Pedro Igor
87430fc181
Add impersonate-members scope to group resource type
...
Closes #38566
Signed-off-by: Pedro Igor <pigor.craveiro@gmail.com >
2025-04-07 14:56:27 +00:00
vramik
6488890585
[FGAP:V2] remove configure scope from Client resource type
...
Closes #38567
Signed-off-by: vramik <vramik@redhat.com >
2025-04-07 07:05:02 -03:00
Marek Posolda
f984644d07
Clarify in documentation that legacy token exchange requires FGAP:v1 ( #38694 )
...
closes #38693
Signed-off-by: mposolda <mposolda@gmail.com >
Co-authored-by: andymunro <48995441+andymunro@users.noreply.github.com >
Co-authored-by: Alexander Schwartz <alexander.schwartz@gmx.net >
Signed-off-by: Marek Posolda <mposolda@gmail.com >
2025-04-07 08:27:56 +02:00
Alexander Schwartz
d69a530d5b
Check HTML head for redirects
...
Closes #38655
Signed-off-by: Alexander Schwartz <aschwart@redhat.com >
2025-04-04 18:40:41 +02:00
vramik
f076b99407
FGAP documentation
...
Closes #37245
Signed-off-by: vramik <vramik@redhat.com >
2025-04-03 09:44:32 -03:00
rmartinc
a10c8119d4
Define a max expiration window for Signed JWT client authentication
...
Closes #38576
Signed-off-by: rmartinc <rmartinc@redhat.com >
2025-04-02 18:32:54 +02:00
Stian Thorgersen
a18948f731
Reorder items in release notes for 26.2 ( #38290 )
...
Signed-off-by: stianst <stianst@gmail.com >
2025-03-20 11:52:53 +01:00
Marek Posolda
290905c9cf
Documentation for supported token-exchange ( #38008 )
...
closes #37126
Signed-off-by: Marek Posolda <mposolda@gmail.com >
Co-authored-by: Bruno Oliveira da Silva <bruno@abstractj.com >
Co-authored-by: andymunro <48995441+andymunro@users.noreply.github.com >
2025-03-14 09:55:44 +01:00
Steven Hawkins
d9c3511fa5
fix: adding a check if the proxy is trusted prior to using a cert header ( #37465 )
...
closes : #35861
Signed-off-by: Steve Hawkins <shawkins@redhat.com >
Signed-off-by: Steven Hawkins <shawkins@redhat.com >
2025-03-12 11:21:33 +01:00
Stefan Guilhen
86b2a6a95c
Fix docs to also mention roles
...
Signed-off-by: Stefan Guilhen <sguilhen@redhat.com >
Closes #28569
Signed-off-by: Jakob Overrein <jakob.overrein@basefarm-orange.com >
2025-03-10 16:13:36 -03:00
Stefan Guilhen
d44ebfd4d1
Document the addition of the Relative User Creation DN
...
Signed-off-by: Stefan Guilhen <sguilhen@redhat.com >
2025-03-10 16:13:36 -03:00
Alexander Schwartz
151e019935
Make NetworkPolicy supported and enabled by default
...
Closes #36036
Signed-off-by: Alexander Schwartz <aschwart@redhat.com >
Signed-off-by: Alexander Schwartz <alexander.schwartz@gmx.net >
Co-authored-by: Pedro Ruivo <pruivo@users.noreply.github.com >
2025-03-10 11:12:38 +01:00
Alexander Schwartz
b1785ce179
Quote a link that shouldn't be rendered as a link
...
This should not be clickable.
Closes #37765
Signed-off-by: Alexander Schwartz <aschwart@redhat.com >
2025-03-06 16:50:04 -03:00
Alexander Schwartz
bc7ec1208e
Enable the TLS based JGroups encryption by default and update the docs
...
Closes #37696
Signed-off-by: Alexander Schwartz <aschwart@redhat.com >
2025-03-03 10:50:51 -03:00
Martin Bartoš
6f0ed46404
Upgrade to Quarkus 3.19.0.CR1 ( #37492 )
...
Closes #37436
Signed-off-by: Martin Bartoš <mabartos@redhat.com >
2025-02-24 19:52:01 +01:00
Václav Muzikář
764ca50fc4
Upgrade to Quarkus 3.18.2 ( #37300 )
...
* Upgrade to Quarkus 3.18.2
Closes #37056
Signed-off-by: Václav Muzikář <vmuzikar@redhat.com >
* Update docs/documentation/upgrading/topics/changes/changes-26_2_0.adoc
Co-authored-by: Alexander Schwartz <alexander.schwartz@gmx.net >
Signed-off-by: Václav Muzikář <vaclav@muzikari.cz >
---------
Signed-off-by: Václav Muzikář <vmuzikar@redhat.com >
Signed-off-by: Václav Muzikář <vaclav@muzikari.cz >
Co-authored-by: Alexander Schwartz <alexander.schwartz@gmx.net >
2025-02-17 16:30:05 +01:00
rmartinc
6850f41060
Force login in reset-credentials to federated users
...
Closes #37207
Signed-off-by: rmartinc <rmartinc@redhat.com >
2025-02-12 13:47:39 -03:00
Giuseppe Graziano
7896af5827
Remove Node.js adapter documentation ( #36573 )
...
closes #36440
Signed-off-by: Giuseppe Graziano <g.graziano94@gmail.com >
2025-01-28 12:23:17 +01:00
vramik
b5c95e9f1c
Update index-creation-threshold in migrate_db.adoc
...
Closes #36669
Signed-off-by: vramik <vramik@redhat.com >
2025-01-23 15:45:13 +01:00
Martin Bartoš
af3f6281b8
ExternalLinksTest is broken after Keycloak 26.1.0 release
...
Fixes #36486
Signed-off-by: Martin Bartoš <mabartos@redhat.com >
2025-01-15 13:12:55 +01:00
Stian Thorgersen
c1c147cb17
Restrict access to environment variables when at the server runtime ( #36472 )
...
Signed-off-by: Pedro Igor <pigor.craveiro@gmail.com >
Co-authored-by: Pedro Igor <pigor.craveiro@gmail.com >
2025-01-15 09:36:19 +01:00
Selvi
db5a8466ad
Remove duplicate "the" in documentation ( #36329 )
...
Signed-off-by: Selvi <SelviA@users.noreply.github.com >
2025-01-09 16:12:30 +01:00
Marek Posolda
4ab34f4816
Updating release notes with core-clients contributions and features ( #36066 )
...
closes #35953
Signed-off-by: mposolda <mposolda@gmail.com >
Co-authored-by: andymunro <48995441+andymunro@users.noreply.github.com >
Signed-off-by: Marek Posolda <mposolda@gmail.com >
2024-12-20 10:15:55 +01:00
Jan Verhaeghe
56246096e0
Align on one realm-name placeholder
...
Closes #36047
Signed-off-by: Jan Verhaeghe <jan@hwfaq.be >
2024-12-19 13:48:18 +00:00
Steven Hawkins
cb1d28d043
fix: deprecating the default db value in production mode ( #35674 )
...
closes : #23805
Fix typo in docs, some improvements
adding a negative assertion
Update docs/documentation/upgrading/topics/changes/changes-26_1_0.adoc
Signed-off-by: Steven Hawkins <shawkins@redhat.com >
Co-authored-by: Václav Muzikář <vaclav@muzikari.cz >
2024-12-13 11:59:55 +01:00
Marek Posolda
0265cb6254
Update upgrading notes with the changes related to core clients ( #35860 )
...
closes #35859
Signed-off-by: mposolda <mposolda@gmail.com >
Co-authored-by: andymunro <48995441+andymunro@users.noreply.github.com >
Signed-off-by: Marek Posolda <mposolda@gmail.com >
2024-12-13 10:12:37 +01:00
Alexander Schwartz
7c4a5aed77
Restructuring the migration guide ( #35724 )
...
Closes #35487
Signed-off-by: Alexander Schwartz <aschwart@redhat.com >
2024-12-10 12:07:32 +01:00
Alexander Schwartz
13e3439246
Upgrading guide 26.0.6 is missing in the upgrading guide ( #35545 )
...
Closes #35544
Signed-off-by: Alexander Schwartz <aschwart@redhat.com >
2024-12-03 11:58:32 +01:00
Stefan Guilhen
9861acc2aa
UserSessionProvider.removeUserSessions now removes all user sessions (both regular and offline)
...
Closes #31359
Signed-off-by: Stefan Guilhen <sguilhen@redhat.com >
2024-11-29 12:35:15 -03:00
Giuseppe Graziano
a659c8d1cb
Sign AUTH_SESSION_ID cookie ( #35297 )
...
closes #34027
Signed-off-by: Giuseppe Graziano <g.graziano94@gmail.com >
2024-11-28 17:28:52 +01:00
Martin Kanis
20770d8aaa
Fix upgrading guide about deprecation of getAll() methods in the organization APIs
...
Closes #34975
Signed-off-by: Martin Kanis <mkanis@redhat.com >
2024-11-25 10:10:02 +01:00
rmartinc
b0b247f1f1
Passivate imported keys if the associate certificate is expired
...
Closes #34973
Signed-off-by: rmartinc <rmartinc@redhat.com >
2024-11-25 09:40:59 +01:00
Cornelius Roemer
29abfd3e89
Fix typos in *.md and *.adoc files using codespell interactive mode
...
Closes #35256
This PR fixes a bunch of typos in docs files.
I ran codespell on `*.adoc` and `*.md` files in the repo in interactive mode
carefully checking each identified typo and proposed fix for false positives.
The most widely read file with typos identified is likely the changelog/migration guide.
Signed-off-by: Cornelius Roemer <cornelius.roemer@gmail.com >
2024-11-25 08:21:26 +01:00
Cornelius Roemer
e11db03d76
fix(doc): v24 changelog grammar typo "longer" -> "no longer" ()
...
Closes #35163
The missing "no" makes this really confusing to read
Signed-off-by: Cornelius Roemer <cornelius.roemer@gmail.com >
2024-11-22 11:56:48 +01:00
Václav Muzikář
d60cb9aaef
fix: prevent inclusion of characters that could lead to FileVault path traversal ( #35223 )
...
Closes : #35215
Signed-off-by: Peter Zaoral <pzaoral@redhat.com >
Co-authored-by: Peter Zaoral <pepo48@gmail.com >
2024-11-22 10:18:00 +01:00
Marek Posolda
a56378e989
Remove upgrading client libraries from the server documentation ( #35101 )
...
closes #34949
Signed-off-by: mposolda <mposolda@gmail.com >
Co-authored-by: andymunro <48995441+andymunro@users.noreply.github.com >
Signed-off-by: Marek Posolda <mposolda@gmail.com >
2024-11-20 16:14:42 +01:00
michielpeeters
cec081961b
Update upgrade guide docs 25.0.0 cache options
...
Closes #34987
Signed-off-by: michielpeeters <michielpeeters@users.noreply.github.com >
Signed-off-by: Alexander Schwartz <aschwart@redhat.com >
Co-authored-by: Alexander Schwartz <aschwart@redhat.com >
2024-11-15 14:27:57 +01:00
Marek Posolda
92d9ac6621
Update KEYCLOAK_SESSION cookie to not have sessionId in plaintext ( #34551 )
...
closes #34026
Signed-off-by: mposolda <mposolda@gmail.com >
2024-11-11 18:47:18 +01:00
Pedro Ruivo
d7e5319f70
Document network ports for Keycloak clustering
...
Also switch the default to jdbc-ping as this should be a drop-in replacement looking at the networking behavior of udp.
Closes #34658
Signed-off-by: Pedro Ruivo <pruivo@redhat.com >
Signed-off-by: Alexander Schwartz <aschwart@redhat.com >
Co-authored-by: Alexander Schwartz <aschwart@redhat.com >
2024-11-11 13:28:15 +01:00
Pedro Igor
0a05ba49d1
Adding a details map to admin events to store additional contextual data when the event is fired
...
Signed-off-by: Pedro Igor <pigor.craveiro@gmail.com >
2024-11-07 17:19:43 -03:00
Pedro Ruivo
33cae33ae4
Remove JGroups thread pool docs from HA Guide
...
Clustering is disabled with multi-site deployment and there is no
JGroups thread pool to configure.
Closes #34715
Signed-off-by: Pedro Ruivo <pruivo@redhat.com >
Signed-off-by: Alexander Schwartz <aschwart@redhat.com >
Co-authored-by: Alexander Schwartz <aschwart@redhat.com >
2024-11-07 09:00:48 +00:00
Ricardo Martin
226daa41c7
Add service account mappers via client scope instead of dedicated scope ( #34664 )
...
Closes #10417
Signed-off-by: rmartinc <rmartinc@redhat.com >
Co-authored-by: andymunro <48995441+andymunro@users.noreply.github.com >
Signed-off-by: Ricardo Martin <rmartinc@redhat.com >
2024-11-07 08:45:11 +01:00
Ricardo Martin
ce454bda47
Remove online session when offline access is requested as the first request ( #34346 )
...
Closes #34001
Signed-off-by: rmartinc <rmartinc@redhat.com >
Co-authored-by: andymunro <48995441+andymunro@users.noreply.github.com >
Signed-off-by: Marek Posolda <mposolda@gmail.com >
---------
Signed-off-by: rmartinc <rmartinc@redhat.com >
Signed-off-by: Marek Posolda <mposolda@gmail.com >
Co-authored-by: Marek Posolda <mposolda@gmail.com >
Co-authored-by: andymunro <48995441+andymunro@users.noreply.github.com >
2024-11-06 08:33:12 +01:00
Ryan Emerson
a79b67cac8
Deprecate other transport stacks (ec2, azure, google)
...
Closes #34253
Signed-off-by: Ryan Emerson <remerson@redhat.com >
2024-10-31 11:47:13 +01:00
Andy
f994cc54d5
Remove robots.txt entirely
...
* remove robots.txt entirely, as blocking page-
crawling prevents the `X-Robots-Tag` headers
(and similar meta tags) from working as intended.
Closes #17433
Signed-off-by: Andy <andy@slice.is >
Signed-off-by: Alexander Schwartz <aschwart@redhat.com >
Co-authored-by: Alexander Schwartz <aschwart@redhat.com >
2024-10-25 12:09:50 +00:00
Ryan Emerson
902abfdae4
JDBC_PING as default discovery protocol
...
Closes #29399
- Add ProviderFactory#dependsOn to allow dependencies between
ProviderFactories to be explicitly defined
- Disable Infinispan default shutdownhook disabled to ensure lifecycle
is managed exclusively by Keycloak
- Remove Infinispan shutdown hook in KeycloakRecorder and manage
EmbeddedCacheManager lifecycle only in DefaultInfinispanConnectionProviderFactory#close
Signed-off-by: Ryan Emerson <remerson@redhat.com >
Signed-off-by: Alexander Schwartz <aschwart@redhat.com >
Co-authored-by: Alexander Schwartz <aschwart@redhat.com >
2024-10-22 20:19:19 +00:00
Pedro Ruivo
fffa9aa72e
Enable virtual threads in Infinispan and JGroups by default
...
Closes #33939
Signed-off-by: Pedro Ruivo <pruivo@redhat.com >
Signed-off-by: Alexander Schwartz <aschwart@redhat.com >
Co-authored-by: Alexander Schwartz <aschwart@redhat.com >
2024-10-21 16:02:28 +00:00
Jon Koops
7657e71be1
Automatically retrieve configuration for authorization
...
Closes #14562
Signed-off-by: Jon Koops <jonkoops@gmail.com >
2024-10-18 14:03:36 +02:00
Pedro Ruivo
464fc90519
Fail to start if work cache is not replicated
...
Keycloak will now fail to start if the work cache is replicated.
Listeners require the data to be local.
Closes #33702
Signed-off-by: Pedro Ruivo <pruivo@redhat.com >
Signed-off-by: Alexander Schwartz <aschwart@redhat.com >
Co-authored-by: Alexander Schwartz <aschwart@redhat.com >
2024-10-09 19:40:24 +00:00
Pedro Ruivo
0e3554934e
Read cache-ispn.xml from conf/ by default
...
Fixed #31492
Signed-off-by: Pedro Ruivo <pruivo@redhat.com >
Signed-off-by: Alexander Schwartz <aschwart@redhat.com >
Co-authored-by: Alexander Schwartz <aschwart@redhat.com >
2024-10-09 16:40:17 +00:00