4

Keycloak 20.0.0 released

 1 year ago
source link: https://www.keycloak.org/2022/11/keycloak-2000-released
Go to the source link to view the article. You can view the picture content, updated content and better typesetting reading experience. If the link is broken, please click the button below to view the snapshot at that time.
neoserver,ios ssh client

Keycloak 20.0.0 released

November 01 2022

To download the release go to Keycloak downloads.

Release notes

WildFly distribution removed

In Keycloak 17.0.0 the new Quarkus based distribution of Keycloak, while the WildFly based distribution was deprecated. With this release the WildFly distribution has been removed, and is no longer supported.

If you are still using the WildFly distribution we highly encourage migrating to the Quarkus distribution as soon as possible, see the Migration Guide for more details.

New Keycloak Operator upgrade

We are happy to announce that the new Keycloak Operator for the Quarkus based distribution is no longer a preview feature. We added new functionality as well as a number of improvements, some which has resulted in breaking changes.

Realm Operator

As the new Operator currently lacks some of the CRs (e.g. Client and User), we’re introducing a temporary workaround in the form of a Realm Operator. Please see its GitHub Repository for more details. See also "The future of Keycloak Operator CRs" blogpost.

Supported OpenJDK versions

Keycloak now supports OpenJDK 17 both for the server and adapters.

With the removal of the WildFly based distribution there is no longer support for running the Keycloak server on OpenJDK 8. We also plan to remove support for Keycloak adapters on OpenJDK 8 in Keycloak 21.

Starting with Keycloak 22 we plan to only support the latest OpenJDK LTS release and aiming to quickly also support the latest OpenJDK release. That means we will be also removing OpenJDK 11 support for the Keycloak server in Keycloak 22.

Hostname provider now supports configuring the complete base URL

In this release, we are introducing two additional server options to set the base URL for frontend request and the Admin Console:

  • hostname-url

  • hostname-admin-url

More details can be found at the Configuring the Hostname Guide.

Improvements to kc.bat when running Keycloak on Windows

In this release, we are making important changes to kc.bat to give the same experience as when running on Linux.

Upgrade of embedded H2 database

Keycloak ships for development purposes with an H2 database driver. As it is intended for development purposes only, it should never be used in a production environment.

In this release, the H2 driver has been upgraded from version 1.x to version 2.x.

Feature guard for hosting the Keycloak JavaScript adapter

Applications are able to load keycloak.js directly from the Keycloak server. As it’s not considered a best-practice to load JavaScript libraries this way there is now a feature guard that allows disabling this ability.

In Keycloak 21 we will deprecate this option, and in Keycloak 22 we plan to completely remove the ability to load keycloak.js from the Keycloak server.

OTP Application SPI

In previous releases the list of OTP applications displayed to users was hard-coded in Keycloak. With the introduction of the OTP Application SPI it is now possible to disable built-in OTP applications, as well as adding custom OTP Applications.

Custom Identity Providers can now set an icon for the provider

A custom identity provider can now set the icon used on the login pages. Thanks to Klaus Betz, who happens also to maintain an extension to Keycloak to support log in with AppleID.

FIPS 140-2 experimental support

There is now experimental support for deploying Keycloak into a FIPS 140-2 enabled environment. There will be a blog post with the details shortly after the release with the details how you can try it. Feedback is welcome!

Thanks to David Anderson, who contributed parts of this feature. Also, thanks to Sudeep Das and Isaac Jensen for their initial prototype effort, which was used as an inspiration.

Search groups by attribute

It is now possible to search groups by attribute through the Admin REST API. Thanks to Alice for this contribution.

View group membership in the account console

It is now possible to allow users to view their group memberships in the account console. Thanks to cgeorgilakis for this contribution.

Deprecated methods from data providers and models were removed

Several deprecated methods were removed from data providers and models. If not done already, their usage needs to be replaced with the corresponding replacement documented in Javadoc of Keycloak 19 release. See Upgrading Guide for more details.

Migration from 19.0

Before you upgrade remember to backup your database. If you are not on the previous release refer to the documentation for a complete list of migration changes.

RESTEasy Version Update

Updated the RESTEasy version of Keycloak Admin REST Client to the next major version.

H2 Version Update

Keycloak ships for development purposes with an H2 database driver. As it is intended for development purposes only, it should never be used in a production environment.

In this release, the H2 driver has been upgraded from version 1.x to version 2.x. This change might require changes to the H2 JDBC URL or migration of the H2 database files in an existing Keycloak setup.

Changes to the H2 JDBC URL

For Keycloak to run with its JPA legacy store with H2 version 2.x, the JDBC URL requires the attribute NON_KEYWORDS=VALUE.

In a setup where H2 is initialized by Keycloak without extra parameters, Keycloak will append the attribute automatically. This is the default for development setups.

If an H2 JDBC URL is provided on the command line or in a configuration file, and it already contains the NON_KEYWORDS= attribute in the JDBC URL, this attribute needs to be amended with the VALUE keyword.

If the connection factory for the H2 database is initialized outside Keycloak, that initialization needs to take care of adding the NON_KEYWORDS attribute.

See the H2 documentation on the NON_KEYWORDS attribute for details.

Upgrade of H2 database files

H2 database base files created with H2 version 1.x should not be used with version 2.x.

Purge existing H2 database files to start with an empty database, export and import the realms using Keycloak’s export and import functionality, or refer to the migration notes on the H2 database project’s website for details on how to migrate H2 database contents.

Breaking changes in the new version of Keycloak Operator

In order to use the newest version of the Keycloak Operator, the manual reinstallation and upgrade of your CRs are required. There’s no automated migration.

This release contains the following breaking changes in Keycloak CRs:

serverConfiguration free-form field was renamed

From now on it’s called additionalOptions. The idea behind this decision is to align it more with the Keycloak Quarkus distribution and achieve/preserve a naming consistency. serverConfiguration can be still used for configuring options that haven’t got a declared alternative in Keycloak custom resources (CRs). A good example of such use can be service providers.

Ingress options were refined

In the past, it used to be defined via the disableDefaultIngress property. We decided to clarify it a bit, thus from now on you can use the following structure to control your ingress settings:

HTTP options were added

Similarly, like with ingress, you can define multiple HTTP options in a better structural manner:

Hostname options were added

Last but not least, the hostname options were also changed:

Some fields are no longer required

The hostname and tlsSecret fields are now optional to align with the Quarkus distribution configuration. With that we also removed the possibility to set INSECURE-DISABLE special value to those fields. In order to disable hostname checks and enable HTTP, please follow the same approach as with the Quarkus distribution, i.e. set strict: false, strictBackchannel: false and httpEnabled: true fields.

OLM channel was changed to fast

The default channel of Keycloak Operator Lifecycle Manager was changed to fast.

Deprecated methods from data providers and models were removed

Prior to Keycloak 15, there was a clean-up of provider and model interfaces where we deprecated some methods. Javadoc of these methods contained a corresponding replacement method (see Javadoc of Keycloak 19 release). In this release the methods were removed. The following is a list of all changed classes.

The most common patterns for deprecating and removing the methods are the following.

  • Streamification - interfaces now contain only Stream-based methods.

    For example in GroupProvider interface

    was replaced by

    More details on streamification work can be found in KEYCLOAK-14011.

  • Consistent parameter ordering - methods now have strict parameter ordering where RealmModel is always the first parameter.

    For example in UserLookupProvider interface

    was replaced by

List of changed interfaces

(o.k. stands for org.keycloak. package)

  • server-spi module

    • o.k.credential.CredentialInputUpdater

    • o.k.credential.UserCredentialStore

    • o.k.models.ClientProvider

    • o.k.models.ClientSessionContext

    • o.k.models.GroupModel

    • o.k.models.GroupProvider

    • o.k.models.KeyManager

    • o.k.models.KeycloakSessionFactory

    • o.k.models.ProtocolMapperContainerModel

    • o.k.models.RealmModel

    • o.k.models.RealmProvider

    • o.k.models.RoleContainerModel

    • o.k.models.RoleMapperModel

    • o.k.models.RoleModel

    • o.k.models.RoleProvider

    • o.k.models.ScopeContainerModel

    • o.k.models.UserCredentialManager

    • o.k.models.UserModel

    • o.k.models.UserProvider

    • o.k.models.UserSessionProvider

    • o.k.models.utils.RoleUtils

    • o.k.sessions.AuthenticationSessionProvider

    • o.k.storage.client.ClientLookupProvider

    • o.k.storage.group.GroupLookupProvider

    • o.k.storage.user.UserLookupProvider

    • o.k.storage.user.UserQueryProvider

  • server-spi-private module

    • o.k.events.EventQuery

    • o.k.events.admin.AdminEventQuery

    • o.k.keys.KeyProvider

All changes are linked to the following issue.

All resolved issues

New features

  • #8748 View group membership ( account console) keycloak
  • #12065 Pluggable Features of Token Manager keycloak oidc
  • #14799 OTP Application SPI keycloak
  • #14974 Allow identity providers to set the icon for the provider keycloak

Enhancements

  • #349 Remove Operator getting started guides keycloak-web
  • #1613 Move session-limits documentation to its own section keycloak-documentation
  • #1657 Document compatibility mode for oidc logout endpoint suppression keycloak-documentation
  • #1661 Documentation for user-session-limits is in incorrect section and should be improved keycloak-documentation
  • #1668 Add info about consent when revoking refresh tokens keycloak-documentation
  • #1683 Removed Open Banking UK from the release notes for Keycloak 20 keycloak-documentation
  • #1752 [UX Review] Apply the progress style to the "Test connection" button of Realm settings -> Email keycloak-ui
  • #1959 Filter item Protocol and list item OpenID does not match in ClientScopes keycloak-ui
  • #2583 [UX Review] Update the "Remove users" modal in the LDAP user provider keycloak-ui section/user federation
  • #2656 Write E2E tests for session managment keycloak-ui integration-tests
  • #3093 LDAP provider: Buttons "Test connection" and "Test authentication" expects whole form to be filled keycloak-ui section/user federation
  • #3178 Enable skipped tests in `clients_test.spec.ts` keycloak-ui integration-tests
  • #3257 Add a max_age option to OpenID Connect Brokers keycloak-ui section/identity providers
  • #3265 Expiration for Admin Events keycloak-ui
  • #3364 Add possibility to import custom styles by extending the theme keycloak-ui section/other
  • #3442 Make CSS-links absolute instead of relative to prevent PRSSI attacks keycloak-ui section/other
  • #8749 Add an option to control the order of the event query and admin event query keycloak
  • #9084 Log more information in adapter-core module keycloak
  • #9287 Use PolicyEnforcer within OSGI doesn't work keycloak authorization-services
  • #10012 Review database topic keycloak
  • #10113 Update H2 database keycloak storage
  • #10151 Keycloak throws NPE, when trying to read disabled authorization resources through Admin REST API keycloak authorization-services
  • #10245 Enable MapUserProvider storing username with the letter case significance keycloak storage
  • #10363 Logging Guide Edits keycloak
  • #10482 IPv6 listener support keycloak dist/quarkus
  • #10798 Permanent versions in main to prevent updating after release keycloak
  • #10843 Add limit for authSessions per rootAuthSession keycloak storage
  • #10871 Database schema migration configuration parameters not working as expected keycloak docs
  • #11544 update javax.json (1.1.6) to jakarta.json (2.0.1) keycloak
  • #11568 Add hint for additonal quarkus configuration options for JSON logging keycloak
  • #11918 Add missing base template support for html email for email update confirmation keycloak
  • #11965 Localization improvements keycloak
  • #11979 java.net.UnknownHostException in database connection when using IPv6 only hostname keycloak docs
  • #12094 Add `imagePullSecret` field to the Keycloak CR keycloak operator
  • #12306 Update Infinispan version to 13.0.9.Final keycloak storage
  • #12634 Update token exchange documentation with latest changes to the audience constraints keycloak docs
  • #12862 Make clear that `cache-stack` override any custom stack defined in the configuration file keycloak docs
  • #12883 Intent support before issuing tokens (UK OpenBanking) keycloak
  • #12964 Enable searching for Groups by their attributes in keycloak-spi keycloak
  • #13061 Update TypeScript for account console keycloak account/ui
  • #13143 Add german translations for recovery codes and passwordless for login and account.v2 theme keycloak
  • #13231 CodeQL Actions continue to run when a new commit is pushed to a branch keycloak ci
  • #13334 Merge ActionTokenStoreProvider and SingleUseObjectProvider keycloak storage
  • #13360 integration.admin-client: Add exact search for all dedicated user attributes keycloak
  • #13384 LinkedIn profile picture keycloak
  • #13397 Enable to specify which message levels will be logged by the GELF logger keycloak dist/quarkus
  • #13408 Add rememberMe to a user session representation keycloak
  • #13469 Make compatibility mode for oidc logout endpoint fully compatible to previous keyloak versions keycloak oidc
  • #13502 Add XPath processing of SAML custom attributes keycloak
  • #13517 IDELauncher not recognizing CLI options at runtime keycloak dist/quarkus
  • #13545 Improve docs for realm import with containers keycloak
  • #13553 Make clearer that UDP is not the best choice for production cache stacks keycloak docs
  • #13557 Should print response from http call to keycloak server in keycloak-authz-client-18.0.2.jar keycloak
  • #13569 More information to the container guide keycloak docs
  • #13594 Spelling error in the code keycloak core
  • #13609 Modify `RealmsAdminResource.importRealm` to work with `InputStream` keycloak storage
  • #13662 mTLS binding support for password grant keycloak oidc
  • #13751 Remove admin-ui maven excludes keycloak
  • #13841 Improve how expected values are set to options keycloak dist/quarkus
  • #13847 Remove unnecessary code paths during startup keycloak dist/quarkus
  • #13933 431 / Request Header Fields Too Large keycloak
  • #13947 Remove `ALL_OPTIONS` from option category types keycloak
  • #13962 Remove Infinispan 12.1.7 workarounds from legacy store and model tests keycloak storage
  • #14002 Enable a GitHub bot to allow non-maintainers to re-run failed steps in Jobs keycloak ci
  • #14015 Increase max size of additional request params keycloak oidc
  • #14018 Methods `getUsers` in interface `UserQueryProvider` are never called keycloak
  • #14102 Environment variables for admin creation in testsuite keycloak testsuite
  • #14131 Add exact searching for users to Java admin client keycloak
  • #14146 Validate auth time when max_age is sent to brokered OPs keycloak
  • #14374 Add DB options to Keycloak CR keycloak operator
  • #14375 Add transaction options to Keycloak CR keycloak operator
  • #14376 Add features options to Keycloak CR keycloak operator
  • #14384 Avoid updating offline session refresh time during creation keycloak
  • #14395 Add hostname options to Keycloak CR keycloak operator
  • #14396 Add HTTP options to Keycloak CR keycloak operator
  • #14407 Refine Ingress settings in Keycloak CR keycloak operator
  • #14410 Rename free-form field for server configuration in Keycloak CR keycloak operator
  • #14649 Upgrade to Quarkus 2.13.0.Final keycloak dist/quarkus
  • #14743 Observations after reviewing MapUserSessionAdapter.getAuthenticatedClientSessions() keycloak storage
  • #14767 Move session iframe pages keycloak
  • #14770 Add profile feature for hosting keycloak.js on the server keycloak
  • #14879 Refactor `KeycloakDeploymentConfig` keycloak operator
  • #14991 Deactivate optimistic locking when running JPA Map store on a DB with isolation level serializable keycloak storage
  • #15038 Reduce storage reads, especially for map storage keycloak storage
  • #118 Tab and enter key for multi-line input keycloak-ui section/other
  • #1669 Some sections in "Server admin guide" and "Securing Apps guide" have references to Wildfly distribution keycloak-documentation dist/quarkus
  • #1670 Link to "Server Installation Guide" from Wildfly distribution available from web page keycloak-documentation
  • #1681 UserInfo endpoint not fully standards compliant keycloak-documentation
  • #1775 [UX Review] Realm settings > email: view password function is missing keycloak-ui ux-review
  • #2032 [UX Review] Alphabetically list the policy types in the policy creation modal of Authorization keycloak-ui section/clients
  • #2319 [UX Review] Some flow types are missing in the flow creation page keycloak-ui needs-api
  • #2398 [UX Review] Some fine-tuning of the Validations part in attribute creation page keycloak-ui section/realm settings
  • #2748 User is not added to the group, but message says it was added keycloak-ui section/groups
  • #2768 [UX Review] Add a search bar in the "Add step" modal keycloak-ui section/authentication
  • #2961 User pagination is slow when displaying 100 users keycloak-ui needs-api
  • #2987 Cannot assign a role when lots of clients keycloak-ui section/clients
  • #2989 UserStorageProvider Configuration not shown keycloak-ui section/user federation
  • #3089 Implement extension mechanism for social providers keycloak-ui section/identity providers
  • #3156 Idp OIDC header name is empty after tab navigation keycloak-ui section/identity providers
  • #3164 Group search is confusing keycloak-ui section/groups
  • #3174 Time policy in authorisation is broken keycloak-ui
  • #3201 prompt=unspecified causing errors in external Idp keycloak-ui section/identity providers
  • #3213 Accessibility/Authentication: Unable to move the required actions in the auth settings using the keyboard keycloak-ui section/authentication
  • #3241 Keycloak.v2 theme User Federation - LDAP provider Sync Registration Missing keycloak-ui section/user federation
  • #3251 New AdminUI doesn't show Authenticator Config Text Type keycloak-ui section/authentication
  • #3252 New Admin Console adds "Keycloak OIDC" Identity Provider as regular "OIDC" Identity Provider keycloak-ui section/identity providers
  • #3264 Empty files in downloaded zip for Mod Auth Mellon file with keycloak 19.0.1 (Quarks) keycloak-ui section/clients
  • #3292 UI Realm/Clients/Client details/Client scopes/Evaluate - Generated access token - User search area doesn't recognize 1 letter user names. keycloak-ui section/clients
  • #3295 Not able to create custom ClientAuthentication flow keycloak-ui section/authentication
  • #3296 After deleting all resources, from Authorization under Clients. You lose the create option keycloak-ui section/clients
  • #3308 Revert button on Fine grain OpenID Connect configuration doesn't work keycloak-ui
  • #3316 When creating a new realm, can't upload file via "Browse..." keycloak-ui section/realms
  • #3334 New Admin Console Role Based Policy keycloak-ui
  • #3341 Fix serialisation of UserStorageProvider config keycloak-ui
  • #3346 OpenID COnnect Identity Provide mapper configuration "Advanced Claim to Group" and "Advanced Claim to Role" don't store "claim" setting keycloak-ui section/identity providers
  • #3352 Create realm in keycloak v2 templates ignores id keycloak-ui section/realms
  • #3353 Zip corrupted while downloading adaptor config keycloak-ui section/clients
  • #3355 OIDC Identity Provider Client Authentication Wrong Name/Value stored from UI keycloak-ui section/identity providers
  • #3362 Authorization scopes renders scope IDs instead of names keycloak-ui
  • #3375 Bug when configuring an authenticator keycloak-ui admin/ui
  • #3381 Performance of admin console with 300+ realms keycloak-ui section/realms
  • #3383 Child group does not display assigned roles keycloak-ui section/groups
  • #3403 SAML Signature Key Name change value keycloak-ui
  • #3406 Missing ":type" param when navigating away from client scope mapper keycloak-ui section/client scopes
  • #3407 Error message when deleting client scopes from a client keycloak-ui
  • #3408 Casing on realm-name is not ideal keycloak-ui section/realms
  • #3409 Keycloak logo displayed on realm page is not generated properly keycloak-ui section/other
  • #3413 Client roles not shown on groups role mapping keycloak-ui section/clients
  • #3415 Associated roles shows only 11 records keycloak-ui
  • #3416 Include sub-groups users not always visible keycloak-ui section/groups
  • #3418 New Admin Management Console does not work with realm specific roles keycloak-ui section/users
  • #3419 Once a User Client Role Client ID field is set, it cannot be unset. keycloak-ui section/client scopes
  • #3421 Not possible to add a generated key pair keycloak-ui section/realm settings
  • #3424 Adding RSA Key Provider fails keycloak-ui section/realm settings
  • #3428 Can't add Annotations in user profile attributes keycloak-ui section/realm settings
  • #3433 Failed to import Signing Key of SAML client keycloak-ui section/clients
  • #3438 Changing the password of a user backed in LDAP causes: Error saving password: (intermediate value).find(...) is undefined keycloak-ui section/users
  • #3448 Multi-valued user attributes are not split keycloak-ui section/users
  • #3449 Custom locale will not show up on login page with new admin theme active (e.g. "en-US") keycloak-ui section/other
  • #3450 Custom Reset Actions for Credential Reset Missing In New Admin Theme keycloak-ui section/users
  • #3505 Running admin-ui requires husky and wireit to be installed manually keycloak-ui section/other
  • #3511 Missing Setting for Client Session Idle keycloak-ui
  • #3515 role mapping is not working for child-groups keycloak-ui section/groups
  • #3531 default identity provider not displayed keycloak-ui section/authentication
  • #3532 New admin console looses (custom) config data on save IdP config keycloak-ui section/identity providers
  • #3560 All table checkboxes get selected when table page is changed keycloak-ui section/users
  • #3561 Unable to assign client role to the user when using fine grained permissions keycloak-ui section/clients
  • #3593 Username and email address changed after testing SMTP settings for another realm with "Email as username" enabled keycloak-ui section/realm settings
  • #3600 Admin console issue "Cannot read properties of undefined (reading 'scopes')" when exploring Evaluation results keycloak-ui section/clients
  • #3606 Admin Keycloak v.2 "Export button" for key file within SAML clients not working keycloak-ui section/clients
  • #3613 Missing "Delete" button for custom localization messages AdminV2 keycloak-ui section/realm settings
  • #8804 keycloak.v2 theme not present in product keycloak-themes.json keycloak account/ui
  • #8827 `ui_locales` query parameter is ignored when `kc_idp_hint` is set keycloak oidc
  • #8889 Build failures on OpenJDK 17 keycloak core
  • #8926 Build fails on systems with large group IDs keycloak dist/wildfly
  • #9217 IndexOutOfBounds exception in `FreeMarkerEmailTemplateProvider` when the IDP's displayName is an empty string keycloak core
  • #9337 Access Token is not active when retrieved via token exchange keycloak token-exchange
  • #9471 Inconsistent invocation of ClientModel#setServiceAccountsEnabled keycloak oidc
  • #9482 Can't add user to "parent group" if member of a subgroup keycloak admin/api
  • #9593 Wrong translation 'trust-email' property in the Russian admin-messages_ru.properties keycloak translations
  • #9916 Keycloak does not work on systems with FIPS mode enabled keycloak core
  • #10227 RelayState max length not respected keycloak saml
  • #10656 Localization GET endpoints of sub realms causes HTTP 500 unknown error when using a token issued by master realm keycloak admin/api
  • #11236 Advanced Claim to Group Mapper resolves group by path rather than ID keycloak oidc
  • #11255 'Aggregate attribute values' mapper option not applied to group hierarchy keycloak core
  • #11292 CVE-2021-42392 - H2 console vulnerable to Remote Code Execution (RCE) keycloak dependencies
  • #11463 Quay image tags overwritten? SHAs purged? keycloak dist/wildfly
  • #11644 Crash when parsing user-defined or anyType SAML attributes keycloak saml
  • #11646 REGISTER event not logged during First Broker Flow keycloak authentication
  • #11695 Brute force protection: Successfully logged in user should not have to wait up to 5 seconds for event processing keycloak authentication
  • #11825 Client fields( Logo URL, Policy URL and Terms of service URL ) have been removed from ApplicationsPage.tsx in AccountConsole keycloak account/ui
  • #11959 Unable to override realm session TTLs per client keycloak oidc
  • #11963 Wrong order of stylesheets in Account-Theme (keycloak.v2) keycloak core
  • #12130 kc.sh fails on cygwin keycloak dist/quarkus
  • #12152 EC cryptography not immediately available on Quarkus keycloak dist/quarkus
  • #12162 Incorrect error messages used during failed OIDC client authentication keycloak oidc
  • #12289 Managing User Profile issue caused by different realm in the KeycloakContext during the import keycloak user-profile
  • #12381 Map storage looks up ID via the session, that is no longer needed keycloak storage
  • #12442 Keycloak Quarkus - Cannot use external datasource with a table already defined in Keycloak database keycloak dist/quarkus
  • #12506 Make sure `hostname-path` is considered when redenring admin URLs keycloak dist/quarkus
  • #12599 Read/write configuration for user profile also for username/email not possible keycloak user-profile
  • #12624 Possible NullPointerException during OpenID Connect logout with disabled client keycloak oidc
  • #12648 Missing files while Unpacking auth-server-quarkus on Windows keycloak testsuite
  • #12653 Brief representation user retrieval on Admin API: only check group memberships when fine-grained permissions are enabled keycloak admin/fine-grained-permissions
  • #12657 Concurrency issue with listing uma policies yields HTTP 500 keycloak authorization-services
  • #12912 #7539 does not fully solve KEYCLOAK-15167 keycloak
  • #12916 Revocation of refresh token also revokes client consent keycloak oidc
  • #12974 Admin page redirect is with wrong port when using docker keycloak
  • #13049 IDP link username is not updated keycloak
  • #13058 Use correct path for 'text-security' CSS keycloak
  • #13083 Missing translated messages in Portuguese keycloak translations
  • #13085 Typo in the configuration provider documentation keycloak docs
  • #13087 Grammar mistakes in the README file keycloak docs
  • #13105 Sessions not removed when Client Session Idle and Max is set keycloak oidc
  • #13109 Showing consent screen text instead of scope name in consent part of Application page in Account console keycloak oidc
  • #13145 Keycloak fails to compile with Eclipse Compiler keycloak
  • #13150 java.lang.StringIndexOutOfBoundsException is thrown when IDP Display Name is an empty string keycloak authentication
  • #13158 Correct isValidScope method of TokenManager for Dynamic scopes ( case scope ="openid") keycloak oidc
  • #13162 NullPointer exception thrown when trying to do account linking when DYNAMIC_SCOPES are enabled. keycloak oidc
  • #13189 Default required action providers are still available after feature disabling keycloak core
  • #13196 Do not exit when restarting the server in dev mode keycloak
  • #13209 JPA Map Storage with CRDB: ComponentsTest failures keycloak storage
  • #13211 JPA Map Storage with CRDB: ConcurrentTransactionsTest failures keycloak storage
  • #13212 JPA Map Storage with CRDB: OIDC Broker test failures keycloak storage
  • #13213 JPA Map Storage with CRDB: BackchannelLogoutTest failures keycloak storage
  • #13214 JPA Map Storage with CRDB: KcOidcUserSessionLimitsBrokerTest failures keycloak storage
  • #13215 JPA Map Storage with CRDB: UserSessionProviderTest failures keycloak storage
  • #13260 PT_BR translation of "Roles" is incorrect keycloak
  • #13267 Github workflow for snyk fail on forks keycloak
  • #13281 Model test `UserSessionProviderModelTest#testCreateUserSessionsParallel` is unstable keycloak storage
  • #13296 The front channel logout screens are not translated into Japanese keycloak
  • #13315 Potential issue with handling HTTP/2 over TLS in Quarkus distribution keycloak dist/quarkus
  • #13344 Minor inaccuracy in description of config file behavior keycloak
  • #13348 Jpa Map Storage: locked user sessions lead to read timeouts keycloak storage
  • #13385 --help-all shows hidden options for nonsupported options when mapper exists keycloak dist/quarkus
  • #13416 New Admin Console: Registration ReCaptcha Save button not working keycloak
  • #13465 Test Pipelines are unable to fetch Keycloak-admin-UI from Sonatype Repo keycloak
  • #13478 Tests on Windows unstable and failing because processes are not terminated keycloak testsuite
  • #13512 Exceptions are not visible in testsuite output keycloak
  • #13550 Preview Feature "Update Email" clears first and last name upon email confirmation keycloak core
  • #13561 New Update Email flow not working when "User Profile Enabled" enabled from realm. keycloak core
  • #13607 Reuse of token in TOTP is possible keycloak authentication
  • #13642 Fix DB tests for Quarkus keycloak testsuite
  • #13647 Wrong feature flag used to decide if admin fine-grained-permissions should be enabled keycloak
  • #13684 Offline User Session dead lock caused by PersisterLastSessionRefreshStore keycloak storage
  • #13706 RH SSO offline token causing Violation of PRIMARY KEY constraint 'CONSTRAINT_OFFL_CL_SES_PK3' keycloak storage
  • #13721 KeycloakQuarkusServerDeployableContainer doesn't configure new storage tests correctly keycloak
  • #13731 Broker links are not deleted upon deletion of an identity provider keycloak
  • #13793 Unable to build in IntelliJ after clean install keycloak
  • #13821 Latest Keycloak container images not published on DockerHub keycloak dist/quarkus
  • #13840 Auto-complete is broken and start the server instead of configuring sources keycloak dist/quarkus
  • #13850 HOSTNAME_ADMIN option is missing from HostnameOptions ALL_OPTIONS array keycloak dist/quarkus
  • #13918 KeycloakServer in keycloak-test-suite-utils fails with NoClassDefFoundError: kotlin/jvm/internal/Intrinsics keycloak admin/ui
  • #13923 User Profile: Setting E-Mail to required not working keycloak user-profile
  • #13952 Revert removing bouncycastle from operator keycloak
  • #13960 Bumped maven-war-plugin for JDK17 compatibility keycloak core
  • #13961 Fix invalid method reference when compiling with JDK17 keycloak core
  • #13984 SimpleHTTP does not use UTF-8 encoding keycloak
  • #13990 New rest endpoints in admin-ui break Wildfly startup - Failed to define class in Module "org.keycloak.keycloak-admin-ui" keycloak admin/ui
  • #13999 DELETE and PUT methods not permitted by Account REST API for CORS requests keycloak
  • #14005 Cannot execute Old Admin Console tests keycloak testsuite
  • #14013 Keycloak 19 cannot register post logout redirect URIs whose length in total is over 4000 keycloak oidc
  • #14016 Missing a duplicated parameter check in UserInfo endpoint. keycloak
  • #14020 Unstable test UserSessionProviderOfflineModelTest.testOfflineSessionLazyLoadingPropagationBetweenNodes keycloak storage
  • #14025 Locale switcher is broken on error page keycloak authentication
  • #14037 Fix the provider id in the database migration example keycloak
  • #14072 Cannot build base testsuite due to missing dependency related to WF keycloak testsuite
  • #14080 Fix QuickStart tests in the GH actions keycloak testsuite
  • #14083 Setting responseMode in AuthorizationRequest.Metadata does not take effect keycloak
  • #14184 UserInfo endpoint not fully standards compliant keycloak
  • #14210 EAP Adapter tests failing in Test Pipelines with ClassCastException in BCProvider keycloak testsuite
  • #14250 `listApplicationsThirdParty` test is unstable keycloak testsuite
  • #14255 Exception due to requirement of "client_id" presence within Request Object keycloak oidc
  • #14273 Set correct entity version when adding a child entity with its own entity versioning keycloak storage
  • #14286 Delay LDAPObject creation until mandatory attributes are set keycloak ldap
  • #14294 Exception "Failed to run scheduled task ClearExpiredAdminEvents" in the console on PG with legacy store keycloak storage
  • #14329 Translation to dutch of the login page is missing some translations keycloak
  • #14354 KEYCLOAK_SESSION not working for some user federation setups keycloak core
  • #14435 Null pointer exception ERROR when trying to use custom jgroups stack for infinispan keycloak dist/quarkus
  • #14510 Keycloak server partial gziped resources in some cases keycloak
  • #14588 Stabilize testPersistenceMultipleNodesClientSessionsAtRandomNode model test keycloak storage
  • #14666 Admin console not loading keycloak admin/ui
  • #14667 Fix ldap membership getGroupMembers when username not found keycloak ldap
  • #14678 MapUserProvider in KC20 needs to store username compatible with KC19 to be no-downtime-upgradable keycloak storage
  • #14730 Ensure providers are closed upon session close keycloak storage
  • #14786 [CVE-2020-8908] - guava: local information disclosure via temporary directory created with unsafe permissions keycloak dependencies
  • #14787 [CVE-2021-29425] - apache-commons-io: Limited path traversal in Apache Commons IO 2.2 to 2.6 keycloak dependencies
  • #14888 Add possibility to limit field length in legacy event store keycloak storage
  • #14889 Disabling account2 also disables admin2 keycloak core
  • #14940 database setup documentation issue keycloak dist/quarkus
  • #14994 When Keycloak's welcome page in Quarkus renders, it doesn't log the cause keycloak dist/quarkus
  • #14997 With JDK17, AuthzClientTest and Quarkus runtime configuration tests fail with a reflection access error keycloak testsuite
  • #15054 Unstable test KcOidcBrokerTest.testAccountManagementLinkIdentity keycloak storage
  • #15086 Authz client not updated with the way of encoding the basic header keycloak authorization-services
  • #15112 Supported OTP applications in realm representation is not filtered by the policy keycloak authentication
  • #15146 SAML adapter is missing "crypto/default" module keycloak adapter/jee-saml
  • #15192 Close the session within resteasy boundaries keycloak dist/quarkus

Upgrading

Before you upgrade remember to backup your database and check the upgrade guide for anything that may have changed.


report

Recommend

About Joyk


Aggregate valuable and interesting links.
Joyk means Joy of geeK