Commit Graph

1341 Commits

Author SHA1 Message Date
Takashi Norimatsu
d740c0f3db FAPI 2.0 Security Profile Final - Add FAPI 2.0 Final security profile as default profile of client policies
closes #41120

Signed-off-by: Takashi Norimatsu <takashi.norimatsu.ws@hitachi.com>
2025-09-08 17:23:53 +02:00
Pedro Igor
40476b53d9 fixup! align /users/count with /users behavior around service-accounts 2025-09-08 11:30:45 -03:00
Ryan Emerson
05e731f098 Fix broken HA guide links
Closes #42426

Signed-off-by: Ryan Emerson <remerson@ibm.com>
2025-09-08 14:20:08 +02:00
Eugen Stan
c0537cbbe8 Specify link to where containers are published in start-keycloak-container.adoc
Closes #42392

Signed-off-by: Eugen Stan <eugen@ieugen.ro>
Signed-off-by: Alexander Schwartz <aschwart@redhat.com>
Co-authored-by: Alexander Schwartz <aschwart@redhat.com>
2025-09-05 15:21:33 +00:00
Ryan Emerson
17684f8011 Remove usage of the term stretched from single-cluster HA guides
Closes #42358

Signed-off-by: Ryan Emerson <remerson@ibm.com>
2025-09-05 15:49:19 +02:00
Alexander Schwartz
ad12b418b4 Review
Closes #42369

Signed-off-by: Alexander Schwartz <aschwart@redhat.com>
2025-09-05 10:28:32 -03:00
Alexander Schwartz
78dce37197 Update documentation after changes to RFC8414 handling
Closes #42323

Signed-off-by: Alexander Schwartz <aschwart@redhat.com>
2025-09-05 10:28:32 -03:00
Bagautdino
d225bce21f feat(FGAPv2): introduce RESET_PASSWORD scope and evaluation
- Add RESET_PASSWORD to AdminPermissionsSchema.USERS
- Require RESET_PASSWORD in UserResource.resetPassword()
- Expose canResetPassword()/requireResetPassword()
- Implement FGAP v2 deny-overrides + secure-by-default + optional fallback
- Include access.resetPassword for Admin Console

Closes #41901

Co-authored-by: Pedro Igor <pigor.craveiro@gmail.com>
Signed-off-by: Bagautdino <336373@edu.itmo.ru>
2025-09-03 15:10:56 -03:00
Ryan Emerson
4fec0a8630 Document that single-cluster deployments expect all Keycloak instances to serve traffic
Closes #42305

Signed-off-by: Ryan Emerson <remerson@ibm.com>
Signed-off-by: Alexander Schwartz <alexander.schwartz@gmx.net>
Co-authored-by: Alexander Schwartz <alexander.schwartz@gmx.net>
2025-09-03 18:30:13 +02:00
Alexander Schwartz
665f4140da Adding missing docs for 26.4 release notes
Closes #42252

Signed-off-by: Alexander Schwartz <alexander.schwartz@gmx.net>
Signed-off-by: Alexander Schwartz <aschwart@redhat.com>
Co-authored-by: Vinod Anandan <vinod@owasp.org>
2025-09-02 17:47:12 -03:00
vramik
4aa604ad04 Updated the screenshot to correctly show "Apply to Resource Type" enabled,
which is required for typed resource permissions.

Closes #42159

Signed-off-by: vramik <vramik@redhat.com>
2025-09-02 12:27:36 -03:00
Pedro Ruivo
935caa97ea Disable peristent user session batching
Closes #41662

Signed-off-by: Pedro Ruivo <1492066+pruivo@users.noreply.github.com>
Signed-off-by: Alexander Schwartz <aschwart@redhat.com>
Co-authored-by: Pedro Ruivo <1492066+pruivo@users.noreply.github.com>
Co-authored-by: Alexander Schwartz <aschwart@redhat.com>
2025-09-01 14:33:21 +00:00
Tobias Genannt
ca93863d60 fix: Update to new dash standard
Closes #42270

Signed-off-by: Tobias Genannt <tobias.genannt@gmail.com>
2025-09-01 12:49:02 +00:00
Pedro Ruivo
f4ec4cff1a Configure topology information in Infinispan
Closes #41933

Signed-off-by: Pedro Ruivo <1492066+pruivo@users.noreply.github.com>
Co-authored-by: Pedro Ruivo <1492066+pruivo@users.noreply.github.com>
2025-09-01 14:40:39 +02:00
am97
0c91d106a2 Add build documentation for REST API and Javadoc
Closes #42176

Signed-off-by: Andrés Maldonado <maldonado@codelutin.com>
Signed-off-by: Alexander Schwartz <alexander.schwartz@gmx.net>
Co-authored-by: Alexander Schwartz <alexander.schwartz@gmx.net>
2025-09-01 11:37:26 +00:00
Alexander Schwartz
1eba022149 Document network latency requirements for high available setups
Closes #42186

Signed-off-by: Alexander Schwartz <aschwart@redhat.com>
2025-08-28 23:46:20 +02:00
Steven Hawkins
e891336167 fix: expands our warnings/notes around placeholder usage (#42151)
addresses CVE-2025-9162

closes: #42046

Signed-off-by: Steve Hawkins <shawkins@redhat.com>
2025-08-28 17:06:55 +02:00
Steven Hawkins
183a96d6a1 enhance: adding the ability to set truststores via configmaps (#41796)
closes: #34114

Signed-off-by: Steve Hawkins <shawkins@redhat.com>
2025-08-28 16:55:52 +02:00
Steven Hawkins
565e195f48 enhance: allow for control over what port health checks are exposed on (#41759)
closes: #39506

Signed-off-by: Steve Hawkins <shawkins@redhat.com>
2025-08-28 10:18:22 +02:00
Alexis Rico
224ccbb79d Make organization domains optional
Closes #31285

Signed-off-by: Alexis Rico <sferadev@gmail.com>
2025-08-27 18:11:15 -03:00
Niko Köbler
236d2f9f62 Add configuration option to automatically add recovery codes action after otp configuration
closes #41836

Signed-off-by: Niko Köbler <niko@n-k.de>
Signed-off-by: Alexander Schwartz <aschwart@redhat.com>
Co-authored-by: Alexander Schwartz <aschwart@redhat.com>
2025-08-27 17:56:59 +02:00
laureat-natzka
edbe28147e Pass IDP config values to themes (#40373)
Signed-off-by: Laureat Grepi <laureat@Laureat-MacBook-Pro.local>
Co-authored-by: Laureat Grepi <laureat@Laureat-MacBook-Pro.local>
2025-08-25 17:50:06 +00:00
Sebastian Łaskawiec
4c0f071d45 Upgrade Prep doc polishing
Closes #41898

Signed-off-by: Sebastian Łaskawiec <sebastian.laskawiec@defenseunicorns.com>
2025-08-21 13:19:59 +02:00
Martin Bartoš
6149d66405 Update screenshot for traces in Jaeger (#42036)
Signed-off-by: Martin Bartoš <mabartos@redhat.com>
2025-08-21 13:17:20 +02:00
Pedro Ruivo
2f131fa56c Detect and handle KC split brain clusters
Closes #41561

Signed-off-by: Pedro Ruivo <1492066+pruivo@users.noreply.github.com>
Signed-off-by: Pedro Ruivo <pruivo@users.noreply.github.com>
Signed-off-by: Alexander Schwartz <aschwart@redhat.com>
Co-authored-by: Pedro Ruivo <1492066+pruivo@users.noreply.github.com>
Co-authored-by: Alexander Schwartz <alexander.schwartz@gmx.net>
Co-authored-by: Alexander Schwartz <aschwart@redhat.com>
2025-08-21 11:18:34 +02:00
Ricardo Martin
46e990b7a7 Check for non-ascii local part on emails depending on SMTP configuration
Closes #41994

Signed-off-by: rmartinc <rmartinc@redhat.com>
2025-08-21 08:16:47 +00:00
Ryan Emerson
481555c97e Define default topologySpreadConstraints
Closes #41729

Signed-off-by: Ryan Emerson <remerson@ibm.com>
2025-08-20 13:58:37 +02:00
Ryan Emerson
cd42a503d2 Update observability metrics guides to reference single and multi-cluster architectures
Closes #41938

Signed-off-by: Ryan Emerson <remerson@ibm.com>
2025-08-20 13:31:52 +02:00
Steven Hawkins
b6f039a4cc fix: adding a default for ldap connection timeout (#41726)
closes: #39299

Signed-off-by: Steve Hawkins <shawkins@redhat.com>
Signed-off-by: Steven Hawkins <shawkins@redhat.com>
2025-08-19 16:43:42 +00:00
Ryan Emerson
b0f4b4efee Log applied cache configurations as part of debug logs
Closes #41950

Signed-off-by: Ryan Emerson <remerson@ibm.com>
2025-08-19 17:01:19 +02:00
Sebastian Łaskawiec
988bf9cb0b WelcomeResource do not create temporary admins (#41416)
Signed-off-by: Sebastian Łaskawiec <sebastian.laskawiec@defenseunicorns.com>
2025-08-18 17:31:26 +02:00
Steven Hawkins
85324fddeb fix: add a warning about provider jars (#41855)
* fix: add a warning about provider jars

closes: #41820

Signed-off-by: Steve Hawkins <shawkins@redhat.com>

* Update docs/guides/server/configuration-provider.adoc

Co-authored-by: Václav Muzikář <vaclav@muzikari.cz>
Signed-off-by: Steven Hawkins <shawkins@redhat.com>

---------

Signed-off-by: Steve Hawkins <shawkins@redhat.com>
Signed-off-by: Steven Hawkins <shawkins@redhat.com>
Co-authored-by: Václav Muzikář <vaclav@muzikari.cz>
2025-08-18 08:54:53 +02:00
Ryan Emerson
168d9cc090 Simplify Cache Configuration file by removing built-in cache configurations
Closes #41559

Signed-off-by: Ryan Emerson <remerson@ibm.com>
Signed-off-by: Alexander Schwartz <aschwart@redhat.com>
Co-authored-by: Alexander Schwartz <aschwart@redhat.com>
2025-08-15 16:16:56 +00:00
Ricardo Martin
949ef35a3b Allow and control sending UTF-8 emails in the default email sender impl
Closes #41023

Signed-off-by: rmartinc <rmartinc@redhat.com>
Signed-off-by: Alexander Schwartz <aschwart@redhat.com>
Co-authored-by: Alexander Schwartz <aschwart@redhat.com>
2025-08-15 10:43:38 +00:00
Moshie Samuel
6958f57f0a add configurable cooldown for email resend in VerifyEmail
Closes #41331

Signed-off-by: Moshie Samuel <moshie.samuel@gmail.com>
Signed-off-by: moshiem <moshiem@hardcorebiometric.com>
Signed-off-by: Alexander Schwartz <aschwart@redhat.com>
Co-authored-by: moshiem <moshiem@hardcorebiometric.com>
Co-authored-by: Alexander Schwartz <aschwart@redhat.com>
2025-08-15 07:31:00 +02:00
Alexander Schwartz
7629b7dc53 Show required fields when configuring protocol mappers
Closes #40619

Signed-off-by: Alexander Schwartz <aschwart@redhat.com>
2025-08-15 07:28:45 +02:00
Steven Hawkins
c1afa376b2 fix: adding raw environment variables (#41768)
closes: #41766

Signed-off-by: Steve Hawkins <shawkins@redhat.com>
2025-08-14 20:17:15 +02:00
RAMLAH MUNIR
e5c38f8a63 Fix typo in caching docs: 'Proving' → 'Providing'
Closes #41663

Signed-off-by: Ramlah7 <ramlahmunir786@gmail.com>
2025-08-14 16:16:18 +00:00
Pedro Igor
3bf46e5421 "linked-accounts" endpoint displays all Identity providers
Closes #19732

Signed-off-by: Réda Housni Alaoui <reda-alaoui@hey.com>
Co-authored-by: Réda Housni Alaoui <reda-alaoui@hey.com>
2025-08-14 15:21:03 +02:00
Dmytro Filipenko
bd5818c4c8 Add HTML5 attributes to prevent password manager interference with OTP
* Closes #41831

Signed-off-by: dmfilipenko <wind.fd@gmail.com>
Signed-off-by: Alexander Schwartz <aschwart@redhat.com>
Co-authored-by: Alexander Schwartz <aschwart@redhat.com>
2025-08-14 07:45:53 +00:00
Dennis Kniep
d74a10d87a Add TiDB as supported db
Closes #41455

Signed-off-by: Dennis Kniep <kniepdennis@gmail.com>
Signed-off-by: Alexander Schwartz <aschwart@redhat.com>
Co-authored-by: Alexander Schwartz <aschwart@redhat.com>
2025-08-14 07:27:21 +00:00
dependabot[bot]
1a262cc899 Bump commons-io:commons-io from 2.7 to 2.14.0 in /docs/documentation/tests (#41463)
Bumps commons-io:commons-io from 2.7 to 2.14.0.

---
updated-dependencies:
- dependency-name: commons-io:commons-io
  dependency-version: 2.14.0
  dependency-type: direct:development
...

Signed-off-by: Alexander Schwartz <aschwart@redhat.com>
Signed-off-by: dependabot[bot] <support@github.com>
Signed-off-by: Alexander Schwartz <aschwart@redhat.com>
Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com>
Co-authored-by: Alexander Schwartz <aschwart@redhat.com>
2025-08-14 06:08:39 +00:00
Ricardo Martin
ef312b570c Final changes for passkeys documentation (#41646)
Closes #41557

Signed-off-by: rmartinc <rmartinc@redhat.com>

Co-authored-by: andymunro <48995441+andymunro@users.noreply.github.com>
Co-authored-by: Marek Posolda <mposolda@gmail.com>
2025-08-13 09:01:15 +02:00
Peter Skopek
651d651c30 Add missing artifact descriptions to allow Maven Central Portal Publisher pass validation process. (#40822)
Signed-off-by: Peter Skopek <pskopek@redhat.com>
2025-08-12 16:50:17 +02:00
Alexander Schwartz
c2515bbb88 Fixing typo and formatting
Closes #41620

Signed-off-by: Alexander Schwartz <aschwart@redhat.com>
Signed-off-by: Alexander Schwartz <alexander.schwartz@gmx.net>
Co-authored-by: andymunro <48995441+andymunro@users.noreply.github.com>
2025-08-11 08:26:10 +02:00
Robin Meese
134b00abb1 Add Russian and traditional Chinese to translation.md
Closes: #41742

Signed-off-by: Robin Meese <39960884+robson90@users.noreply.github.com>
2025-08-08 17:46:34 +02:00
Ryan Emerson
a2fe32617c Default to stretched clusters on Kubernetes when possible
Closes #41666

Signed-off-by: Ryan Emerson <remerson@ibm.com>
2025-08-08 08:09:04 +02:00
Ryan Emerson
907ee2e4e2 High-availability guide restructuring
* Refactor high-availability guide to include both single and multi cluster architectures

Closes #30095
Closes #41585

Signed-off-by: Ryan Emerson <remerson@ibm.com>
Signed-off-by: Alexander Schwartz <aschwart@redhat.com>
Signed-off-by: Alexander Schwartz <alexander.schwartz@gmx.net>
Co-authored-by: Alexander Schwartz <aschwart@redhat.com>
Co-authored-by: Alexander Schwartz <alexander.schwartz@gmx.net>
2025-08-06 18:38:37 +00:00
Pedro Igor
84fc9bb3e5 Allow forwarding parameters set as a client note in the authentication session
Closes #41670

Signed-off-by: Pedro Igor <pigor.craveiro@gmail.com>
2025-08-06 14:57:47 -03:00
huyenvu2101
5436f9781c Allow setting default value for userprofile attribute
Closes #36160

Signed-off-by: huyenvu2101 <vhuyen2101@gmail.com>
2025-08-06 13:59:54 -03:00