Commit Graph

190 Commits

Author SHA1 Message Date
sophie [⛧-440729]
d1ff1b186e add option to the nginx x509 client cert lookup provider to not url-decode the passed client cert
Closes #17171 

Signed-off-by: ⛧-440729 [sophie] <sophie@999eagle.moe>
2025-04-11 10:38:38 +02:00
Alexander Schwartz
73ee966feb Sorting the chapters of the HA guide
Closes #38721

Signed-off-by: Alexander Schwartz <aschwart@redhat.com>
2025-04-08 07:23:53 -03:00
Alexander Schwartz
38b543af19 Review comments to align with style guide
Closes #38338

Signed-off-by: Alexander Schwartz <aschwart@redhat.com>
2025-04-05 14:04:21 -03:00
Akbar Husain
6d2de61b8e Fix some ascii doc warnings
Closes #38479

Signed-off-by: akbarhusainpatel <apatel@intermiles.com>
Co-authored-by: akbarhusainpatel <apatel@intermiles.com>
2025-03-27 19:42:18 +01:00
Peter Zaoral
1d6ef3c7a7 [Windows] Improve docs on handling quotes in PowerShell (#37468)
Closes: #36697

Signed-off-by: Peter Zaoral <pzaoral@redhat.com>
2025-03-27 17:00:15 +01:00
Alexander Schwartz
c9b88c6bf6 Finalizing release notes and documentation for initial rolling update
Closes #38168

Signed-off-by: Alexander Schwartz <aschwart@redhat.com>
2025-03-19 21:34:09 +01:00
Alexander Schwartz
d4054032a6 Fix broken link to configuration for production
Closes #38152

Signed-off-by: Alexander Schwartz <aschwart@redhat.com>
2025-03-17 09:31:50 -03:00
Steven Hawkins
d9c3511fa5 fix: adding a check if the proxy is trusted prior to using a cert header (#37465)
closes: #35861

Signed-off-by: Steve Hawkins <shawkins@redhat.com>
Signed-off-by: Steven Hawkins <shawkins@redhat.com>
2025-03-12 11:21:33 +01:00
Alexander Schwartz
bc7ec1208e Enable the TLS based JGroups encryption by default and update the docs
Closes #37696

Signed-off-by: Alexander Schwartz <aschwart@redhat.com>
2025-03-03 10:50:51 -03:00
Pedro Ruivo
f7e21af82e JGroups certificate rotation
Closes #37316

Signed-off-by: Pedro Ruivo <pruivo@redhat.com>
Signed-off-by: Alexander Schwartz <aschwart@redhat.com>
Co-authored-by: Alexander Schwartz <aschwart@redhat.com>
2025-02-27 12:56:18 +01:00
Martin Bartoš
6f0ed46404 Upgrade to Quarkus 3.19.0.CR1 (#37492)
Closes #37436

Signed-off-by: Martin Bartoš <mabartos@redhat.com>
2025-02-24 19:52:01 +01:00
Steven Hawkins
a819a213f9 fix: hardening to prevent usage of proxy-protocol with proxy-headers (#37463)
* fix: hardening to prevent usage of proxy-protocol with proxy-headers

closes: #37458

Signed-off-by: Steve Hawkins <shawkins@redhat.com>

* Update docs/guides/server/reverseproxy.adoc

Co-authored-by: Martin Bartoš <mabartos@redhat.com>
Signed-off-by: Steven Hawkins <shawkins@redhat.com>

---------

Signed-off-by: Steve Hawkins <shawkins@redhat.com>
Signed-off-by: Steven Hawkins <shawkins@redhat.com>
Co-authored-by: Martin Bartoš <mabartos@redhat.com>
2025-02-24 14:48:06 +01:00
Martin Bartoš
324757316b Improve docs about JPA provider configuration for DB migration strategy (#37080)
Closes #37079

Signed-off-by: Martin Bartoš <mabartos@redhat.com>
2025-02-14 17:54:26 +01:00
Pedro Ruivo
70e2a28ff9 Create CA certificate for JGroups encryption
Closes #36750

Signed-off-by: Pedro Ruivo <pruivo@redhat.com>
Signed-off-by: Pedro Ruivo <pruivo@users.noreply.github.com>
Co-authored-by: Alexander Schwartz <alexander.schwartz@gmx.net>
2025-02-13 10:32:43 +00:00
Pedro Ruivo
0f91e67b90 Feature flag: rolling-updates
Closes #36840

Signed-off-by: Pedro Ruivo <pruivo@redhat.com>
2025-02-06 17:03:50 +01:00
Alexander Schwartz
757f46a75a Document external port and address feature for JGroups (#36913)
Closes #36858

Signed-off-by: Alexander Schwartz <aschwart@redhat.com>
2025-02-04 22:20:49 +01:00
Martin Bartoš
20203746fb Support ECS for logs
Closes #36854

Signed-off-by: Martin Bartoš <mabartos@redhat.com>
2025-02-04 17:59:30 +01:00
Martin Bartoš
33782602ca Improve readability of relevant options in guides (#37015)
Closes #37014

Signed-off-by: Martin Bartoš <mabartos@redhat.com>
2025-02-04 14:07:50 +01:00
Steven Hawkins
827e82ad25 fix: adding a check and documenting import naming conventions (#36340)
closes: #36284 #34793

Signed-off-by: Steve Hawkins <shawkins@redhat.com>
2025-01-28 18:44:47 +01:00
Pedro Ruivo
588e60e058 New CLI command: update-compatibility
Closes #36306

Signed-off-by: Pedro Ruivo <pruivo@redhat.com>
Signed-off-by: Alexander Schwartz <aschwart@redhat.com>
Co-authored-by: Alexander Schwartz <aschwart@redhat.com>
2025-01-24 15:05:58 +00:00
James Nord
3356b9bfea fix incorrect statement about BC FIPS licences (#36680)
closes #36679

Signed-off-by: James Nord <jtnord@users.noreply.github.com>
2025-01-23 10:32:54 +01:00
rmartinc
6cf92d9dc7 Add crl cache to certificate validation
Closes #26473

Signed-off-by: rmartinc <rmartinc@redhat.com>
2025-01-22 14:58:35 +01:00
Alexander Schwartz
caf546bdb2 Update the documentation on how to run Keycloak IPv6 only (#36393)
Closes #36456

Signed-off-by: Alexander Schwartz <aschwart@redhat.com>
Signed-off-by: Alexander Schwartz <alexander.schwartz@gmx.net>
Signed-off-by: Michal Hajas <mhajas@redhat.com>
Co-authored-by: Pedro Ruivo <pruivo@users.noreply.github.com>
2025-01-16 10:41:22 +01:00
Stian Thorgersen
c1c147cb17 Restrict access to environment variables when at the server runtime (#36472)
Signed-off-by: Pedro Igor <pigor.craveiro@gmail.com>
Co-authored-by: Pedro Igor <pigor.craveiro@gmail.com>
2025-01-15 09:36:19 +01:00
Alexander Schwartz
4a924f6c94 Tune the caching guide for the upcoming release
Closes #36039

Co-authored-by: Pedro Ruivo <pruivo@users.noreply.github.com>
Signed-off-by: Alexander Schwartz <aschwart@redhat.com>
2024-12-19 16:43:02 +01:00
Jan Verhaeghe
56246096e0 Align on one realm-name placeholder
Closes #36047

Signed-off-by: Jan Verhaeghe <jan@hwfaq.be>
2024-12-19 13:48:18 +00:00
Steven Hawkins
2bb98d9684 fix: updating the partially dynamic url to not include path (#35831)
closes: #35706

Signed-off-by: Steve Hawkins <shawkins@redhat.com>
2024-12-13 12:01:13 +01:00
Václav Muzikář
9993e17346 Ability to specify log category levels through separate options (#35138)
Closes #34957

Co-authored-by: Steve Hawkins <shawkins@redhat.com>
Signed-off-by: Václav Muzikář <vmuzikar@redhat.com>
2024-12-11 17:27:44 +01:00
Steven Hawkins
27eaaefc4f fix: removing doc that suggests using the config file for quarkus props (#35820)
closes: #35770

Signed-off-by: Steve Hawkins <shawkins@redhat.com>
2024-12-11 16:35:38 +01:00
Eric Bariaux
782135684c Fixed grammar in directory-structure.adoc
Closes #35766

Signed-off-by: Eric Bariaux <375613+ebariaux@users.noreply.github.com>
2024-12-10 18:32:29 +00:00
Thomas Aunvik
05884e882f Changed 'http-enabled' to correct code quotes
Closes #35611

Signed-off-by: Thomas Aunvik <contact@thaun.dev>
2024-12-04 17:34:21 +00:00
Steven Hawkins
37dc2b6ca3 correcting handling of \ in configuration values on windows (#34462)
closes: #34041

Signed-off-by: Steve Hawkins <shawkins@redhat.com>
Co-authored-by: Peter Zaoral <pzaoral@redhat.com>
2024-12-04 17:15:05 +01:00
Alexander Schwartz
12436fd922 Fix unordered list in caching guide
Closes #35006

Signed-off-by: Alexander Schwartz <aschwart@redhat.com>
2024-11-25 13:47:42 +01:00
Michal Hajas
cb914b2a3d Fix observability links
Closes #35240
Signed-off-by: Michal Hajas <mhajas@redhat.com>
2024-11-22 17:41:35 +01:00
Václav Muzikář
d60cb9aaef fix: prevent inclusion of characters that could lead to FileVault path traversal (#35223)
Closes: #35215

Signed-off-by: Peter Zaoral <pzaoral@redhat.com>
Co-authored-by: Peter Zaoral <pepo48@gmail.com>
2024-11-22 10:18:00 +01:00
Václav Muzikář
cf622e8d51 Update docs with security warning around client certificate lookup (#35222)
Closes #35217

Signed-off-by: Václav Muzikář <vmuzikar@redhat.com>
2024-11-22 10:12:21 +01:00
Michal Hajas
7049e08c7b Create a new guide category Observability and move some guides from server to it (#35144)
Closes: #35127

Signed-off-by: Michal Hajas <mhajas@redhat.com>
2024-11-21 13:57:59 +01:00
Jean-Christophe Manciot
9d10b81be2 db.adoc: Refined the 'Configuring a database' paragraph (#32483)
* db.adoc: Refined the 'Configuring a database' paragraph

closes: #32348

Signed-off-by: Steve Hawkins <shawkins@redhat.com>

* Apply suggestions from code review

Co-authored-by: Martin Bartoš <mabartos@redhat.com>
Signed-off-by: Steven Hawkins <shawkins@redhat.com>

* Update docs/guides/server/db.adoc

Co-authored-by: Václav Muzikář <vaclav@muzikari.cz>
Signed-off-by: Steven Hawkins <shawkins@redhat.com>

---------

Signed-off-by: Steve Hawkins <shawkins@redhat.com>
Signed-off-by: Steven Hawkins <shawkins@redhat.com>
Co-authored-by: Steven Hawkins <shawkins@redhat.com>
Co-authored-by: Martin Bartoš <mabartos@redhat.com>
Co-authored-by: Václav Muzikář <vaclav@muzikari.cz>
2024-11-14 17:13:05 +00:00
andymunro
3ca3a4ad34 Update installation locations
Closes #34855

Signed-off-by: AndyMunro <amunro@redhat.com>
Signed-off-by: Alexander Schwartz <aschwart@redhat.com>
Co-authored-by: Alexander Schwartz <aschwart@redhat.com>
2024-11-12 14:10:32 +00:00
Pedro Ruivo
d7e5319f70 Document network ports for Keycloak clustering
Also switch the default to jdbc-ping as this  should be a drop-in replacement looking at the networking behavior of udp.

Closes #34658

Signed-off-by: Pedro Ruivo <pruivo@redhat.com>
Signed-off-by: Alexander Schwartz <aschwart@redhat.com>
Co-authored-by: Alexander Schwartz <aschwart@redhat.com>
2024-11-11 13:28:15 +01:00
Stian Thorgersen
b82ec62eb7 Add database testsuite matrix to new testsuite (#34775)
Closes #34692

Signed-off-by: stianst <stianst@gmail.com>
2024-11-11 07:04:30 +01:00
Bernd Bohmann
7681687e0a Provide missing user event metrics from aerogear/keycloak-metrics-spi to a keycloak micrometer event listener
inspired by
https://github.com/aerogear/keycloak-metrics-spi
https://github.com/please-openit/keycloak-native-metrics

Closes #33043

Signed-off-by: Bernd Bohmann <bommel@apache.org>
Signed-off-by: Alexander Schwartz <aschwart@redhat.com>
Signed-off-by: Michal Hajas <mhajas@redhat.com>
Co-authored-by: Alexander Schwartz <aschwart@redhat.com>
Co-authored-by: Michal Hajas <mhajas@redhat.com>
2024-11-04 08:56:24 +01:00
Max Hovens
4e540fa2a7 Remove inaccurate statement about master realm imports
This is supported since 26.0.0

Closes #34301

Signed-off-by: maxhov <14804474+maxhov@users.noreply.github.com>
2024-10-31 11:23:35 +00:00
Ryan Emerson
a79b67cac8 Deprecate other transport stacks (ec2, azure, google)
Closes #34253

Signed-off-by: Ryan Emerson <remerson@redhat.com>
2024-10-31 11:47:13 +01:00
Ryan Emerson
7152a8b0f3 Update caching docs to reflect that IP multicast is no longer used by default
Closes #34495

Signed-off-by: Ryan Emerson <remerson@redhat.com>
Signed-off-by: Alexander Schwartz <aschwart@redhat.com>
Co-authored-by: Alexander Schwartz <aschwart@redhat.com>
2024-10-30 11:47:32 +00:00
Andy
f994cc54d5 Remove robots.txt entirely
* remove robots.txt entirely, as blocking page-
crawling prevents the `X-Robots-Tag` headers
(and similar meta tags) from working as intended.

Closes #17433

Signed-off-by: Andy <andy@slice.is>
Signed-off-by: Alexander Schwartz <aschwart@redhat.com>
Co-authored-by: Alexander Schwartz <aschwart@redhat.com>
2024-10-25 12:09:50 +00:00
Ryan Emerson
6eb870fcfc Add JDBC_PING2 stacks for both TCP and UDP
Closes #34265

Signed-off-by: Ryan Emerson <remerson@redhat.com>
Signed-off-by: Alexander Schwartz <aschwart@redhat.com>
Co-authored-by: Alexander Schwartz <aschwart@redhat.com>
2024-10-25 00:17:44 +02:00
Ryan Emerson
902abfdae4 JDBC_PING as default discovery protocol
Closes #29399

- Add ProviderFactory#dependsOn to allow dependencies between
  ProviderFactories to be explicitly defined
- Disable Infinispan default shutdownhook disabled to ensure lifecycle
  is managed exclusively by Keycloak
- Remove Infinispan shutdown hook in KeycloakRecorder and manage
  EmbeddedCacheManager lifecycle only in DefaultInfinispanConnectionProviderFactory#close

Signed-off-by: Ryan Emerson <remerson@redhat.com>
Signed-off-by: Alexander Schwartz <aschwart@redhat.com>
Co-authored-by: Alexander Schwartz <aschwart@redhat.com>
2024-10-22 20:19:19 +00:00
Steven Hawkins
af1a5ea2a8 fix: refining https file type detection (#33703)
also making common trustore logic align

closes: #33649

Signed-off-by: Steve Hawkins <shawkins@redhat.com>
2024-10-22 13:05:56 -04:00
Steven Hawkins
fd89297c15 fix: adding a server guide on installation location / layout (#33604)
closes: #32110

Signed-off-by: Steve Hawkins <shawkins@redhat.com>
2024-10-21 18:02:37 +02:00