sophie [⛧-440729]
d1ff1b186e
add option to the nginx x509 client cert lookup provider to not url-decode the passed client cert
...
Closes #17171
Signed-off-by: ⛧-440729 [sophie] <sophie@999eagle.moe >
2025-04-11 10:38:38 +02:00
Alexander Schwartz
73ee966feb
Sorting the chapters of the HA guide
...
Closes #38721
Signed-off-by: Alexander Schwartz <aschwart@redhat.com >
2025-04-08 07:23:53 -03:00
Alexander Schwartz
38b543af19
Review comments to align with style guide
...
Closes #38338
Signed-off-by: Alexander Schwartz <aschwart@redhat.com >
2025-04-05 14:04:21 -03:00
Akbar Husain
6d2de61b8e
Fix some ascii doc warnings
...
Closes #38479
Signed-off-by: akbarhusainpatel <apatel@intermiles.com >
Co-authored-by: akbarhusainpatel <apatel@intermiles.com >
2025-03-27 19:42:18 +01:00
Peter Zaoral
1d6ef3c7a7
[Windows] Improve docs on handling quotes in PowerShell ( #37468 )
...
Closes : #36697
Signed-off-by: Peter Zaoral <pzaoral@redhat.com >
2025-03-27 17:00:15 +01:00
Alexander Schwartz
c9b88c6bf6
Finalizing release notes and documentation for initial rolling update
...
Closes #38168
Signed-off-by: Alexander Schwartz <aschwart@redhat.com >
2025-03-19 21:34:09 +01:00
Alexander Schwartz
d4054032a6
Fix broken link to configuration for production
...
Closes #38152
Signed-off-by: Alexander Schwartz <aschwart@redhat.com >
2025-03-17 09:31:50 -03:00
Steven Hawkins
d9c3511fa5
fix: adding a check if the proxy is trusted prior to using a cert header ( #37465 )
...
closes : #35861
Signed-off-by: Steve Hawkins <shawkins@redhat.com >
Signed-off-by: Steven Hawkins <shawkins@redhat.com >
2025-03-12 11:21:33 +01:00
Alexander Schwartz
bc7ec1208e
Enable the TLS based JGroups encryption by default and update the docs
...
Closes #37696
Signed-off-by: Alexander Schwartz <aschwart@redhat.com >
2025-03-03 10:50:51 -03:00
Pedro Ruivo
f7e21af82e
JGroups certificate rotation
...
Closes #37316
Signed-off-by: Pedro Ruivo <pruivo@redhat.com >
Signed-off-by: Alexander Schwartz <aschwart@redhat.com >
Co-authored-by: Alexander Schwartz <aschwart@redhat.com >
2025-02-27 12:56:18 +01:00
Martin Bartoš
6f0ed46404
Upgrade to Quarkus 3.19.0.CR1 ( #37492 )
...
Closes #37436
Signed-off-by: Martin Bartoš <mabartos@redhat.com >
2025-02-24 19:52:01 +01:00
Steven Hawkins
a819a213f9
fix: hardening to prevent usage of proxy-protocol with proxy-headers ( #37463 )
...
* fix: hardening to prevent usage of proxy-protocol with proxy-headers
closes : #37458
Signed-off-by: Steve Hawkins <shawkins@redhat.com >
* Update docs/guides/server/reverseproxy.adoc
Co-authored-by: Martin Bartoš <mabartos@redhat.com >
Signed-off-by: Steven Hawkins <shawkins@redhat.com >
---------
Signed-off-by: Steve Hawkins <shawkins@redhat.com >
Signed-off-by: Steven Hawkins <shawkins@redhat.com >
Co-authored-by: Martin Bartoš <mabartos@redhat.com >
2025-02-24 14:48:06 +01:00
Martin Bartoš
324757316b
Improve docs about JPA provider configuration for DB migration strategy ( #37080 )
...
Closes #37079
Signed-off-by: Martin Bartoš <mabartos@redhat.com >
2025-02-14 17:54:26 +01:00
Pedro Ruivo
70e2a28ff9
Create CA certificate for JGroups encryption
...
Closes #36750
Signed-off-by: Pedro Ruivo <pruivo@redhat.com >
Signed-off-by: Pedro Ruivo <pruivo@users.noreply.github.com >
Co-authored-by: Alexander Schwartz <alexander.schwartz@gmx.net >
2025-02-13 10:32:43 +00:00
Pedro Ruivo
0f91e67b90
Feature flag: rolling-updates
...
Closes #36840
Signed-off-by: Pedro Ruivo <pruivo@redhat.com >
2025-02-06 17:03:50 +01:00
Alexander Schwartz
757f46a75a
Document external port and address feature for JGroups ( #36913 )
...
Closes #36858
Signed-off-by: Alexander Schwartz <aschwart@redhat.com >
2025-02-04 22:20:49 +01:00
Martin Bartoš
20203746fb
Support ECS for logs
...
Closes #36854
Signed-off-by: Martin Bartoš <mabartos@redhat.com >
2025-02-04 17:59:30 +01:00
Martin Bartoš
33782602ca
Improve readability of relevant options in guides ( #37015 )
...
Closes #37014
Signed-off-by: Martin Bartoš <mabartos@redhat.com >
2025-02-04 14:07:50 +01:00
Steven Hawkins
827e82ad25
fix: adding a check and documenting import naming conventions ( #36340 )
...
closes : #36284 #34793
Signed-off-by: Steve Hawkins <shawkins@redhat.com >
2025-01-28 18:44:47 +01:00
Pedro Ruivo
588e60e058
New CLI command: update-compatibility
...
Closes #36306
Signed-off-by: Pedro Ruivo <pruivo@redhat.com >
Signed-off-by: Alexander Schwartz <aschwart@redhat.com >
Co-authored-by: Alexander Schwartz <aschwart@redhat.com >
2025-01-24 15:05:58 +00:00
James Nord
3356b9bfea
fix incorrect statement about BC FIPS licences ( #36680 )
...
closes #36679
Signed-off-by: James Nord <jtnord@users.noreply.github.com >
2025-01-23 10:32:54 +01:00
rmartinc
6cf92d9dc7
Add crl cache to certificate validation
...
Closes #26473
Signed-off-by: rmartinc <rmartinc@redhat.com >
2025-01-22 14:58:35 +01:00
Alexander Schwartz
caf546bdb2
Update the documentation on how to run Keycloak IPv6 only ( #36393 )
...
Closes #36456
Signed-off-by: Alexander Schwartz <aschwart@redhat.com >
Signed-off-by: Alexander Schwartz <alexander.schwartz@gmx.net >
Signed-off-by: Michal Hajas <mhajas@redhat.com >
Co-authored-by: Pedro Ruivo <pruivo@users.noreply.github.com >
2025-01-16 10:41:22 +01:00
Stian Thorgersen
c1c147cb17
Restrict access to environment variables when at the server runtime ( #36472 )
...
Signed-off-by: Pedro Igor <pigor.craveiro@gmail.com >
Co-authored-by: Pedro Igor <pigor.craveiro@gmail.com >
2025-01-15 09:36:19 +01:00
Alexander Schwartz
4a924f6c94
Tune the caching guide for the upcoming release
...
Closes #36039
Co-authored-by: Pedro Ruivo <pruivo@users.noreply.github.com >
Signed-off-by: Alexander Schwartz <aschwart@redhat.com >
2024-12-19 16:43:02 +01:00
Jan Verhaeghe
56246096e0
Align on one realm-name placeholder
...
Closes #36047
Signed-off-by: Jan Verhaeghe <jan@hwfaq.be >
2024-12-19 13:48:18 +00:00
Steven Hawkins
2bb98d9684
fix: updating the partially dynamic url to not include path ( #35831 )
...
closes : #35706
Signed-off-by: Steve Hawkins <shawkins@redhat.com >
2024-12-13 12:01:13 +01:00
Václav Muzikář
9993e17346
Ability to specify log category levels through separate options ( #35138 )
...
Closes #34957
Co-authored-by: Steve Hawkins <shawkins@redhat.com >
Signed-off-by: Václav Muzikář <vmuzikar@redhat.com >
2024-12-11 17:27:44 +01:00
Steven Hawkins
27eaaefc4f
fix: removing doc that suggests using the config file for quarkus props ( #35820 )
...
closes : #35770
Signed-off-by: Steve Hawkins <shawkins@redhat.com >
2024-12-11 16:35:38 +01:00
Eric Bariaux
782135684c
Fixed grammar in directory-structure.adoc
...
Closes #35766
Signed-off-by: Eric Bariaux <375613+ebariaux@users.noreply.github.com >
2024-12-10 18:32:29 +00:00
Thomas Aunvik
05884e882f
Changed 'http-enabled' to correct code quotes
...
Closes #35611
Signed-off-by: Thomas Aunvik <contact@thaun.dev >
2024-12-04 17:34:21 +00:00
Steven Hawkins
37dc2b6ca3
correcting handling of \ in configuration values on windows ( #34462 )
...
closes : #34041
Signed-off-by: Steve Hawkins <shawkins@redhat.com >
Co-authored-by: Peter Zaoral <pzaoral@redhat.com >
2024-12-04 17:15:05 +01:00
Alexander Schwartz
12436fd922
Fix unordered list in caching guide
...
Closes #35006
Signed-off-by: Alexander Schwartz <aschwart@redhat.com >
2024-11-25 13:47:42 +01:00
Michal Hajas
cb914b2a3d
Fix observability links
...
Closes #35240
Signed-off-by: Michal Hajas <mhajas@redhat.com >
2024-11-22 17:41:35 +01:00
Václav Muzikář
d60cb9aaef
fix: prevent inclusion of characters that could lead to FileVault path traversal ( #35223 )
...
Closes : #35215
Signed-off-by: Peter Zaoral <pzaoral@redhat.com >
Co-authored-by: Peter Zaoral <pepo48@gmail.com >
2024-11-22 10:18:00 +01:00
Václav Muzikář
cf622e8d51
Update docs with security warning around client certificate lookup ( #35222 )
...
Closes #35217
Signed-off-by: Václav Muzikář <vmuzikar@redhat.com >
2024-11-22 10:12:21 +01:00
Michal Hajas
7049e08c7b
Create a new guide category Observability and move some guides from server to it ( #35144 )
...
Closes : #35127
Signed-off-by: Michal Hajas <mhajas@redhat.com >
2024-11-21 13:57:59 +01:00
Jean-Christophe Manciot
9d10b81be2
db.adoc: Refined the 'Configuring a database' paragraph ( #32483 )
...
* db.adoc: Refined the 'Configuring a database' paragraph
closes : #32348
Signed-off-by: Steve Hawkins <shawkins@redhat.com >
* Apply suggestions from code review
Co-authored-by: Martin Bartoš <mabartos@redhat.com >
Signed-off-by: Steven Hawkins <shawkins@redhat.com >
* Update docs/guides/server/db.adoc
Co-authored-by: Václav Muzikář <vaclav@muzikari.cz >
Signed-off-by: Steven Hawkins <shawkins@redhat.com >
---------
Signed-off-by: Steve Hawkins <shawkins@redhat.com >
Signed-off-by: Steven Hawkins <shawkins@redhat.com >
Co-authored-by: Steven Hawkins <shawkins@redhat.com >
Co-authored-by: Martin Bartoš <mabartos@redhat.com >
Co-authored-by: Václav Muzikář <vaclav@muzikari.cz >
2024-11-14 17:13:05 +00:00
andymunro
3ca3a4ad34
Update installation locations
...
Closes #34855
Signed-off-by: AndyMunro <amunro@redhat.com >
Signed-off-by: Alexander Schwartz <aschwart@redhat.com >
Co-authored-by: Alexander Schwartz <aschwart@redhat.com >
2024-11-12 14:10:32 +00:00
Pedro Ruivo
d7e5319f70
Document network ports for Keycloak clustering
...
Also switch the default to jdbc-ping as this should be a drop-in replacement looking at the networking behavior of udp.
Closes #34658
Signed-off-by: Pedro Ruivo <pruivo@redhat.com >
Signed-off-by: Alexander Schwartz <aschwart@redhat.com >
Co-authored-by: Alexander Schwartz <aschwart@redhat.com >
2024-11-11 13:28:15 +01:00
Stian Thorgersen
b82ec62eb7
Add database testsuite matrix to new testsuite ( #34775 )
...
Closes #34692
Signed-off-by: stianst <stianst@gmail.com >
2024-11-11 07:04:30 +01:00
Bernd Bohmann
7681687e0a
Provide missing user event metrics from aerogear/keycloak-metrics-spi to a keycloak micrometer event listener
...
inspired by
https://github.com/aerogear/keycloak-metrics-spi
https://github.com/please-openit/keycloak-native-metrics
Closes #33043
Signed-off-by: Bernd Bohmann <bommel@apache.org >
Signed-off-by: Alexander Schwartz <aschwart@redhat.com >
Signed-off-by: Michal Hajas <mhajas@redhat.com >
Co-authored-by: Alexander Schwartz <aschwart@redhat.com >
Co-authored-by: Michal Hajas <mhajas@redhat.com >
2024-11-04 08:56:24 +01:00
Max Hovens
4e540fa2a7
Remove inaccurate statement about master realm imports
...
This is supported since 26.0.0
Closes #34301
Signed-off-by: maxhov <14804474+maxhov@users.noreply.github.com >
2024-10-31 11:23:35 +00:00
Ryan Emerson
a79b67cac8
Deprecate other transport stacks (ec2, azure, google)
...
Closes #34253
Signed-off-by: Ryan Emerson <remerson@redhat.com >
2024-10-31 11:47:13 +01:00
Ryan Emerson
7152a8b0f3
Update caching docs to reflect that IP multicast is no longer used by default
...
Closes #34495
Signed-off-by: Ryan Emerson <remerson@redhat.com >
Signed-off-by: Alexander Schwartz <aschwart@redhat.com >
Co-authored-by: Alexander Schwartz <aschwart@redhat.com >
2024-10-30 11:47:32 +00:00
Andy
f994cc54d5
Remove robots.txt entirely
...
* remove robots.txt entirely, as blocking page-
crawling prevents the `X-Robots-Tag` headers
(and similar meta tags) from working as intended.
Closes #17433
Signed-off-by: Andy <andy@slice.is >
Signed-off-by: Alexander Schwartz <aschwart@redhat.com >
Co-authored-by: Alexander Schwartz <aschwart@redhat.com >
2024-10-25 12:09:50 +00:00
Ryan Emerson
6eb870fcfc
Add JDBC_PING2 stacks for both TCP and UDP
...
Closes #34265
Signed-off-by: Ryan Emerson <remerson@redhat.com >
Signed-off-by: Alexander Schwartz <aschwart@redhat.com >
Co-authored-by: Alexander Schwartz <aschwart@redhat.com >
2024-10-25 00:17:44 +02:00
Ryan Emerson
902abfdae4
JDBC_PING as default discovery protocol
...
Closes #29399
- Add ProviderFactory#dependsOn to allow dependencies between
ProviderFactories to be explicitly defined
- Disable Infinispan default shutdownhook disabled to ensure lifecycle
is managed exclusively by Keycloak
- Remove Infinispan shutdown hook in KeycloakRecorder and manage
EmbeddedCacheManager lifecycle only in DefaultInfinispanConnectionProviderFactory#close
Signed-off-by: Ryan Emerson <remerson@redhat.com >
Signed-off-by: Alexander Schwartz <aschwart@redhat.com >
Co-authored-by: Alexander Schwartz <aschwart@redhat.com >
2024-10-22 20:19:19 +00:00
Steven Hawkins
af1a5ea2a8
fix: refining https file type detection ( #33703 )
...
also making common trustore logic align
closes : #33649
Signed-off-by: Steve Hawkins <shawkins@redhat.com >
2024-10-22 13:05:56 -04:00
Steven Hawkins
fd89297c15
fix: adding a server guide on installation location / layout ( #33604 )
...
closes : #32110
Signed-off-by: Steve Hawkins <shawkins@redhat.com >
2024-10-21 18:02:37 +02:00