Pedro Ruivo
|
2f4f36eabc
|
Add realm id column to offline_client_session table
Closes #44424
Signed-off-by: Pedro Ruivo <1492066+pruivo@users.noreply.github.com>
Co-authored-by: Pedro Ruivo <1492066+pruivo@users.noreply.github.com>
|
2026-01-23 16:28:34 +01:00 |
|
Alexander Schwartz
|
e278a2f6fd
|
Changing default clock skew for not-issued-before to 10 seconds
Closes #45620
Signed-off-by: Alexander Schwartz <alexander.schwartz@ibm.com>
|
2026-01-22 19:11:10 +01:00 |
|
Martin Bartoš
|
57f0b15c80
|
OTEL: Add Telemetry options to Keycloak CR (#45397)
* OTEL: Add Telemetry options to Keycloak CR
Closes #45348
Signed-off-by: Martin Bartoš <mabartos@redhat.com>
Co-authored-by: Steven Hawkins <shawkins@redhat.com>
Co-authored-by: Václav Muzikář <vaclav@muzikari.cz>
* Add validation to resource attributes
Signed-off-by: Martin Bartoš <mabartos@redhat.com>
* Avoid unnecessary warning logs during the operator tests execution
Closes #45623
Signed-off-by: Martin Bartoš <mabartos@redhat.com>
* Update docs/documentation/upgrading/topics/changes/changes-26_6_0.adoc
Signed-off-by: Václav Muzikář <vaclav@muzikari.cz>
---------
Signed-off-by: Martin Bartoš <mabartos@redhat.com>
Signed-off-by: Václav Muzikář <vaclav@muzikari.cz>
Co-authored-by: Steven Hawkins <shawkins@redhat.com>
Co-authored-by: Václav Muzikář <vaclav@muzikari.cz>
|
2026-01-22 16:02:06 +00:00 |
|
Nate Drake
|
139de283cc
|
Add missing space to fix markdown code rendering (#45621)
Signed-off-by: Nate Drake <ndrake@gmail.com>
|
2026-01-22 15:59:24 +01:00 |
|
rmartinc
|
7e20b87136
|
Add abstract property for themes and do not display base for selection
Closes #41924
Signed-off-by: rmartinc <rmartinc@redhat.com>
|
2026-01-21 15:42:52 +01:00 |
|
Alexander Schwartz
|
cc8947a060
|
Keycloak should not allow matrix parameters in URLs as we don't use them
Closes #45533
Signed-off-by: Alexander Schwartz <alexander.schwartz@ibm.com>
|
2026-01-20 19:45:02 -03:00 |
|
Martin Bartoš
|
137a35c110
|
Mask certain HTTP headers and cookies in the HTTP access log (#45400)
* Mask certain HTTP headers and cookies in the HTTP access log
Closes #43811
Signed-off-by: Martin Bartoš <mabartos@redhat.com>
Co-authored-by: Václav Muzikář <vaclav@muzikari.cz>
* Improve tests, Improve docs
Signed-off-by: Martin Bartoš <mabartos@redhat.com>
* Fix test
Signed-off-by: Martin Bartoš <mabartos@redhat.com>
---------
Signed-off-by: Martin Bartoš <mabartos@redhat.com>
Co-authored-by: Václav Muzikář <vaclav@muzikari.cz>
|
2026-01-19 19:01:45 +01:00 |
|
Alexander Schwartz
|
391593cfa7
|
Implement asynchronous logging when called from nonblocking threads
Closes #45015
Signed-off-by: Alexander Schwartz <alexander.schwartz@gmx.net>
Signed-off-by: Alexander Schwartz <alexander.schwartz@ibm.com>
Signed-off-by: Martin Bartoš <mabartos@redhat.com>
Co-authored-by: Martin Bartoš <mabartos@redhat.com>
|
2026-01-15 09:20:34 -03:00 |
|
mposolda
|
1273c8db0e
|
DCR endpoint ignores client's requested token_endpoint_auth_method in case it is client_secret_post
closes #44403
Signed-off-by: mposolda <mposolda@gmail.com>
|
2026-01-12 09:54:04 +01:00 |
|
Ryan Emerson
|
f8b114bdd8
|
Add indexes to BROKER_LINK table
Closes #45009
Signed-off-by: Ryan Emerson <remerson@ibm.com>
Signed-off-by: Alexander Schwartz <alexander.schwartz@ibm.com>
Co-authored-by: Alexander Schwartz <alexander.schwartz@ibm.com>
|
2026-01-09 16:09:40 +00:00 |
|
Alexander Schwartz
|
234526761e
|
Fix section level in 26.5 migration guide
Closes #45184
Signed-off-by: Alexander Schwartz <alexander.schwartz@gmx.net>
|
2026-01-07 07:54:06 -03:00 |
|
Alexander Schwartz
|
e43cf55028
|
Finalizing 26.5 release notes
Closes #45131
Signed-off-by: Alexander Schwartz <alexander.schwartz@ibm.com>
Signed-off-by: Alexander Schwartz <alexander.schwartz@gmx.net>
Co-authored-by: Stian Thorgersen <stian@redhat.com>
|
2026-01-05 14:10:32 +01:00 |
|
Alexander Schwartz
|
a6bf194487
|
Remove usage of kcSanitize() to avoid printing HTML (#44755)
Closes #44753
Signed-off-by: Alexander Schwartz <alexander.schwartz@ibm.com>
|
2026-01-05 10:45:32 +01:00 |
|
Ryan Emerson
|
cafa1a86eb
|
Disable state transfer for session caches when persistent sessions are enabled
Closes #44518
Signed-off-by: Ryan Emerson <remerson@ibm.com>
Signed-off-by: Alexander Schwartz <alexander.schwartz@ibm.com>
Co-authored-by: Alexander Schwartz <alexander.schwartz@ibm.com>
|
2026-01-05 08:53:59 +00:00 |
|
Ruchika Jha
|
60b369c622
|
Validate client session timeout and lifetime settings on realm settings edit
Closes #44910
Signed-off-by: Ruchika <Ruchika.Jha1@ibm.com>
Signed-off-by: Ryan Emerson <remerson@ibm.com>
Signed-off-by: Alexander Schwartz <alexander.schwartz@ibm.com>
Co-authored-by: Ryan Emerson <remerson@ibm.com>
Co-authored-by: Alexander Schwartz <alexander.schwartz@ibm.com>
|
2026-01-05 08:50:56 +00:00 |
|
Stian Thorgersen
|
f2c527239d
|
Update JNDI reference in LDAP referrals documentation (#45129)
Clarified the term 'JNDI' in the LDAP referrals section.
Closes #45040
|
2026-01-05 09:01:40 +01:00 |
|
Robin Meese
|
0d0d468f27
|
Add ability to delete offline sessions via account console
Closes #15502
Signed-off-by: Robin Meese <39960884+robson90@users.noreply.github.com>
Signed-off-by: Alexander Schwartz <alexander.schwartz@gmx.net>
Co-authored-by: Alexander Schwartz <alexander.schwartz@gmx.net>
|
2026-01-05 08:26:47 +01:00 |
|
Christian Ja
|
374e45b883
|
Use default locale from realm an intermediate fallback
closes #40990
Signed-off-by: Christian Janker <christian.janker@gmx.at>
Signed-off-by: Alexander Schwartz <alexander.schwartz@ibm.com>
Co-authored-by: Alexander Schwartz <alexander.schwartz@ibm.com>
|
2026-01-01 14:23:33 +00:00 |
|
Robin Meese
|
35ee49b5d4
|
Add logout event to UserSessionLimitsAuthenticator
Closes #44843
Signed-off-by: Robin Meese <39960884+robson90@users.noreply.github.com>
Signed-off-by: Alexander Schwartz <alexander.schwartz@ibm.com>
Co-authored-by: Alexander Schwartz <alexander.schwartz@ibm.com>
|
2026-01-01 13:22:54 +00:00 |
|
Robin Meese
|
0957572751
|
Add logout event to SessionResource
Closes #44842
Signed-off-by: Robin Meese <39960884+robson90@users.noreply.github.com>
Signed-off-by: Alexander Schwartz <alexander.schwartz@gmx.net>
Co-authored-by: Alexander Schwartz <alexander.schwartz@gmx.net>
|
2025-12-29 12:25:45 +00:00 |
|
Sebastian Łaskawiec
|
9597537bf3
|
Additional fields for the Welcome Resource (#44758)
* Additional fields added to the Welcome Page
Signed-off-by: Sebastian Łaskawiec <sebastian.laskawiec@gmail.com>
* Updated the order of fields
Signed-off-by: Sebastian Łaskawiec <sebastian.laskawiec@gmail.com>
---------
Signed-off-by: Sebastian Łaskawiec <sebastian.laskawiec@gmail.com>
|
2025-12-17 13:11:44 +01:00 |
|
Martin Kanis
|
012cefb654
|
The existence of an organization attribute called id is not validated
Closes #44522
Signed-off-by: Martin Kanis <mkanis@redhat.com>
|
2025-12-17 08:05:32 -03:00 |
|
Steven Hawkins
|
148d14816c
|
fix: allowing settable connection request timeout (#44592)
also defaulting to 5000
closes: #44500
Signed-off-by: Steve Hawkins <shawkins@redhat.com>
|
2025-12-16 16:35:01 +00:00 |
|
Ruchika Jha
|
26fe8dc7d8
|
Added validation for client session timeout post comparing the realm session timeouts
Closes #41019
Signed-off-by: ruchikajha95 <Ruchika.Jha1@ibm.com>
Signed-off-by: Alexander Schwartz <alexander.schwartz@ibm.com>
|
2025-12-11 13:58:04 +01:00 |
|
Martin Bartoš
|
8def691053
|
[OTel] Provide general options for telemetry settings (#41705)
* [OTel] Provide general options for telemetry settings
Closes #41263
Co-authored-by: Ryan Emerson <remerson@redhat.com>
Signed-off-by: Martin Bartoš <mabartos@redhat.com>
* Update docs/guides/observability/telemetry.adoc
Co-authored-by: Václav Muzikář <vaclav@muzikari.cz>
Signed-off-by: Martin Bartoš <mabartos@redhat.com>
* Provide release notes and deprecation note
Signed-off-by: Martin Bartoš <mabartos@redhat.com>
* Ignore link to the telemetry guide for now
Signed-off-by: Martin Bartoš <mabartos@redhat.com>
---------
Signed-off-by: Martin Bartoš <mabartos@redhat.com>
Co-authored-by: Ryan Emerson <remerson@redhat.com>
Co-authored-by: Václav Muzikář <vaclav@muzikari.cz>
|
2025-12-10 12:03:46 +00:00 |
|
Christian Glasmachers
|
921b10ee80
|
Login failure cache: Evict entries after the configured failure reset time
Closes #44801
Signed-off-by: Alexander Schwartz <alexander.schwartz@ibm.com>
Signed-off-by: Alexander Schwartz <alexander.schwartz@gmx.net>
Signed-off-by: Pedro Ruivo <pruivo@redhat.com>
Co-authored-by: Christian Glasmachers <Christian.Glasmachers-extern@deutschebahn.com>
Co-authored-by: Alexander Schwartz <alexander.schwartz@ibm.com>
Co-authored-by: Alexander Schwartz <alexander.schwartz@gmx.net>
Co-authored-by: Pedro Ruivo <pruivo@users.noreply.github.com>
|
2025-12-10 11:20:19 +01:00 |
|
vramik
|
5dbc91e028
|
Deprecate Fine-Grained Admin Permissions v1
Closes #44121
Signed-off-by: vramik <vramik@redhat.com>
|
2025-12-08 10:26:27 -03:00 |
|
Alexander Schwartz
|
2f81a2fb76
|
Updating and ordering the release notes
Closes #44706
Signed-off-by: Alexander Schwartz <alexander.schwartz@ibm.com>
|
2025-12-08 10:55:33 +01:00 |
|
Sebastian Schuster
|
b5178a2bec
|
Added section on recommended isolation level to db guides
Closes #44611
Signed-off-by: Sebastian Schuster <sebastian.schuster@bosch.com>
Signed-off-by: Alexander Schwartz <alexander.schwartz@ibm.com>
Co-authored-by: Alexander Schwartz <alexander.schwartz@ibm.com>
|
2025-12-05 14:48:31 +01:00 |
|
forkimenjeckayang
|
4dd68c0316
|
[OID4VCI] Conformance Test Fixes (#44439)
closes #44659
Signed-off-by: forkimenjeckayang <forkimenjeckayang@gmail.com>
|
2025-12-04 09:03:38 +01:00 |
|
Pedro Ruivo
|
3ed15e740a
|
Add new option to schedule user session expiration
Closes #44068
Signed-off-by: Pedro Ruivo <1492066+pruivo@users.noreply.github.com>
Signed-off-by: Alexander Schwartz <alexander.schwartz@ibm.com>
Signed-off-by: Ryan Emerson <remerson@ibm.com>
Co-authored-by: Pedro Ruivo <1492066+pruivo@users.noreply.github.com>
Co-authored-by: Alexander Schwartz <alexander.schwartz@ibm.com>
Co-authored-by: Ryan Emerson <remerson@ibm.com>
|
2025-11-27 23:01:32 +01:00 |
|
Alexander Schwartz
|
2210b1ed50
|
Avoid un-escaped strings in the login templates for HTML entities
Closes #44296
Signed-off-by: Alexander Schwartz <alexander.schwartz@ibm.com>
|
2025-11-26 07:55:35 -03:00 |
|
Stian Thorgersen
|
2a78bc67d7
|
Refactoring around federated client authenticator to better handling lookup of IdPs and clients. Also, introducing updates to documentation. (#44325)
Closes #44253
Closes #42987
Closes #44063
Signed-off-by: stianst <stianst@gmail.com>
Co-authored-by: Alexander Schwartz <alexander.schwartz@gmx.net>
|
2025-11-22 12:53:22 +01:00 |
|
Alexander Schwartz
|
bb971dc6fc
|
Efficient row-count on PostgreSQL
Closes #44057
Signed-off-by: Alexander Schwartz <alexander.schwartz@ibm.com>
|
2025-11-21 12:28:09 +01:00 |
|
Alexander Schwartz
|
15a9a36569
|
Align formatting of referenced RFCs
Closes #44246
Signed-off-by: Alexander Schwartz <alexander.schwartz@gmx.net>
Co-authored-by: Stian Thorgersen <stian@redhat.com>
|
2025-11-17 21:30:13 +01:00 |
|
Chance Coleman
|
b2317dabdc
|
Add configurable HTTP retry mechanism for OCSP validation (#42535)
Closes #42401
Signed-off-by: UnicornChance <chance@defenseunicorns.com>
Signed-off-by: Chance Coleman <139784371+chance-coleman@users.noreply.github.com>
|
2025-11-13 13:21:13 +01:00 |
|
vramik
|
748b58bf64
|
Remove creation of default policy, resource and permission upon enabling authorization for a client
Closes #43867
Signed-off-by: vramik <vramik@redhat.com>
|
2025-11-13 09:14:56 -03:00 |
|
Stian Thorgersen
|
b278dbbb3d
|
Allow identity provider configuration without defaults for user authentication (#43963)
Closes #43552
Signed-off-by: stianst <stianst@gmail.com>
|
2025-11-05 10:13:40 -03:00 |
|
Tobi
|
479859a7a3
|
Add new indices on offline_client_session
Closes #43566
Signed-off-by: twobiers <22715034+twobiers@users.noreply.github.com>
Signed-off-by: Alexander Schwartz <alexander.schwartz@ibm.com>
Co-authored-by: Alexander Schwartz <alexander.schwartz@ibm.com>
|
2025-10-31 17:49:47 +01:00 |
|
Pedro Ruivo
|
e40c5de050
|
Session cache affinity
Closes #42776
Signed-off-by: Pedro Ruivo <1492066+pruivo@users.noreply.github.com>
Signed-off-by: Alexander Schwartz <alexander.schwartz@gmx.net>
Signed-off-by: Alexander Schwartz <alexander.schwartz@ibm.com>
Co-authored-by: Pedro Ruivo <1492066+pruivo@users.noreply.github.com>
Co-authored-by: Alexander Schwartz <alexander.schwartz@gmx.net>
Co-authored-by: Steven Hawkins <shawkins@redhat.com>
Co-authored-by: Alexander Schwartz <alexander.schwartz@ibm.com>
|
2025-10-30 21:01:09 +00:00 |
|
Alexander Schwartz
|
0f01444543
|
Allow only normalized paths in requests (#43765)
Closes #43763
Signed-off-by: Martin Bartoš <mabartos@redhat.com>
Signed-off-by: Alexander Schwartz <alexander.schwartz@ibm.com>
Co-authored-by: Martin Bartoš <mabartos@redhat.com>
|
2025-10-30 14:37:50 +01:00 |
|
Pedro Ruivo
|
6317c02a27
|
Refactor AuthenticationSessionManager
Closes #43825
Signed-off-by: Pedro Ruivo <1492066+pruivo@users.noreply.github.com>
Signed-off-by: Alexander Schwartz <alexander.schwartz@ibm.com>
Co-authored-by: Pedro Ruivo <1492066+pruivo@users.noreply.github.com>
Co-authored-by: Alexander Schwartz <alexander.schwartz@ibm.com>
|
2025-10-30 12:26:07 +01:00 |
|
Marek Posolda
|
2fc5419676
|
Avoid using UserCredentialManager from user storage extensions (#43695)
closes #43694
Signed-off-by: mposolda <mposolda@gmail.com>
|
2025-10-29 16:26:59 +01:00 |
|
Pedro Igor
|
2b785425fa
|
Allow managing realm admin roles if the the realm-admin role is granted
Closes #43579
Closes #43578
Signed-off-by: Pedro Igor <pigor.craveiro@gmail.com>
Co-authored-by: Vlasta Ramik <vramik@users.noreply.github.com>
|
2025-10-23 08:02:05 -03:00 |
|
Stian Thorgersen
|
84a161d4dd
|
Extract related methods from IdentityProvider to UserIdentityProvider (#43535)
Closes #43534
Signed-off-by: stianst <stianst@gmail.com>
|
2025-10-21 14:27:07 +00:00 |
|
Alexander Schwartz
|
6080f21c64
|
Adding this as a breaking change plus deprecation
Closes #43022
Signed-off-by: Alexander Schwartz <alexander.schwartz@ibm.com>
|
2025-10-21 09:58:33 -03:00 |
|
Martin Bartoš
|
419afce847
|
Fix anchors in the documentation
Closes #43084
Signed-off-by: Martin Bartoš <mabartos@redhat.com>
Signed-off-by: Alexander Schwartz <alexander.schwartz@ibm.com>
Co-authored-by: Václav Muzikář <vaclav@muzikari.cz>
Co-authored-by: Alexander Schwartz <alexander.schwartz@ibm.com>
|
2025-10-21 12:33:32 +00:00 |
|
Pedro Igor
|
c5b560e2d8
|
Update user profile to allow returning a brief user representation
Closes #42225
Signed-off-by: Pedro Igor <pigor.craveiro@gmail.com>
|
2025-10-21 12:52:31 +02:00 |
|
Ronaldo Paulino Jiconda
|
987ce19b45
|
Fix OIDC IDP broker basic auth encoding
Ensures that the client_id and client_secret are URL-encoded before being Base64-encoded for the Basic Auth header, following RFC 6749. This fixes authentication failures when the client_id contains special characters.
Closes #26374
Closes #43022
Signed-off-by: rpjicond <ronaldopaulino32@hotmail.com>
Signed-off-by: Alexander Schwartz <alexander.schwartz@ibm.com>
Co-authored-by: rpjicond <ronaldopaulino32@hotmail.com>
Co-authored-by: Alexander Schwartz <alexander.schwartz@ibm.com>
Co-authored-by: cgeorgilakis-grnet <cgeorgilakis@admin.grnet.gr>
|
2025-10-20 23:48:24 +02:00 |
|
Steven Hawkins
|
736d4920d7
|
fix: noting db support level changes (#43549)
closes: #43191
Signed-off-by: Steve Hawkins <shawkins@redhat.com>
|
2025-10-17 14:01:10 +02:00 |
|