mirrors/keycloak
1
0
Fork 0
mirror of https://github.com/keycloak/keycloak.git synced 2026-01-25 16:42:34 +00:00
Code Issues Packages Projects Releases Wiki Activity
NaN Commits 24 Branches 291 Tags
main
Commit Graph

938 Commits

Author SHA1 Message Date
Pedro Ruivo
2f4f36eabc Add realm id column to offline_client_session table 
Closes #44424

Signed-off-by: Pedro Ruivo <1492066+pruivo@users.noreply.github.com>
Co-authored-by: Pedro Ruivo <1492066+pruivo@users.noreply.github.com>
 2026-01-23 16:28:34 +01:00
Alexander Schwartz
e278a2f6fd Changing default clock skew for not-issued-before to 10 seconds 
Closes #45620

Signed-off-by: Alexander Schwartz <alexander.schwartz@ibm.com>
 2026-01-22 19:11:10 +01:00
Martin Bartoš
57f0b15c80 OTEL: Add Telemetry options to Keycloak CR (#45397) 
* OTEL: Add Telemetry options to Keycloak CR

Closes #45348

Signed-off-by: Martin Bartoš <mabartos@redhat.com>
Co-authored-by: Steven Hawkins <shawkins@redhat.com>
Co-authored-by: Václav Muzikář <vaclav@muzikari.cz>

* Add validation to resource attributes

Signed-off-by: Martin Bartoš <mabartos@redhat.com>

* Avoid unnecessary warning logs during the operator tests execution

Closes #45623

Signed-off-by: Martin Bartoš <mabartos@redhat.com>

* Update docs/documentation/upgrading/topics/changes/changes-26_6_0.adoc

Signed-off-by: Václav Muzikář <vaclav@muzikari.cz>

---------

Signed-off-by: Martin Bartoš <mabartos@redhat.com>
Signed-off-by: Václav Muzikář <vaclav@muzikari.cz>
Co-authored-by: Steven Hawkins <shawkins@redhat.com>
Co-authored-by: Václav Muzikář <vaclav@muzikari.cz>
 2026-01-22 16:02:06 +00:00
Nate Drake
139de283cc Add missing space to fix markdown code rendering (#45621) 
Signed-off-by: Nate Drake <ndrake@gmail.com>
 2026-01-22 15:59:24 +01:00
rmartinc
7e20b87136 Add abstract property for themes and do not display base for selection 
Closes #41924

Signed-off-by: rmartinc <rmartinc@redhat.com>
 2026-01-21 15:42:52 +01:00
Alexander Schwartz
cc8947a060 Keycloak should not allow matrix parameters in URLs as we don't use them 
Closes #45533

Signed-off-by: Alexander Schwartz <alexander.schwartz@ibm.com>
 2026-01-20 19:45:02 -03:00
Martin Bartoš
1138952ba7 Provide HTTP access logs written to file with rotation (#45437) 
Closes #41353

Signed-off-by: Martin Bartoš <mabartos@redhat.com>
 2026-01-20 15:16:33 +01:00
Alexander Schwartz
dd0214bc78 Do not use whitelist/blacklist in the UI 
Closes #45539

Signed-off-by: Alexander Schwartz <alexander.schwartz@ibm.com>
 2026-01-20 11:12:23 +01:00
Martin Bartoš
137a35c110 Mask certain HTTP headers and cookies in the HTTP access log (#45400) 
* Mask certain HTTP headers and cookies in the HTTP access log

Closes #43811

Signed-off-by: Martin Bartoš <mabartos@redhat.com>
Co-authored-by: Václav Muzikář <vaclav@muzikari.cz>

* Improve tests, Improve docs

Signed-off-by: Martin Bartoš <mabartos@redhat.com>

* Fix test

Signed-off-by: Martin Bartoš <mabartos@redhat.com>

---------

Signed-off-by: Martin Bartoš <mabartos@redhat.com>
Co-authored-by: Václav Muzikář <vaclav@muzikari.cz>
 2026-01-19 19:01:45 +01:00
Pedro Igor
c8a41dea99 Reverting format changes, updating docs, and only exposing the method to fetch first-factor credentials 
Signed-off-by: Pedro Igor <pigor.craveiro@gmail.com>
 2026-01-19 08:30:47 -03:00
rmartinc
07b9b9656b Allow client_id as an audience in the JWT Authorization Grant and Client Assertions 
Closes #45178

Signed-off-by: rmartinc <rmartinc@redhat.com>
 2026-01-16 15:48:28 +01:00
Ruchika Jha
e2e11a3b8e Hide Remember Me session settings when Remember Me is disabled in realm settings edit page in UI 
Closes #44973

Signed-off-by: Ruchika <ruchika.jha1@ibm.com>
Signed-off-by: Ruchika Jha <Ruchika.Jha1@ibm.com>
Signed-off-by: Alexander Schwartz <alexander.schwartz@ibm.com>
Co-authored-by: Alexander Schwartz <alexander.schwartz@ibm.com>
 2026-01-15 16:46:50 +00:00
Pedro Igor
ab351170b4 Support aggregated policies during partial evaluation 
Closes #45324

Signed-off-by: Pedro Igor <pigor.craveiro@gmail.com>
 2026-01-15 15:20:52 +01:00
Pedro Igor
37ff64446b Allow hide organization brokers when the user does not map to any organization during login 
Closes #45422

Signed-off-by: Pedro Igor <pigor.craveiro@gmail.com>
 2026-01-15 15:19:43 +01:00
Alexander Schwartz
391593cfa7 Implement asynchronous logging when called from nonblocking threads 
Closes #45015

Signed-off-by: Alexander Schwartz <alexander.schwartz@gmx.net>
Signed-off-by: Alexander Schwartz <alexander.schwartz@ibm.com>
Signed-off-by: Martin Bartoš <mabartos@redhat.com>
Co-authored-by: Martin Bartoš <mabartos@redhat.com>
 2026-01-15 09:20:34 -03:00
Pedro Igor
cca5ef44fa Updating the documentation 
Signed-off-by: Pedro Igor <pigor.craveiro@gmail.com>
 2026-01-13 16:42:07 -03:00
Giuseppe Graziano
23aad2a942 DPoP Guide (#45274) 
Closes #42747

Signed-off-by: Giuseppe Graziano <g.graziano94@gmail.com>
 2026-01-13 11:01:28 +01:00
Pedro Igor
c33d94da65 Allow admins with any admin role to map roles if the constraints apply 
Closes #44371
Closes #45182

Signed-off-by: Pedro Igor <pigor.craveiro@gmail.com>
 2026-01-12 12:56:30 -03:00
Stan Silvert
eb77c055f5 Clarify documentation. 
Signed-off-by: Stan Silvert <ssilvert@redhat.com>
 2026-01-12 10:36:10 -03:00
mposolda
1273c8db0e DCR endpoint ignores client's requested token_endpoint_auth_method in case it is client_secret_post 
closes #44403

Signed-off-by: mposolda <mposolda@gmail.com>
 2026-01-12 09:54:04 +01:00
Ryan Emerson
f8b114bdd8 Add indexes to BROKER_LINK table 
Closes #45009

Signed-off-by: Ryan Emerson <remerson@ibm.com>
Signed-off-by: Alexander Schwartz <alexander.schwartz@ibm.com>
Co-authored-by: Alexander Schwartz <alexander.schwartz@ibm.com>
 2026-01-09 16:09:40 +00:00
Alexander Schwartz
234526761e Fix section level in 26.5 migration guide 
Closes #45184

Signed-off-by: Alexander Schwartz <alexander.schwartz@gmx.net>
 2026-01-07 07:54:06 -03:00
Ryan Emerson
4a2ed7c4e6 Use correct anchor for mdc logging in 26.5.0 release notes 
Closes #45185

Signed-off-by: Ryan Emerson <remerson@ibm.com>
 2026-01-06 17:21:48 +01:00
olympus5
ffed84194e Realign source code examples in auth-spi doc 
closes #43757

Signed-off-by: olympus5 <erwan.iquel@gmail.com>
 2026-01-06 12:18:42 +01:00
Pedro Igor
0d5766f3a8 Allow running scheduled workflows 
Closes #44865

Signed-off-by: Pedro Igor <pigor.craveiro@gmail.com>
 2026-01-05 13:03:47 -03:00
Alexander Schwartz
e43cf55028 Finalizing 26.5 release notes 
Closes #45131

Signed-off-by: Alexander Schwartz <alexander.schwartz@ibm.com>
Signed-off-by: Alexander Schwartz <alexander.schwartz@gmx.net>
Co-authored-by: Stian Thorgersen <stian@redhat.com>
 2026-01-05 14:10:32 +01:00
Pedro Igor
3c0b308bb7 Document limitations when updating workflows 
Closes #45134

Signed-off-by: Pedro Igor <pigor.craveiro@gmail.com>
 2026-01-05 14:10:03 +01:00
Alexander Schwartz
a6bf194487 Remove usage of kcSanitize() to avoid printing HTML (#44755) 
Closes #44753


Signed-off-by: Alexander Schwartz <alexander.schwartz@ibm.com>
 2026-01-05 10:45:32 +01:00
Ryan Emerson
cafa1a86eb Disable state transfer for session caches when persistent sessions are enabled 
Closes #44518

Signed-off-by: Ryan Emerson <remerson@ibm.com>
Signed-off-by: Alexander Schwartz <alexander.schwartz@ibm.com>
Co-authored-by: Alexander Schwartz <alexander.schwartz@ibm.com>
 2026-01-05 08:53:59 +00:00
Ruchika Jha
60b369c622 Validate client session timeout and lifetime settings on realm settings edit 
Closes #44910

Signed-off-by: Ruchika <Ruchika.Jha1@ibm.com>
Signed-off-by: Ryan Emerson <remerson@ibm.com>
Signed-off-by: Alexander Schwartz <alexander.schwartz@ibm.com>
Co-authored-by: Ryan Emerson <remerson@ibm.com>
Co-authored-by: Alexander Schwartz <alexander.schwartz@ibm.com>
 2026-01-05 08:50:56 +00:00
Stian Thorgersen
f2c527239d Update JNDI reference in LDAP referrals documentation (#45129) 
Clarified the term 'JNDI' in the LDAP referrals section.

Closes #45040
 2026-01-05 09:01:40 +01:00
Robin Meese
0d0d468f27 Add ability to delete offline sessions via account console 
Closes #15502

Signed-off-by: Robin Meese <39960884+robson90@users.noreply.github.com>
Signed-off-by: Alexander Schwartz <alexander.schwartz@gmx.net>
Co-authored-by: Alexander Schwartz <alexander.schwartz@gmx.net>
 2026-01-05 08:26:47 +01:00
Christian Ja
374e45b883 Use default locale from realm an intermediate fallback 
closes #40990

Signed-off-by: Christian Janker <christian.janker@gmx.at>
Signed-off-by: Alexander Schwartz <alexander.schwartz@ibm.com>
Co-authored-by: Alexander Schwartz <alexander.schwartz@ibm.com>
 2026-01-01 14:23:33 +00:00
Robin Meese
35ee49b5d4 Add logout event to UserSessionLimitsAuthenticator 
Closes #44843

Signed-off-by: Robin Meese <39960884+robson90@users.noreply.github.com>
Signed-off-by: Alexander Schwartz <alexander.schwartz@ibm.com>
Co-authored-by: Alexander Schwartz <alexander.schwartz@ibm.com>
 2026-01-01 13:22:54 +00:00
Stefan Guilhen
43634dd2ed Update docs/documentation/server_admin/topics/workflows/understanding-workflow-definition.adoc 
Co-authored-by: Pedro Igor <pigor.craveiro@gmail.com>
Signed-off-by: Stefan Guilhen <sguilhen@redhat.com>
 2025-12-29 10:29:38 -03:00
Stefan Guilhen
9865791084 Fix wrong provider references in workflows documentation 
Closes #45077

Signed-off-by: Stefan Guilhen <sguilhen@redhat.com>
 2025-12-29 10:29:38 -03:00
Robin Meese
0957572751 Add logout event to SessionResource 
Closes #44842

Signed-off-by: Robin Meese <39960884+robson90@users.noreply.github.com>
Signed-off-by: Alexander Schwartz <alexander.schwartz@gmx.net>
Co-authored-by: Alexander Schwartz <alexander.schwartz@gmx.net>
 2025-12-29 12:25:45 +00:00
Stefan Guilhen
0d09f755f1 Fix wrong event names in workflows documentation (#45002) 
Closes #45001

Signed-off-by: Stefan Guilhen <sguilhen@redhat.com>
 2025-12-19 13:01:20 -05:00
Peter Zaoral
7da8a8a2e3 feat: add Windows service support (#44496) 
Closes: #37704

Signed-off-by: Peter Zaoral <pepo48@gmail.com>
 2025-12-19 16:55:42 +00:00
Stephan Seifermann
aefecade5c Client cert lookup provider compliant to RFC 9440 (#36161) 
* Client cert lookup provider compliant to RFC 9440 (#20761)

Signed-off-by: Stephan Seifermann <seiferma@users.noreply.github.com>

* Release notes

Signed-off-by: Václav Muzikář <vmuzikar@redhat.com>

---------

Signed-off-by: Stephan Seifermann <seiferma@users.noreply.github.com>
Signed-off-by: Václav Muzikář <vmuzikar@redhat.com>
Co-authored-by: Stephan Seifermann <seiferma@users.noreply.github.com>
Co-authored-by: Václav Muzikář <vmuzikar@redhat.com>
 2025-12-19 12:38:54 +01:00
Ricardo Martin
efc75f09b0 Fix link to https://azure.microsoft.com/en-us (#45036) 
Closes #45023

Signed-off-by: rmartinc <rmartinc@redhat.com>
 2025-12-19 12:27:05 +01:00
Pedro Igor
6a437521a9 Only allow LDAP URL references when following referrals (#44993) 
Signed-off-by: Pedro Igor <pigor.craveiro@gmail.com>
Signed-off-by: Alexander Schwartz <alexander.schwartz@ibm.com>
Signed-off-by: Stian Thorgersen <stian@redhat.com>
Co-authored-by: Alexander Schwartz <alexander.schwartz@ibm.com>
Co-authored-by: Stian Thorgersen <stianst@gmail.com>
 2025-12-18 14:27:10 +01:00
Pedro Igor
7512a0412b wip - workflows doc (#44685) 
Signed-off-by: Pedro Igor <pigor.craveiro@gmail.com>
Co-authored-by: Stan Silvert <ssilvert@redhat.com>
 2025-12-18 07:52:41 -05:00
Marek Posolda
4b68f6998b Release notes update for Keycloak 26.5 with core-clients related contributions (#44986) 
closes #44192

Signed-off-by: mposolda <mposolda@gmail.com>
 2025-12-18 10:48:27 +01:00
Martin Bartoš
548a89c823 [OTel] Micrometer to OpenTelemetry bridge support for metrics (#41716) 
* [OTel] Micrometer to OpenTelemetry bridge support for metrics

Closes #41006

Signed-off-by: Martin Bartoš <mabartos@redhat.com>

* Review: Docs rewording

Signed-off-by: Ryan Emerson <remerson@ibm.com>

* Review: Make TELEMETRY Option descriptions consistently use OpenTelemetry to reflect pattern established by telemetry-enabled, telemetry-endpoint etc

Signed-off-by: Ryan Emerson <remerson@ibm.com>

---------

Signed-off-by: Martin Bartoš <mabartos@redhat.com>
Signed-off-by: Ryan Emerson <remerson@ibm.com>
Co-authored-by: Ryan Emerson <remerson@ibm.com>
 2025-12-17 17:03:56 +01:00
Sebastian Łaskawiec
9597537bf3 Additional fields for the Welcome Resource (#44758) 
* Additional fields added to the Welcome Page

Signed-off-by: Sebastian Łaskawiec <sebastian.laskawiec@gmail.com>

* Updated the order of fields

Signed-off-by: Sebastian Łaskawiec <sebastian.laskawiec@gmail.com>

---------

Signed-off-by: Sebastian Łaskawiec <sebastian.laskawiec@gmail.com>
 2025-12-17 13:11:44 +01:00
Martin Kanis
012cefb654 The existence of an organization attribute called id is not validated 
Closes #44522

Signed-off-by: Martin Kanis <mkanis@redhat.com>
 2025-12-17 08:05:32 -03:00
Steven Hawkins
148d14816c fix: allowing settable connection request timeout (#44592) 
also defaulting to 5000

closes: #44500

Signed-off-by: Steve Hawkins <shawkins@redhat.com>
 2025-12-16 16:35:01 +00:00
Palpable
94ee6d81fb [OID4VCI] Realign naming of attribute configuring algorithms for credential (#44765) 
Closes #44621


Signed-off-by: Vitalisn4 <ngamvitalisyuh@gmail.com>
Signed-off-by: mposolda <mposolda@gmail.com>
Signed-off-by: Ingrid Kamga <Ingrid.Kamga@adorsys.com>
Co-authored-by: Marek Posolda <mposolda@gmail.com>
Co-authored-by: Ingrid Kamga <Ingrid.Kamga@adorsys.com>
 2025-12-16 14:46:17 +01:00
Martin Bartoš
29fdcedbc8 [OTel] Introduce preview support for OpenTelemetry Logs (#41265) 
Closes #41264

Co-authored-by: Ryan Emerson <remerson@redhat.com

Signed-off-by: Martin Bartoš <mabartos@redhat.com>
 2025-12-15 10:50:30 +01:00