwartz@ibm.com>
 2026-01-15 16:46:50 +00:00
Pedro Igor
ab351170b4 Support aggregated policies during partial evaluation 
Closes #45324

Signed-off-by: Pedro Igor <pigor.craveiro@gmail.com>
 2026-01-15 15:20:52 +01:00
Pedro Igor
37ff64446b Allow hide organization brokers when the user does not map to any organization during login 
Closes #45422

Signed-off-by: Pedro Igor <pigor.craveiro@gmail.com>
 2026-01-15 15:19:43 +01:00
Alexander Schwartz
391593cfa7 Implement asynchronous logging when called from nonblocking threads 
Closes #45015

Signed-off-by: Alexander Schwartz <alexander.schwartz@gmx.net>
Signed-off-by: Alexander Schwartz <alexander.schwartz@ibm.com>
Signed-off-by: Martin Bartoš <mabartos@redhat.com>
Co-authored-by: Martin Bartoš <mabartos@redhat.com>
 2026-01-15 09:20:34 -03:00
Martin Bartoš
ab25c8e059 Fix link to OpenTelemetry guide in logging 
Closes keycloak/keycloak-web#692

Co-authored-by: Ryan Emerson <remerson@ibm.com>
Signed-off-by: Martin Bartoš <mabartos@redhat.com>
 2026-01-15 11:05:21 +01:00
Ryan Emerson
349c722ed9 Update multi-cluster documentation for zero-downtime upgrades 
Closes #45338

Parts of the Infinispan docs for the in-place update of patch releases rely on ISPN16 behavior.

Signed-off-by: Ryan Emerson <remerson@ibm.com>
 2026-01-14 12:35:03 +01:00
Stian Thorgersen
198730cd0d Allow absolute path for cache-config-file (#45416) 
Closes #19374

Signed-off-by: stianst <stianst@gmail.com>
 2026-01-14 11:05:50 +00:00
Pedro Igor
cca5ef44fa Updating the documentation 
Signed-off-by: Pedro Igor <pigor.craveiro@gmail.com>
 2026-01-13 16:42:07 -03:00
Ryan Emerson
c8635f9bf2 ISPN16: Upgrade to Infinispan 16.0.5 
Closes #45341

- Remove query modules
- Remove unused config file
- Update config file versions
- Update jgroups attributes
- Remove ISPN-16595 workaround
- Call HotRodServer#postStart in HotRodServerRule to start caches as well as the server
- Simplify cluster-ha.xml
- Utilise org.infinispan.commons.util.TimeQuantity in CacheConfiguration
- Cleanup when InfinispanContainer startup fails
- RemoteUserSessionProvider remote query calls must not use negative values for offsets and maxResults
- Remove use of deprecated org.infinispan.server.test.core.InfinispanContainer class
- Use testcontainers-infinispan dependency
- Explicitly utilise "legacy" metrics
- Remove explicit `name-as-tags` configuration as Infinispan 16 defaults to true
- Remove test configuration not required since #31807

Signed-off-by: Ryan Emerson <remerson@ibm.com>
Signed-off-by: Alexander Schwartz <alexander.schwartz@ibm.com>
Co-authored-by: Alexander Schwartz <alexander.schwartz@ibm.com>
 2026-01-13 17:26:43 +01:00
Giuseppe Graziano
23aad2a942 DPoP Guide (#45274) 
Closes #42747

Signed-off-by: Giuseppe Graziano <g.graziano94@gmail.com>
 2026-01-13 11:01:28 +01:00
Ryan Emerson
141bcee4dd Document that the the HA architectures are tested with Openshift 4.18 
Closes #45360

Signed-off-by: Ryan Emerson <remerson@ibm.com>
 2026-01-13 09:10:28 +01:00
Pedro Igor
c33d94da65 Allow admins with any admin role to map roles if the constraints apply 
Closes #44371
Closes #45182

Signed-off-by: Pedro Igor <pigor.craveiro@gmail.com>
 2026-01-12 12:56:30 -03:00
Stan Silvert
eb77c055f5 Clarify documentation. 
Signed-off-by: Stan Silvert <ssilvert@redhat.com>
 2026-01-12 10:36:10 -03:00
Ryan Emerson
172aa86c6d Increase the regularly tested load documented in HA guides 
Closes #45233

Signed-off-by: Ryan Emerson <remerson@ibm.com>
 2026-01-12 14:02:51 +01:00
mposolda
1273c8db0e DCR endpoint ignores client's requested token_endpoint_auth_method in case it is client_secret_post 
closes #44403

Signed-off-by: mposolda <mposolda@gmail.com>
 2026-01-12 09:54:04 +01:00
Ryan Emerson
f8b114bdd8 Add indexes to BROKER_LINK table 
Closes #45009

Signed-off-by: Ryan Emerson <remerson@ibm.com>
Signed-off-by: Alexander Schwartz <alexander.schwartz@ibm.com>
Co-authored-by: Alexander Schwartz <alexander.schwartz@ibm.com>
 2026-01-09 16:09:40 +00:00
Alexander Schwartz
234526761e Fix section level in 26.5 migration guide 
Closes #45184

Signed-off-by: Alexander Schwartz <alexander.schwartz@gmx.net>
 2026-01-07 07:54:06 -03:00
Ryan Emerson
4a2ed7c4e6 Use correct anchor for mdc logging in 26.5.0 release notes 
Closes #45185

Signed-off-by: Ryan Emerson <remerson@ibm.com>
 2026-01-06 17:21:48 +01:00
olympus5
ffed84194e Realign source code examples in auth-spi doc 
closes #43757

Signed-off-by: olympus5 <erwan.iquel@gmail.com>
 2026-01-06 12:18:42 +01:00
Pedro Igor
0d5766f3a8 Allow running scheduled workflows 
Closes #44865

Signed-off-by: Pedro Igor <pigor.craveiro@gmail.com>
 2026-01-05 13:03:47 -03:00
Alexander Schwartz
e43cf55028 Finalizing 26.5 release notes 
Closes #45131

Signed-off-by: Alexander Schwartz <alexander.schwartz@ibm.com>
Signed-off-by: Alexander Schwartz <alexander.schwartz@gmx.net>
Co-authored-by: Stian Thorgersen <stian@redhat.com>
 2026-01-05 14:10:32 +01:00
Pedro Igor
3c0b308bb7 Document limitations when updating workflows 
Closes #45134

Signed-off-by: Pedro Igor <pigor.craveiro@gmail.com>
 2026-01-05 14:10:03 +01:00
Alexander Schwartz
a6bf194487 Remove usage of kcSanitize() to avoid printing HTML (#44755) 
Closes #44753


Signed-off-by: Alexander Schwartz <alexander.schwartz@ibm.com>
 2026-01-05 10:45:32 +01:00
Ryan Emerson
cafa1a86eb Disable state transfer for session caches when persistent sessions are enabled 
Closes #44518

Signed-off-by: Ryan Emerson <remerson@ibm.com>
Signed-off-by: Alexander Schwartz <alexander.schwartz@ibm.com>
Co-authored-by: Alexander Schwartz <alexander.schwartz@ibm.com>
 2026-01-05 08:53:59 +00:00
Ruchika Jha
60b369c622 Validate client session timeout and lifetime settings on realm settings edit 
Closes #44910

Signed-off-by: Ruchika <Ruchika.Jha1@ibm.com>
Signed-off-by: Ryan Emerson <remerson@ibm.com>
Signed-off-by: Alexander Schwartz <alexander.schwartz@ibm.com>
Co-authored-by: Ryan Emerson <remerson@ibm.com>
Co-authored-by: Alexander Schwartz <alexander.schwartz@ibm.com>
 2026-01-05 08:50:56 +00:00
Jens Erat
adeb41e82b Extend documentation on ServiceMonitor creation (#45071) 
The documentation so far only mentions how to disable the ServiceMonitor, leading to the assumption that it is enabled by default.

Getting a service monitor created also requires enabling metrics in keycloak, though:

658faf210f/operator/src/main/java/org/keycloak/operator/controllers/KeycloakServiceMonitorDependentResource.java (L50)

While the missing setting creates a warning, the administrator should already have this information before applying the configuration.

Closes #45070

Signed-off-by: Jens Erat <email@jenserat.de>
 2026-01-05 09:10:18 +01:00
Stian Thorgersen
f2c527239d Update JNDI reference in LDAP referrals documentation (#45129) 
Clarified the term 'JNDI' in the LDAP referrals section.

Closes #45040
 2026-01-05 09:01:40 +01:00
Robin Meese
0d0d468f27 Add ability to delete offline sessions via account console 
Closes #15502

Signed-off-by: Robin Meese <39960884+robson90@users.noreply.github.com>
Signed-off-by: Alexander Schwartz <alexander.schwartz@gmx.net>
Co-authored-by: Alexander Schwartz <alexander.schwartz@gmx.net>
 2026-01-05 08:26:47 +01:00
Christian Ja
374e45b883 Use default locale from realm an intermediate fallback 
closes #40990

Signed-off-by: Christian Janker <christian.janker@gmx.at>
Signed-off-by: Alexander Schwartz <alexander.schwartz@ibm.com>
Co-authored-by: Alexander Schwartz <alexander.schwartz@ibm.com>
 2026-01-01 14:23:33 +00:00
Robin Meese
35ee49b5d4 Add logout event to UserSessionLimitsAuthenticator 
Closes #44843

Signed-off-by: Robin Meese <39960884+robson90@users.noreply.github.com>
Signed-off-by: Alexander Schwartz <alexander.schwartz@ibm.com>
Co-authored-by: Alexander Schwartz <alexander.schwartz@ibm.com>
 2026-01-01 13:22:54 +00:00
Stefan Guilhen
43634dd2ed Update docs/documentation/server_admin/topics/workflows/understanding-workflow-definition.adoc 
Co-authored-by: Pedro Igor <pigor.craveiro@gmail.com>
Signed-off-by: Stefan Guilhen <sguilhen@redhat.com>
 2025-12-29 10:29:38 -03:00
Stefan Guilhen
9865791084 Fix wrong provider references in workflows documentation 
Closes #45077

Signed-off-by: Stefan Guilhen <sguilhen@redhat.com>
 2025-12-29 10:29:38 -03:00
Robin Meese
0957572751 Add logout event to SessionResource 
Closes #44842

Signed-off-by: Robin Meese <39960884+robson90@users.noreply.github.com>
Signed-off-by: Alexander Schwartz <alexander.schwartz@gmx.net>
Co-authored-by: Alexander Schwartz <alexander.schwartz@gmx.net>
 2025-12-29 12:25:45 +00:00