Commit Graph

155 Commits

Author SHA1 Message Date
Pedro Igor
288b6dae12 More information to docs
Closes #38798

Signed-off-by: Pedro Igor <pigor.craveiro@gmail.com>
2025-04-10 20:03:05 +02:00
Thomas Darimont
478e0b3264 Make sure that there is single audience allowed by default in JWT tokens sent to client authentication
closes #38819

Signed-off-by: mposolda <mposolda@gmail.com>

Co-authored-by: Thomas Darimont <thomas.darimont@googlemail.com>
Co-authored-by: mposolda <mposolda@gmail.com>
2025-04-10 18:08:10 +02:00
Pedro Igor
87430fc181 Add impersonate-members scope to group resource type
Closes #38566

Signed-off-by: Pedro Igor <pigor.craveiro@gmail.com>
2025-04-07 14:56:27 +00:00
vramik
6488890585 [FGAP:V2] remove configure scope from Client resource type
Closes #38567

Signed-off-by: vramik <vramik@redhat.com>
2025-04-07 07:05:02 -03:00
Marek Posolda
f984644d07 Clarify in documentation that legacy token exchange requires FGAP:v1 (#38694)
closes #38693

Signed-off-by: mposolda <mposolda@gmail.com>


Co-authored-by: andymunro <48995441+andymunro@users.noreply.github.com>
Co-authored-by: Alexander Schwartz <alexander.schwartz@gmx.net>
Signed-off-by: Marek Posolda <mposolda@gmail.com>
2025-04-07 08:27:56 +02:00
Alexander Schwartz
d69a530d5b Check HTML head for redirects
Closes #38655

Signed-off-by: Alexander Schwartz <aschwart@redhat.com>
2025-04-04 18:40:41 +02:00
vramik
f076b99407 FGAP documentation
Closes #37245

Signed-off-by: vramik <vramik@redhat.com>
2025-04-03 09:44:32 -03:00
rmartinc
a10c8119d4 Define a max expiration window for Signed JWT client authentication
Closes #38576

Signed-off-by: rmartinc <rmartinc@redhat.com>
2025-04-02 18:32:54 +02:00
Stian Thorgersen
a18948f731 Reorder items in release notes for 26.2 (#38290)
Signed-off-by: stianst <stianst@gmail.com>
2025-03-20 11:52:53 +01:00
Marek Posolda
290905c9cf Documentation for supported token-exchange (#38008)
closes #37126

Signed-off-by: Marek Posolda <mposolda@gmail.com>


Co-authored-by: Bruno Oliveira da Silva <bruno@abstractj.com>
Co-authored-by: andymunro <48995441+andymunro@users.noreply.github.com>
2025-03-14 09:55:44 +01:00
Steven Hawkins
d9c3511fa5 fix: adding a check if the proxy is trusted prior to using a cert header (#37465)
closes: #35861

Signed-off-by: Steve Hawkins <shawkins@redhat.com>
Signed-off-by: Steven Hawkins <shawkins@redhat.com>
2025-03-12 11:21:33 +01:00
Stefan Guilhen
86b2a6a95c Fix docs to also mention roles
Signed-off-by: Stefan Guilhen <sguilhen@redhat.com>

Closes #28569

Signed-off-by: Jakob Overrein <jakob.overrein@basefarm-orange.com>
2025-03-10 16:13:36 -03:00
Stefan Guilhen
d44ebfd4d1 Document the addition of the Relative User Creation DN
Signed-off-by: Stefan Guilhen <sguilhen@redhat.com>
2025-03-10 16:13:36 -03:00
Alexander Schwartz
151e019935 Make NetworkPolicy supported and enabled by default
Closes #36036

Signed-off-by: Alexander Schwartz <aschwart@redhat.com>
Signed-off-by: Alexander Schwartz <alexander.schwartz@gmx.net>
Co-authored-by: Pedro Ruivo <pruivo@users.noreply.github.com>
2025-03-10 11:12:38 +01:00
Alexander Schwartz
b1785ce179 Quote a link that shouldn't be rendered as a link
This should not be clickable.

Closes #37765

Signed-off-by: Alexander Schwartz <aschwart@redhat.com>
2025-03-06 16:50:04 -03:00
Alexander Schwartz
bc7ec1208e Enable the TLS based JGroups encryption by default and update the docs
Closes #37696

Signed-off-by: Alexander Schwartz <aschwart@redhat.com>
2025-03-03 10:50:51 -03:00
Martin Bartoš
6f0ed46404 Upgrade to Quarkus 3.19.0.CR1 (#37492)
Closes #37436

Signed-off-by: Martin Bartoš <mabartos@redhat.com>
2025-02-24 19:52:01 +01:00
Václav Muzikář
764ca50fc4 Upgrade to Quarkus 3.18.2 (#37300)
* Upgrade to Quarkus 3.18.2

Closes #37056

Signed-off-by: Václav Muzikář <vmuzikar@redhat.com>

* Update docs/documentation/upgrading/topics/changes/changes-26_2_0.adoc

Co-authored-by: Alexander Schwartz <alexander.schwartz@gmx.net>
Signed-off-by: Václav Muzikář <vaclav@muzikari.cz>

---------

Signed-off-by: Václav Muzikář <vmuzikar@redhat.com>
Signed-off-by: Václav Muzikář <vaclav@muzikari.cz>
Co-authored-by: Alexander Schwartz <alexander.schwartz@gmx.net>
2025-02-17 16:30:05 +01:00
rmartinc
6850f41060 Force login in reset-credentials to federated users
Closes #37207

Signed-off-by: rmartinc <rmartinc@redhat.com>
2025-02-12 13:47:39 -03:00
Martin Bartoš
af3f6281b8 ExternalLinksTest is broken after Keycloak 26.1.0 release
Fixes #36486

Signed-off-by: Martin Bartoš <mabartos@redhat.com>
2025-01-15 13:12:55 +01:00
Stian Thorgersen
c1c147cb17 Restrict access to environment variables when at the server runtime (#36472)
Signed-off-by: Pedro Igor <pigor.craveiro@gmail.com>
Co-authored-by: Pedro Igor <pigor.craveiro@gmail.com>
2025-01-15 09:36:19 +01:00
Selvi
db5a8466ad Remove duplicate "the" in documentation (#36329)
Signed-off-by: Selvi <SelviA@users.noreply.github.com>
2025-01-09 16:12:30 +01:00
Marek Posolda
4ab34f4816 Updating release notes with core-clients contributions and features (#36066)
closes #35953

Signed-off-by: mposolda <mposolda@gmail.com>


Co-authored-by: andymunro <48995441+andymunro@users.noreply.github.com>
Signed-off-by: Marek Posolda <mposolda@gmail.com>
2024-12-20 10:15:55 +01:00
Jan Verhaeghe
56246096e0 Align on one realm-name placeholder
Closes #36047

Signed-off-by: Jan Verhaeghe <jan@hwfaq.be>
2024-12-19 13:48:18 +00:00
Steven Hawkins
cb1d28d043 fix: deprecating the default db value in production mode (#35674)
closes: #23805



Fix typo in docs, some improvements



adding a negative assertion



Update docs/documentation/upgrading/topics/changes/changes-26_1_0.adoc

Signed-off-by: Steven Hawkins <shawkins@redhat.com>
Co-authored-by: Václav Muzikář <vaclav@muzikari.cz>
2024-12-13 11:59:55 +01:00
Marek Posolda
0265cb6254 Update upgrading notes with the changes related to core clients (#35860)
closes #35859

Signed-off-by: mposolda <mposolda@gmail.com>


Co-authored-by: andymunro <48995441+andymunro@users.noreply.github.com>
Signed-off-by: Marek Posolda <mposolda@gmail.com>
2024-12-13 10:12:37 +01:00
Alexander Schwartz
7c4a5aed77 Restructuring the migration guide (#35724)
Closes #35487

Signed-off-by: Alexander Schwartz <aschwart@redhat.com>
2024-12-10 12:07:32 +01:00
Alexander Schwartz
13e3439246 Upgrading guide 26.0.6 is missing in the upgrading guide (#35545)
Closes #35544

Signed-off-by: Alexander Schwartz <aschwart@redhat.com>
2024-12-03 11:58:32 +01:00
Stefan Guilhen
9861acc2aa UserSessionProvider.removeUserSessions now removes all user sessions (both regular and offline)
Closes #31359

Signed-off-by: Stefan Guilhen <sguilhen@redhat.com>
2024-11-29 12:35:15 -03:00
Giuseppe Graziano
a659c8d1cb Sign AUTH_SESSION_ID cookie (#35297)
closes #34027

Signed-off-by: Giuseppe Graziano <g.graziano94@gmail.com>
2024-11-28 17:28:52 +01:00
Martin Kanis
20770d8aaa Fix upgrading guide about deprecation of getAll() methods in the organization APIs
Closes #34975

Signed-off-by: Martin Kanis <mkanis@redhat.com>
2024-11-25 10:10:02 +01:00
rmartinc
b0b247f1f1 Passivate imported keys if the associate certificate is expired
Closes #34973

Signed-off-by: rmartinc <rmartinc@redhat.com>
2024-11-25 09:40:59 +01:00
Cornelius Roemer
29abfd3e89 Fix typos in *.md and *.adoc files using codespell interactive mode
Closes #35256

This PR fixes a bunch of typos in docs files.

I ran codespell on `*.adoc` and `*.md` files in the repo in interactive mode
carefully checking each identified typo and proposed fix for false positives.

The most widely read file with typos identified is likely the changelog/migration guide.

Signed-off-by: Cornelius Roemer <cornelius.roemer@gmail.com>
2024-11-25 08:21:26 +01:00
Cornelius Roemer
e11db03d76 fix(doc): v24 changelog grammar typo "longer" -> "no longer" ()
Closes #35163

The missing "no" makes this really confusing to read

Signed-off-by: Cornelius Roemer <cornelius.roemer@gmail.com>
2024-11-22 11:56:48 +01:00
Václav Muzikář
d60cb9aaef fix: prevent inclusion of characters that could lead to FileVault path traversal (#35223)
Closes: #35215

Signed-off-by: Peter Zaoral <pzaoral@redhat.com>
Co-authored-by: Peter Zaoral <pepo48@gmail.com>
2024-11-22 10:18:00 +01:00
michielpeeters
cec081961b Update upgrade guide docs 25.0.0 cache options
Closes #34987

Signed-off-by: michielpeeters <michielpeeters@users.noreply.github.com>
Signed-off-by: Alexander Schwartz <aschwart@redhat.com>
Co-authored-by: Alexander Schwartz <aschwart@redhat.com>
2024-11-15 14:27:57 +01:00
Marek Posolda
92d9ac6621 Update KEYCLOAK_SESSION cookie to not have sessionId in plaintext (#34551)
closes #34026

Signed-off-by: mposolda <mposolda@gmail.com>
2024-11-11 18:47:18 +01:00
Pedro Ruivo
d7e5319f70 Document network ports for Keycloak clustering
Also switch the default to jdbc-ping as this  should be a drop-in replacement looking at the networking behavior of udp.

Closes #34658

Signed-off-by: Pedro Ruivo <pruivo@redhat.com>
Signed-off-by: Alexander Schwartz <aschwart@redhat.com>
Co-authored-by: Alexander Schwartz <aschwart@redhat.com>
2024-11-11 13:28:15 +01:00
Pedro Igor
0a05ba49d1 Adding a details map to admin events to store additional contextual data when the event is fired
Signed-off-by: Pedro Igor <pigor.craveiro@gmail.com>
2024-11-07 17:19:43 -03:00
Pedro Ruivo
33cae33ae4 Remove JGroups thread pool docs from HA Guide
Clustering is disabled with multi-site deployment and there is no
JGroups thread pool to configure.

Closes #34715

Signed-off-by: Pedro Ruivo <pruivo@redhat.com>
Signed-off-by: Alexander Schwartz <aschwart@redhat.com>
Co-authored-by: Alexander Schwartz <aschwart@redhat.com>
2024-11-07 09:00:48 +00:00
Ricardo Martin
226daa41c7 Add service account mappers via client scope instead of dedicated scope (#34664)
Closes #10417

Signed-off-by: rmartinc <rmartinc@redhat.com>


Co-authored-by: andymunro <48995441+andymunro@users.noreply.github.com>
Signed-off-by: Ricardo Martin <rmartinc@redhat.com>
2024-11-07 08:45:11 +01:00
Ricardo Martin
ce454bda47 Remove online session when offline access is requested as the first request (#34346)
Closes #34001

Signed-off-by: rmartinc <rmartinc@redhat.com>


Co-authored-by: andymunro <48995441+andymunro@users.noreply.github.com>
Signed-off-by: Marek Posolda <mposolda@gmail.com>

---------

Signed-off-by: rmartinc <rmartinc@redhat.com>
Signed-off-by: Marek Posolda <mposolda@gmail.com>
Co-authored-by: Marek Posolda <mposolda@gmail.com>
Co-authored-by: andymunro <48995441+andymunro@users.noreply.github.com>
2024-11-06 08:33:12 +01:00
Ryan Emerson
a79b67cac8 Deprecate other transport stacks (ec2, azure, google)
Closes #34253

Signed-off-by: Ryan Emerson <remerson@redhat.com>
2024-10-31 11:47:13 +01:00
Andy
f994cc54d5 Remove robots.txt entirely
* remove robots.txt entirely, as blocking page-
crawling prevents the `X-Robots-Tag` headers
(and similar meta tags) from working as intended.

Closes #17433

Signed-off-by: Andy <andy@slice.is>
Signed-off-by: Alexander Schwartz <aschwart@redhat.com>
Co-authored-by: Alexander Schwartz <aschwart@redhat.com>
2024-10-25 12:09:50 +00:00
Ryan Emerson
902abfdae4 JDBC_PING as default discovery protocol
Closes #29399

- Add ProviderFactory#dependsOn to allow dependencies between
  ProviderFactories to be explicitly defined
- Disable Infinispan default shutdownhook disabled to ensure lifecycle
  is managed exclusively by Keycloak
- Remove Infinispan shutdown hook in KeycloakRecorder and manage
  EmbeddedCacheManager lifecycle only in DefaultInfinispanConnectionProviderFactory#close

Signed-off-by: Ryan Emerson <remerson@redhat.com>
Signed-off-by: Alexander Schwartz <aschwart@redhat.com>
Co-authored-by: Alexander Schwartz <aschwart@redhat.com>
2024-10-22 20:19:19 +00:00
Pedro Ruivo
fffa9aa72e Enable virtual threads in Infinispan and JGroups by default
Closes #33939

Signed-off-by: Pedro Ruivo <pruivo@redhat.com>
Signed-off-by: Alexander Schwartz <aschwart@redhat.com>
Co-authored-by: Alexander Schwartz <aschwart@redhat.com>
2024-10-21 16:02:28 +00:00
Jon Koops
7657e71be1 Automatically retrieve configuration for authorization
Closes #14562

Signed-off-by: Jon Koops <jonkoops@gmail.com>
2024-10-18 14:03:36 +02:00
Pedro Ruivo
464fc90519 Fail to start if work cache is not replicated
Keycloak will now fail to start if the work cache is replicated.
Listeners require the data to be local.

Closes #33702

Signed-off-by: Pedro Ruivo <pruivo@redhat.com>
Signed-off-by: Alexander Schwartz <aschwart@redhat.com>
Co-authored-by: Alexander Schwartz <aschwart@redhat.com>
2024-10-09 19:40:24 +00:00
Pedro Ruivo
0e3554934e Read cache-ispn.xml from conf/ by default
Fixed #31492

Signed-off-by: Pedro Ruivo <pruivo@redhat.com>
Signed-off-by: Alexander Schwartz <aschwart@redhat.com>
Co-authored-by: Alexander Schwartz <aschwart@redhat.com>
2024-10-09 16:40:17 +00:00
Alexander Schwartz
d8c8c6a0be Fixing broken links after KC26 docs changes (#33577)
Closes #33576

Signed-off-by: Alexander Schwartz <aschwart@redhat.com>
2024-10-04 13:59:47 +02:00