Commit Graph

368 Commits

Author SHA1 Message Date
Tobi
479859a7a3 Add new indices on offline_client_session
Closes #43566

Signed-off-by: twobiers <22715034+twobiers@users.noreply.github.com>
Signed-off-by: Alexander Schwartz <alexander.schwartz@ibm.com>
Co-authored-by: Alexander Schwartz <alexander.schwartz@ibm.com>
2025-10-31 17:49:47 +01:00
Pedro Ruivo
e40c5de050 Session cache affinity
Closes #42776

Signed-off-by: Pedro Ruivo <1492066+pruivo@users.noreply.github.com>
Signed-off-by: Alexander Schwartz <alexander.schwartz@gmx.net>
Signed-off-by: Alexander Schwartz <alexander.schwartz@ibm.com>
Co-authored-by: Pedro Ruivo <1492066+pruivo@users.noreply.github.com>
Co-authored-by: Alexander Schwartz <alexander.schwartz@gmx.net>
Co-authored-by: Steven Hawkins <shawkins@redhat.com>
Co-authored-by: Alexander Schwartz <alexander.schwartz@ibm.com>
2025-10-30 21:01:09 +00:00
Alexander Schwartz
0f01444543 Allow only normalized paths in requests (#43765)
Closes #43763

Signed-off-by: Martin Bartoš <mabartos@redhat.com>
Signed-off-by: Alexander Schwartz <alexander.schwartz@ibm.com>
Co-authored-by: Martin Bartoš <mabartos@redhat.com>
2025-10-30 14:37:50 +01:00
Pedro Ruivo
6317c02a27 Refactor AuthenticationSessionManager
Closes #43825

Signed-off-by: Pedro Ruivo <1492066+pruivo@users.noreply.github.com>
Signed-off-by: Alexander Schwartz <alexander.schwartz@ibm.com>
Co-authored-by: Pedro Ruivo <1492066+pruivo@users.noreply.github.com>
Co-authored-by: Alexander Schwartz <alexander.schwartz@ibm.com>
2025-10-30 12:26:07 +01:00
Marek Posolda
2fc5419676 Avoid using UserCredentialManager from user storage extensions (#43695)
closes #43694

Signed-off-by: mposolda <mposolda@gmail.com>
2025-10-29 16:26:59 +01:00
Pedro Igor
2b785425fa Allow managing realm admin roles if the the realm-admin role is granted
Closes #43579
Closes #43578

Signed-off-by: Pedro Igor <pigor.craveiro@gmail.com>
Co-authored-by: Vlasta Ramik <vramik@users.noreply.github.com>
2025-10-23 08:02:05 -03:00
Stian Thorgersen
84a161d4dd Extract related methods from IdentityProvider to UserIdentityProvider (#43535)
Closes #43534

Signed-off-by: stianst <stianst@gmail.com>
2025-10-21 14:27:07 +00:00
Alexander Schwartz
6080f21c64 Adding this as a breaking change plus deprecation
Closes #43022

Signed-off-by: Alexander Schwartz <alexander.schwartz@ibm.com>
2025-10-21 09:58:33 -03:00
Martin Bartoš
419afce847 Fix anchors in the documentation
Closes #43084

Signed-off-by: Martin Bartoš <mabartos@redhat.com>
Signed-off-by: Alexander Schwartz <alexander.schwartz@ibm.com>
Co-authored-by: Václav Muzikář <vaclav@muzikari.cz>
Co-authored-by: Alexander Schwartz <alexander.schwartz@ibm.com>
2025-10-21 12:33:32 +00:00
Pedro Igor
c5b560e2d8 Update user profile to allow returning a brief user representation
Closes #42225

Signed-off-by: Pedro Igor <pigor.craveiro@gmail.com>
2025-10-21 12:52:31 +02:00
Ronaldo Paulino Jiconda
987ce19b45 Fix OIDC IDP broker basic auth encoding
Ensures that the client_id and client_secret are URL-encoded before being Base64-encoded for the Basic Auth header, following RFC 6749. This fixes authentication failures when the client_id contains special characters.

Closes #26374
Closes #43022

Signed-off-by: rpjicond <ronaldopaulino32@hotmail.com>
Signed-off-by: Alexander Schwartz <alexander.schwartz@ibm.com>
Co-authored-by: rpjicond <ronaldopaulino32@hotmail.com>
Co-authored-by: Alexander Schwartz <alexander.schwartz@ibm.com>
Co-authored-by: cgeorgilakis-grnet <cgeorgilakis@admin.grnet.gr>
2025-10-20 23:48:24 +02:00
Steven Hawkins
736d4920d7 fix: noting db support level changes (#43549)
closes: #43191

Signed-off-by: Steve Hawkins <shawkins@redhat.com>
2025-10-17 14:01:10 +02:00
Giuseppe Graziano
bda0e2a67c Invalidate sessions created with remember me when remember me is disabled for realm
Closes #43328

Signed-off-by: Giuseppe Graziano <g.graziano94@gmail.com>
2025-10-14 15:00:41 +00:00
Alexander Schwartz
934ac48a54 Rework formatting for release notes
Closes #43320

Signed-off-by: Alexander Schwartz <alexander.schwartz@ibm.com>
2025-10-10 07:42:53 -03:00
Steven Hawkins
7bfc33fd5f fix: auto-defaulting log console color (#42669)
closes: #42445

Signed-off-by: Steve Hawkins <shawkins@redhat.com>
Co-authored-by: Martin Bartoš <mabartos@redhat.com>
2025-10-06 17:14:30 +00:00
Martin Bartoš
70a9a600de ExternalLinksTest is broken due to missing path parameters
Closes #43082

Signed-off-by: Martin Bartoš <mabartos@redhat.com>
Signed-off-by: Alexander Schwartz <alexander.schwartz@ibm.com>
Co-authored-by: Alexander Schwartz <alexander.schwartz@ibm.com>
2025-10-02 10:15:58 +02:00
Alexander Schwartz
37c808bd11 Reorder the release notes (#43026)
* Reorder the release notes

Closes #42994

Signed-off-by: Alexander Schwartz <alexander.schwartz@ibm.com>

* Update docs/documentation/release_notes/topics/26_4_0.adoc

Co-authored-by: Stian Thorgersen <stian@redhat.com>
Signed-off-by: Alexander Schwartz <alexander.schwartz@gmx.net>

* Update docs/documentation/release_notes/topics/26_4_0.adoc

Co-authored-by: Stian Thorgersen <stian@redhat.com>
Signed-off-by: Alexander Schwartz <alexander.schwartz@gmx.net>

* Review

Signed-off-by: Alexander Schwartz <alexander.schwartz@ibm.com>

* Review

Signed-off-by: Alexander Schwartz <alexander.schwartz@ibm.com>

* Review

Signed-off-by: Alexander Schwartz <alexander.schwartz@ibm.com>

* Review

Signed-off-by: Alexander Schwartz <alexander.schwartz@ibm.com>

* Review

Signed-off-by: Alexander Schwartz <alexander.schwartz@ibm.com>

* Review

Signed-off-by: Alexander Schwartz <alexander.schwartz@ibm.com>

---------

Signed-off-by: Alexander Schwartz <alexander.schwartz@ibm.com>
Signed-off-by: Alexander Schwartz <alexander.schwartz@gmx.net>
Co-authored-by: Stian Thorgersen <stian@redhat.com>
2025-09-30 06:47:55 +00:00
Pedro Ruivo
53007546ad Deprecate AuthenticatedClientSessionModel timestamp
Closes #42815

Signed-off-by: Pedro Ruivo <1492066+pruivo@users.noreply.github.com>
Signed-off-by: Alexander Schwartz <alexander.schwartz@ibm.com>
Co-authored-by: Pedro Ruivo <1492066+pruivo@users.noreply.github.com>
Co-authored-by: Alexander Schwartz <alexander.schwartz@ibm.com>
2025-09-29 14:16:39 +00:00
Stian Thorgersen
dbd516f8e6 Refactor SimpleHttp to make it injectable and usable outside server (#42936)
Closes #42902

Signed-off-by: stianst <stianst@gmail.com>
2025-09-29 08:37:05 +02:00
Martin Bartoš
f53e5ebdac [Docs] Additional datasources support (#42655)
* [Docs] Additional datasources support

Closes #40388

Closes #42263

Co-authored-by: Václav Muzikář <vaclav@muzikari.cz>
Signed-off-by: Martin Bartoš <mabartos@redhat.com>

* Rename namedKey to wildcardKey in the code

Signed-off-by: Martin Bartoš <mabartos@redhat.com>

* Clarify the defaults for DB kind

Signed-off-by: Martin Bartoš <mabartos@redhat.com>

* Be more clear about the Named key reference in guide

Signed-off-by: Martin Bartoš <mabartos@redhat.com>

* Vasek's review

Signed-off-by: Martin Bartoš <mabartos@redhat.com>

---------

Signed-off-by: Martin Bartoš <mabartos@redhat.com>
Co-authored-by: Václav Muzikář <vaclav@muzikari.cz>
2025-09-27 08:45:12 +00:00
Václav Muzikář
b65a60e40d Support for EDB 17 (#42341)
Closes #42742
Closes #42293

Signed-off-by: Václav Muzikář <vmuzikar@redhat.com>
2025-09-26 16:04:47 +02:00
rmartinc
1d28c0cd35 Expose system-info information in the serverinfo endpoint only for users in the admin realm
Closes #42828

Signed-off-by: rmartinc <rmartinc@redhat.com>
2025-09-24 17:21:57 +02:00
Pedro Igor
73ee2cb3e2 Update upgrade guide about changes in how the parameter is propagated to OPs
Closes #42139

Signed-off-by: Pedro Igor <pigor.craveiro@gmail.com>
2025-09-24 09:03:04 -03:00
Pedro Igor
54d2451b35 Make user read-only and a proper error message when the user federation provider is not available
Signed-off-by: Pedro Igor <pigor.craveiro@gmail.com>
2025-09-24 04:03:13 -03:00
Alexander Schwartz
a9ed355bfc Adding missing time column to index
Closes #42792

Signed-off-by: Alexander Schwartz <aschwart@redhat.com>
2025-09-23 07:33:08 -03:00
vramik
23043b40b4 Fix reset-password scope documentation and upgrading guide
Closes #42790

Signed-off-by: vramik <vramik@redhat.com>
2025-09-23 07:31:35 -03:00
Stan Silvert
f99c91291c Remove duplicated themes documentation. (#42571)
* Remove duplicated themes documentation.

Signed-off-by: Stan Silvert <ssilvert@redhat.com>

* Move Theme SPI documentation to Themes Guide

Signed-off-by: Stan Silvert <ssilvert@redhat.com>

* Fix link so test will pass.

Fixes #42396

Signed-off-by: Stan Silvert <ssilvert@redhat.com>

* Fix broken links.

Closes #42396

Signed-off-by: Stan Silvert <ssilvert@redhat.com>

* Fix broken link.

Closes #42396

Signed-off-by: Stan Silvert <ssilvert@redhat.com>

---------

Signed-off-by: Stan Silvert <ssilvert@redhat.com>
2025-09-18 10:31:52 +02:00
Pedro Ruivo
f7ff7e55d8 Replace UUID with composite key for client session cache
Closes #42547

Signed-off-by: Pedro Ruivo <1492066+pruivo@users.noreply.github.com>
Signed-off-by: Alexander Schwartz <aschwart@redhat.com>
Co-authored-by: Pedro Ruivo <1492066+pruivo@users.noreply.github.com>
Co-authored-by: Alexander Schwartz <aschwart@redhat.com>
2025-09-17 10:25:51 +00:00
Ryan Emerson
728118d62a Validate wait_timeout parameter on MySQL and MariaDB
Closes #42300

Signed-off-by: Ryan Emerson <remerson@ibm.com>
Signed-off-by: Alexander Schwartz <aschwart@redhat.com>
Co-authored-by: Alexander Schwartz <aschwart@redhat.com>
2025-09-16 09:38:52 +00:00
andymunro
bbe2beebbb Keycloak 26.4 Upgrading Guide
Closes #42564

Signed-off-by: AndyMunro <amunro@redhat.com>
Signed-off-by: Alexander Schwartz <aschwart@redhat.com>
Co-authored-by: Alexander Schwartz <aschwart@redhat.com>
2025-09-16 08:59:28 +02:00
Steven Hawkins
ae1e1d3cc3 fix: allows for schedulings to be defined for operator jobs (#42310)
* fix: allows for schedulings to be defined for operator jobs

closes: #42057

Signed-off-by: Steve Hawkins <shawkins@redhat.com>

* Update docs/guides/operator/advanced-configuration.adoc

Co-authored-by: Václav Muzikář <vaclav@muzikari.cz>
Signed-off-by: Steven Hawkins <shawkins@redhat.com>

---------

Signed-off-by: Steve Hawkins <shawkins@redhat.com>
Signed-off-by: Steven Hawkins <shawkins@redhat.com>
Co-authored-by: Václav Muzikář <vaclav@muzikari.cz>
2025-09-10 16:28:12 +00:00
Alexander Schwartz
473864a45d Fixing the indentation of the sections
Closes #42501

Signed-off-by: Alexander Schwartz <aschwart@redhat.com>
2025-09-10 13:54:50 +02:00
Ryan Emerson
a3c95a2a34 Document tested and supported configurations for single-cluster deployments
Closes #42304

Signed-off-by: Ryan Emerson <remerson@ibm.com>
Signed-off-by: Alexander Schwartz <aschwart@redhat.com>
Co-authored-by: Alexander Schwartz <aschwart@redhat.com>
2025-09-09 19:49:22 +00:00
mposolda
5a05d2123e Unbounded login_hint parameter Can Corrupt KC_RESTART Cookie
closes #40857

Signed-off-by: mposolda <mposolda@gmail.com>
2025-09-09 11:05:19 +02:00
Pedro Igor
40476b53d9 fixup! align /users/count with /users behavior around service-accounts 2025-09-08 11:30:45 -03:00
Alexander Schwartz
ad12b418b4 Review
Closes #42369

Signed-off-by: Alexander Schwartz <aschwart@redhat.com>
2025-09-05 10:28:32 -03:00
Alexander Schwartz
78dce37197 Update documentation after changes to RFC8414 handling
Closes #42323

Signed-off-by: Alexander Schwartz <aschwart@redhat.com>
2025-09-05 10:28:32 -03:00
Bagautdino
d225bce21f feat(FGAPv2): introduce RESET_PASSWORD scope and evaluation
- Add RESET_PASSWORD to AdminPermissionsSchema.USERS
- Require RESET_PASSWORD in UserResource.resetPassword()
- Expose canResetPassword()/requireResetPassword()
- Implement FGAP v2 deny-overrides + secure-by-default + optional fallback
- Include access.resetPassword for Admin Console

Closes #41901

Co-authored-by: Pedro Igor <pigor.craveiro@gmail.com>
Signed-off-by: Bagautdino <336373@edu.itmo.ru>
2025-09-03 15:10:56 -03:00
Pedro Ruivo
935caa97ea Disable peristent user session batching
Closes #41662

Signed-off-by: Pedro Ruivo <1492066+pruivo@users.noreply.github.com>
Signed-off-by: Alexander Schwartz <aschwart@redhat.com>
Co-authored-by: Pedro Ruivo <1492066+pruivo@users.noreply.github.com>
Co-authored-by: Alexander Schwartz <aschwart@redhat.com>
2025-09-01 14:33:21 +00:00
Sebastian Łaskawiec
4c0f071d45 Upgrade Prep doc polishing
Closes #41898

Signed-off-by: Sebastian Łaskawiec <sebastian.laskawiec@defenseunicorns.com>
2025-08-21 13:19:59 +02:00
Ricardo Martin
46e990b7a7 Check for non-ascii local part on emails depending on SMTP configuration
Closes #41994

Signed-off-by: rmartinc <rmartinc@redhat.com>
2025-08-21 08:16:47 +00:00
Steven Hawkins
b6f039a4cc fix: adding a default for ldap connection timeout (#41726)
closes: #39299

Signed-off-by: Steve Hawkins <shawkins@redhat.com>
Signed-off-by: Steven Hawkins <shawkins@redhat.com>
2025-08-19 16:43:42 +00:00
Sebastian Łaskawiec
988bf9cb0b WelcomeResource do not create temporary admins (#41416)
Signed-off-by: Sebastian Łaskawiec <sebastian.laskawiec@defenseunicorns.com>
2025-08-18 17:31:26 +02:00
Ryan Emerson
168d9cc090 Simplify Cache Configuration file by removing built-in cache configurations
Closes #41559

Signed-off-by: Ryan Emerson <remerson@ibm.com>
Signed-off-by: Alexander Schwartz <aschwart@redhat.com>
Co-authored-by: Alexander Schwartz <aschwart@redhat.com>
2025-08-15 16:16:56 +00:00
Ricardo Martin
949ef35a3b Allow and control sending UTF-8 emails in the default email sender impl
Closes #41023

Signed-off-by: rmartinc <rmartinc@redhat.com>
Signed-off-by: Alexander Schwartz <aschwart@redhat.com>
Co-authored-by: Alexander Schwartz <aschwart@redhat.com>
2025-08-15 10:43:38 +00:00
Moshie Samuel
6958f57f0a add configurable cooldown for email resend in VerifyEmail
Closes #41331

Signed-off-by: Moshie Samuel <moshie.samuel@gmail.com>
Signed-off-by: moshiem <moshiem@hardcorebiometric.com>
Signed-off-by: Alexander Schwartz <aschwart@redhat.com>
Co-authored-by: moshiem <moshiem@hardcorebiometric.com>
Co-authored-by: Alexander Schwartz <aschwart@redhat.com>
2025-08-15 07:31:00 +02:00
Alexander Schwartz
7629b7dc53 Show required fields when configuring protocol mappers
Closes #40619

Signed-off-by: Alexander Schwartz <aschwart@redhat.com>
2025-08-15 07:28:45 +02:00
Dmytro Filipenko
bd5818c4c8 Add HTML5 attributes to prevent password manager interference with OTP
* Closes #41831

Signed-off-by: dmfilipenko <wind.fd@gmail.com>
Signed-off-by: Alexander Schwartz <aschwart@redhat.com>
Co-authored-by: Alexander Schwartz <aschwart@redhat.com>
2025-08-14 07:45:53 +00:00
Peter Skopek
651d651c30 Add missing artifact descriptions to allow Maven Central Portal Publisher pass validation process. (#40822)
Signed-off-by: Peter Skopek <pskopek@redhat.com>
2025-08-12 16:50:17 +02:00
Ryan Emerson
a2fe32617c Default to stretched clusters on Kubernetes when possible
Closes #41666

Signed-off-by: Ryan Emerson <remerson@ibm.com>
2025-08-08 08:09:04 +02:00