1 Release published by 1 person

• 26.0.8

  published Jan 13, 2025

93 Pull requests merged by 29 people

• Rename org.keycloak.test groupId to org.keycloak.testframework for new test framework artifacts

  #36443 merged Jan 14, 2025

• Rename org.keycloak.test to org.keycloak.tests

  #36429 merged Jan 14, 2025

• Fix Forgot Password?-button on the login-password page

  #36433 merged Jan 14, 2025

• Avoid looking up the client if it is known during the commit phase

  #36399 merged Jan 14, 2025

• Remove dependency to "DOM" lib in @keycloak/admin-client

  #35968 merged Jan 14, 2025

• Update the docs that vendor_jgroups_ metrics might change between releases

  #36402 merged Jan 14, 2025

• BACKPORT: add empty hidden input so that empty checkboxes get submitted (#35552)

  #36292 merged Jan 14, 2025

• FGA: Allow view users attached to one specific client role

  #36352 merged Jan 14, 2025

• Avoid being rate-limited by LinkedIn in tests

  #36403 merged Jan 14, 2025

• Avoid being rate-limited by LinkedIn in tests

  #36404 merged Jan 14, 2025

• Connect to primary PostgreSQL instance by default

  #36330 merged Jan 14, 2025

• Bump vite-plugin-dts from 4.4.0 to 4.5.0 in /js

  #36368 merged Jan 14, 2025

• Re-order items in release notes for 26.1

  #36346 merged Jan 14, 2025

• Fix content-type for content.json (#35971)

  #36068 merged Jan 14, 2025

• Rename org.keycloak.test.framework package to org.keycloak.testframework

  #36390 merged Jan 14, 2025

• Bump jsdom from 25.0.1 to 26.0.0 in /js

  #36341 merged Jan 14, 2025

• Bump @eslint/compat from 1.2.4 to 1.2.5 in /js

  #36372 merged Jan 14, 2025

• Bump uuid from 11.0.4 to 11.0.5 in /js

  #36343 merged Jan 14, 2025

• Bump eslint-config-prettier from 9.1.0 to 10.0.1 in /js

  #36420 merged Jan 14, 2025

• Show error when UI realm resource fails

  #36411 merged Jan 14, 2025

• [Backport] Make sure brokers are managed within the scope of the realm model object

  #36416 merged Jan 14, 2025

• [Backport] Re-calculate the organization scope when re-authenticating in the browser flow

  #36415 merged Jan 14, 2025

• Bump eslint-plugin-react from 7.37.3 to 7.37.4 in /js

  #36417 merged Jan 14, 2025

• Bump @types/node from 22.10.5 to 22.10.6 in /js

  #36418 merged Jan 14, 2025

• [Backport] Attribute is required only if the corresponding field in the metadata is set

  #36406 merged Jan 14, 2025

• Add Events tab to relevant objects in the UI

  #34436 merged Jan 13, 2025

• Avoid too many retries when writing persistent sessions fails

  #36310 merged Jan 13, 2025

• Update UP via provider instead of going through the UserProfileResource

  #35234 merged Jan 13, 2025

• Incomplete registration form when edit email is disabled and email is…

  #36078 merged Jan 13, 2025

• Translations update from Hosted Weblate

  #36367 merged Jan 13, 2025

• [Backport] Fix NPE when exchanging external using the issuer value

  #36251 merged Jan 13, 2025

• Translations specified in the admin console do not override the trans…

  #36275 merged Jan 13, 2025

• fix: remove the use of regex for determining local addresses (#36228)

  #36282 merged Jan 13, 2025

• Remove ignored links from the documentation tests after KC 26 release

  #36255 merged Jan 13, 2025

• Unable to set '--log-syslog-max-length' property

  #36253 merged Jan 13, 2025

• Upgrade to Quarkus 3.15.2

  #36246 merged Jan 13, 2025

• [backport 26.0] Add default max-count for cache-local.xml file

  #36204 merged Jan 13, 2025

• Failed to authenticate client with method client_secret_jwt when clie…

  #35992 merged Jan 13, 2025

• Fix GitHub Links to quickstarts in getting started guide (#35919)

  #35956 merged Jan 13, 2025

• fix: updating the partially dynamic url to not include path (#35831)

  #35898 merged Jan 13, 2025

• [Backport] Better path parameter names for organization and member APIs

  #35866 merged Jan 13, 2025

• fix: removing doc that suggests using the config file for quarkus props

  #35828 merged Jan 13, 2025

• Search user by id and fallback to username when needed

  #35824 merged Jan 13, 2025

• Adding retry when clicking on rememberMe checkbox on the loginPage during tests

  #35819 merged Jan 13, 2025

• Backport to fix showing events auth and representation

  #35805 merged Jan 13, 2025

• Improve the note about group synchronization in sssd (26.0)

  #35812 merged Jan 13, 2025

• When using the token revocation endpoint with refresh-token, only particular clientSession related to given refresh token should be terminated closes #35486

  #35804 merged Jan 13, 2025

• Fix potential NPE in migration script for KC 26 (#35794)

  #35801 merged Jan 13, 2025

• Typo in using custom Keycloak image for Operator guide

  #35795 merged Jan 13, 2025

• Backport: fix issue re-ordering flows

  #35792 merged Jan 13, 2025

• OTEL: Fix #podNamePropagation test for Operator

  #35771 merged Jan 13, 2025

• BACKPORT: Fix user attributes search: Fix the JS error when switching from "default search" to "attributes search"

  #35951 merged Jan 13, 2025

• When using the token revocation endpoint with refresh-token, only par…

  #35806 merged Jan 13, 2025

• Failed to authenticate client with method client_secret_jwt when clie…

  #35993 merged Jan 13, 2025

• Fix content-type for content.json (#35971)

  #36067 merged Jan 13, 2025

• fix: remove the use of regex for determining local addresses

  #36283 merged Jan 13, 2025

• Avoid a NullPointerException when client roles are associated with a client that no longer exists

  #35489 merged Jan 13, 2025

• Avoid looking up the client if it is known during the commit phase

  #36339 merged Jan 13, 2025

• Exclude WebAuthn4J from Quarkus managed versions

  #36387 merged Jan 13, 2025

• Avoid being rate-limited by LinkedIn in tests

  #36379 merged Jan 13, 2025

• Bump eslint from 9.17.0 to 9.18.0 in /js

  #36369 merged Jan 13, 2025

• Bump @eslint/js from 9.17.0 to 9.18.0 in /js

  #36370 merged Jan 13, 2025

• Bump tar-fs from 3.0.6 to 3.0.7 in /js

  #36371 merged Jan 13, 2025

• Revert "fix: increasing the startup timeout to 1 hour"

  #36358 merged Jan 13, 2025

• Translations update from Hosted Weblate

  #36357 merged Jan 12, 2025

• fixed pagination

  #36260 merged Jan 10, 2025

• Add a full-stop to all admin UI help texts where it is missing

  #36212 merged Jan 10, 2025

• fix the empty state of the role mapper because clients is the default

  #36077 merged Jan 10, 2025

• fixed banner style

  #36238 merged Jan 10, 2025

• Avoid using docker hub for pulling images

  #36334 merged Jan 10, 2025

• [FGAP] Add adminPermissionClientCheck to authorization services REST …

  #35946 merged Jan 10, 2025

• Translations update from Hosted Weblate

  #36300 merged Jan 10, 2025

• Fix typo: remove duplicate "the" in documentation

  #36329 merged Jan 9, 2025

• fix: increasing the startup timeout to 1 hour

  #36324 merged Jan 9, 2025

• Add 26.1.0 release to release notes

  #36328 merged Jan 9, 2025

• KerberosLdapCrossRealmTrustTest.test03SpnegoLoginUsernamePassword

  #36319 merged Jan 9, 2025

• Bump @octokit/rest from 21.0.2 to 21.1.0 in /js

  #36314 merged Jan 9, 2025

• Incorrect manage permission for getting a specific execution

  #36299 merged Jan 9, 2025

• WebAuthn registration now respects the configured extra origins policy

  #35404 merged Jan 9, 2025

• Attribute is required only if the corresponding field in the metadata is set

  #36281 merged Jan 8, 2025

• KeycloakServer application not working

  #36302 merged Jan 8, 2025

• Add nullcheck to passwordAgePredicate

  #36298 merged Jan 8, 2025

• Unable to set '--log-syslog-max-length' property

  #36252 merged Jan 8, 2025

• fix: resetting failingSince on datasourceHealthCheck == UP

  #35905 merged Jan 8, 2025

• Bump rollup from 4.30.0 to 4.30.1 in /js

  #36288 merged Jan 8, 2025

• Fix missing Micrometer dependency for generating api docs

  #36293 merged Jan 8, 2025

• Translations update from Hosted Weblate

  #36277 merged Jan 8, 2025

• Add primary key to avoid issues in some mysql 8 servers but still keep…

  #36248 merged Jan 7, 2025

• fix: remove the use of regex for determining local addresses

  #36228 merged Jan 7, 2025

• Adds missing Polish translations to v3 account messages

  #36191 merged Jan 7, 2025

• Translate missing admin messages in Polish

  #36193 merged Jan 7, 2025

• Added status for when user and admin events saving is turned off

  #35673 merged Jan 7, 2025

• Translations specified in the admin console do not override the trans…

  #36269 merged Jan 7, 2025

25 Pull requests opened by 16 people

• SAML/ OIDC Identity Provider AutoUpdate

  #36273 opened Jan 7, 2025

• playwright rewrite

  #36276 opened Jan 7, 2025

• Check next update and cache CRLs in the X509 authenticator

  #36294 opened Jan 8, 2025

• Apply organization feature only applied to realms that use it

  #36313 opened Jan 8, 2025

• Bump typescript from 5.7.2 to 5.7.3 in /js

  #36315 opened Jan 9, 2025

• WIP: Change oauth2 redirection code to 307

  #36335 opened Jan 9, 2025

• fix: adding a check and documenting import naming conventions

  #36340 opened Jan 9, 2025

• Bump lightningcss from 1.28.2 to 1.29.1 in /js

  #36342 opened Jan 10, 2025

• fixed sidebar nav vertical scroll on smaller screens

  #36348 opened Jan 10, 2025

• Allow enforce that users are members of organizations when authenticating

  #36350 opened Jan 10, 2025

• fix: Add username validator for LDAP storage provider to handle speci…

  #36354 opened Jan 10, 2025

• Delete users on ldap sync

  #36359 opened Jan 11, 2025

• Add configurable SMTP timeout

  #36362 opened Jan 11, 2025

• VERIFY_EMAIL as supported Application Initiated Action

  #36366 opened Jan 12, 2025

• Update the documentation on how to run Keycloak IPv6 only

  #36393 opened Jan 13, 2025

• Token exchange - added experimental token exchange V2 divided into mu…

  #36407 opened Jan 13, 2025

• Show error when validate email sending fails

  #36414 opened Jan 13, 2025

• Bump typescript-eslint from 8.19.1 to 8.20.0 in /js

  #36419 opened Jan 14, 2025

• Make @EnableFeature to handle the case with added provider of current…

  #36426 opened Jan 14, 2025

• Add margin to info text on reset password form

  #36428 opened Jan 14, 2025

• [Backport] Error when re-authenticating when organization is enabled

  #36436 opened Jan 14, 2025

• Select auth flow via acr using client policies

  #36441 opened Jan 14, 2025

• Adding SAML adapter zip distribution back to the sources

  #36444 opened Jan 14, 2025

• ClientProtocolCondition.getProviderId() fix

  #36448 opened Jan 14, 2025

• Moving the docs for password metrics to a new guide

  #36449 opened Jan 14, 2025

117 Issues closed by 17 people

• Cannot assign realm roles to user if user has all client roles

  #35994 closed Jan 14, 2025

• Rename `org.keycloak.test` groupId to `org.keycloak.testframework` for new test framework artifacts

  #36431 closed Jan 14, 2025

• Rename `org.keycloak.test` package to `org.keycloak.tests`

  #36389 closed Jan 14, 2025

• Too much space around "Forgot Password" button (keycloak.v2)

  #36432 closed Jan 14, 2025

• Inconsistent TypeScript definitions in the module @keycloak/keycloak-admin-client while compiling

  #25085 closed Jan 14, 2025

• Metric `vendor_jgroups_*` is unstable and can change in upcoming releases

  #36401 closed Jan 14, 2025

• Broken (read-only) database connections not getting removed from connection pool, keycloak claims to be healthy.

  #24493 closed Jan 14, 2025

• `searchClientsByAttributes` doesn't filter results by attributes

  #36361 closed Jan 14, 2025

• Rename `org.keycloak.test.framework` package to `org.keycloak.testframework`

  #36388 closed Jan 14, 2025

• When running Keycloak in testutils with Undertow, the admin UI thows NoMessageBodyWriterFoundFailure

  #36410 closed Jan 14, 2025

• Custom theme : Failed at $lang

  #36412 closed Jan 14, 2025

• Admin Console not loading - return status 204

  #36421 closed Jan 14, 2025

• Cannot insert RoleMappingsProvider inside adapter's subsystem using CLI.

  #33944 closed Jan 14, 2025

• Add Events tab to relevant objects in the UI

  #29113 closed Jan 13, 2025

• PersistentSessionsWorker: retry with 0 backoff ms.

  #35047 closed Jan 13, 2025

• Documentation only: Keycloak behind reverse proxy with mTLS for X.509 login flow --> Possible vulnerability to bypass or spoof the X.509 credentials

  #17059 closed Jan 13, 2025

• Experiencing issues integrating keycloak on ArgoCD

  #36386 closed Jan 13, 2025

• CVE-2024-11734 Denial of Service in Keycloak Server via Security Headers

  #36395 closed Jan 13, 2025

• CVE-2024-11736 Unrestricted admin use of system and environment variables

  #36394 closed Jan 13, 2025

• PersistentSessionsWorker: Cannot access delegate without a transaction

  #36332 closed Jan 13, 2025

• Support OLMv1. Support InstallMode "AllNamespaces"

  #36391 closed Jan 13, 2025

• [Keycloak CI] - Bse IT/Store IT - IdentityProviderTest

  #36375 closed Jan 13, 2025

• CVE-2018-10054 - Remote Code Execution (RCE) in com.h2database:h2

  #36138 closed Jan 13, 2025

• CVE-2018-10054 - Remote Code Execution (RCE) in com.h2database:h2

  #36132 closed Jan 13, 2025

• CVE-2018-10054 - Remote Code Execution (RCE) in com.h2database:h2

  #36097 closed Jan 13, 2025

• CVE-2018-10054 - Remote Code Execution (RCE) in com.h2database:h2

  #35958 closed Jan 13, 2025

• CVE-2018-10054 - Remote Code Execution (RCE) in com.h2database:h2

  #35923 closed Jan 13, 2025

• CVE-2018-10054 - Remote Code Execution (RCE) in com.h2database:h2

  #35915 closed Jan 13, 2025

• CVE-2023-3635 - Denial of Service (DoS) in com.squareup.okio:okio

  #36199 closed Jan 13, 2025

• CVE-2023-3635 - Denial of Service (DoS) in com.squareup.okio:okio

  #36157 closed Jan 13, 2025

• CVE-2023-3635 - Denial of Service (DoS) in com.squareup.okio:okio

  #36124 closed Jan 13, 2025

• CVE-2023-3635 - Denial of Service (DoS) in com.squareup.okio:okio

  #36106 closed Jan 13, 2025

• CVE-2023-3635 - Denial of Service (DoS) in com.squareup.okio:okio

  #36073 closed Jan 13, 2025

• CVE-2023-3635 - Denial of Service (DoS) in com.squareup.okio:okio

  #36026 closed Jan 13, 2025

• CVE-2023-3635 - Denial of Service (DoS) in com.squareup.okio:okio

  #35998 closed Jan 13, 2025

• CVE-2023-3635 - Denial of Service (DoS) in com.squareup.okio:okio

  #35910 closed Jan 13, 2025

• CVE-2023-0833 - Information Exposure in com.squareup.okhttp3:okhttp

  #36198 closed Jan 13, 2025

• CVE-2023-0833 - Information Exposure in com.squareup.okhttp3:okhttp

  #36156 closed Jan 13, 2025

• CVE-2023-0833 - Information Exposure in com.squareup.okhttp3:okhttp

  #36123 closed Jan 13, 2025

• CVE-2023-0833 - Information Exposure in com.squareup.okhttp3:okhttp

  #36105 closed Jan 13, 2025

• CVE-2023-0833 - Information Exposure in com.squareup.okhttp3:okhttp

  #36025 closed Jan 13, 2025

• CVE-2023-0833 - Information Exposure in com.squareup.okhttp3:okhttp

  #36072 closed Jan 13, 2025

• CVE-2023-0833 - Information Exposure in com.squareup.okhttp3:okhttp

  #35997 closed Jan 13, 2025

• CVE-2023-0833 - Information Exposure in com.squareup.okhttp3:okhttp

  #35909 closed Jan 13, 2025

• CVE-2024-47535 - Denial of Service (DoS) in io.netty:netty-common

  #36200 closed Jan 13, 2025

• CVE-2024-47535 - Denial of Service (DoS) in io.netty:netty-common

  #36197 closed Jan 13, 2025

• CVE-2024-47535 - Denial of Service (DoS) in io.netty:netty-common

  #36194 closed Jan 13, 2025

• CVE-2024-47535 - Denial of Service (DoS) in io.netty:netty-common

  #36177 closed Jan 13, 2025

• CVE-2024-47535 - Denial of Service (DoS) in io.netty:netty-common

  #36139 closed Jan 13, 2025

• CVE-2024-47535 - Denial of Service (DoS) in io.netty:netty-common

  #36133 closed Jan 13, 2025

• CVE-2024-47535 - Denial of Service (DoS) in io.netty:netty-common

  #36125 closed Jan 13, 2025

• CVE-2024-47535 - Denial of Service (DoS) in io.netty:netty-common

  #36107 closed Jan 13, 2025

• CVE-2024-47535 - Denial of Service (DoS) in io.netty:netty-common

  #36098 closed Jan 13, 2025

• CVE-2024-47535 - Denial of Service (DoS) in io.netty:netty-common

  #36074 closed Jan 13, 2025

• CVE-2024-47535 - Denial of Service (DoS) in io.netty:netty-common

  #35999 closed Jan 13, 2025

• CVE-2024-47535 - Denial of Service (DoS) in io.netty:netty-common

  #36027 closed Jan 13, 2025

• CVE-2024-47535 - Denial of Service (DoS) in io.netty:netty-common

  #35959 closed Jan 13, 2025

• CVE-2024-47535 - Denial of Service (DoS) in io.netty:netty-common

  #35924 closed Jan 13, 2025

• CVE-2024-47535 - Denial of Service (DoS) in io.netty:netty-common

  #35916 closed Jan 13, 2025

• CVE-2024-47535 - Denial of Service (DoS) in io.netty:netty-common

  #35911 closed Jan 13, 2025

• CVE-2024-47535 - Denial of Service (DoS) in io.netty:netty-common

  #35884 closed Jan 13, 2025

• Error while implementing the distribution cache (ispn) in Keycloak Deployment

  #36373 closed Jan 13, 2025

• New Install Behind a Proxy - get somethingWentWrongDescription

  #36374 closed Jan 13, 2025

• Roll-back change to startup timeout

  #36347 closed Jan 13, 2025

• "Update Profile" page shown, even if there are no Required attributes to be filled

  #33736 closed Jan 13, 2025

• Cannot open administration console: 401 serverinfo

  #36365 closed Jan 12, 2025

• Client session list doesn't show all sessions

  #36196 closed Jan 10, 2025

• Help texts in the admin UI should end with a dot

  #36211 closed Jan 10, 2025

• Realm Roles Mapping Dropdown Hidden with Limited Permissions

  #35311 closed Jan 10, 2025

• ERROR: Failed to run 'build' command

  #36353 closed Jan 10, 2025

• Keycloak V26 breaks extensibility of client scopes with CAS protocol

  #36355 closed Jan 10, 2025

• Double scroll bar due to warning banner

  #33349 closed Jan 10, 2025

• JGroups API

  #11086 closed Jan 10, 2025

• State KC Operator as pre-requisiste

  #36349 closed Jan 10, 2025

• Support Organization attributes in Realm export

  #32214 closed Jan 10, 2025

• Keycloak 26.0.7 exiting without an error message when deployed with mysql

  #36183 closed Jan 10, 2025

• For DB containers used in testing, avoid using docker hub

  #36331 closed Jan 10, 2025

• Track Liquibase workaround for dashes

  #23174 closed Jan 10, 2025

• [FGAP] Add adminPermissionClientCheck to authorization services REST endpoints

  #35945 closed Jan 10, 2025

• Logical flaw in RefreshTokenTest#refreshTokenReuseTokenScopeParameterNotInRefreshToken

  #29952 closed Jan 10, 2025

• max_age is wrongly handled Keycloak oidc Identity Provider leading to exception

  #33641 closed Jan 10, 2025

• Increase startup probe timeout to account for long-running migrations

  #36308 closed Jan 9, 2025

• Configuring the System Truststore - HTTP request error: PKIX path building failed

  #36286 closed Jan 9, 2025

• Keycloak new Management Interface port breaks in GCE Ingress + Operator

  #36257 closed Jan 9, 2025

• [Keycloak CI] - Base IT - KerberosLdapCrossRealmTrustTest.test03SpnegoLoginUsernamePassword

  #34824 closed Jan 9, 2025

• Keycloak realm CRD

  #36321 closed Jan 9, 2025

• Keycloak-js keycloak.logout() no longer wait for request

  #36242 closed Jan 9, 2025

• View users attached to one specific client role causes "Forbidden, permission needed: view-clients"

  #24522 closed Jan 9, 2025

• Issue with "403 Forbidden" Access /admin/realms/{realm}/authentication/executions/{executionId}

  #36121 closed Jan 9, 2025

• Enhance WebAuthn registration to support custom FIDO2 origin validation

  #35110 closed Jan 9, 2025

• Logs are getting written to keycloak.log.1 instead of keycloak.log file

  #30728 closed Jan 9, 2025

• Keycloak V3 theme in account management UI does not pick translation from message bundle

  #36035 closed Jan 8, 2025

• Profile attribute inputs incorrectly marked as required when minimum length is configured

  #36241 closed Jan 8, 2025

• Application login screen does not reflect custom theme

  #36137 closed Jan 8, 2025

• Docs: server_admin/topics/admin-cli.adoc

  #36304 closed Jan 8, 2025

• KeycloakServer application not working anymore

  #36301 closed Jan 8, 2025

• PasswordAgePolicy triggering NullPointerException when credentail does not have createdDate

  #36297 closed Jan 8, 2025

• log-syslog-max-length is ignored

  #35386 closed Jan 8, 2025

• Failing since may be reported incorrectly on health probe

  #35904 closed Jan 8, 2025

• Update PolicyRepresentation with resourceType

  #36296 closed Jan 8, 2025

• Partial Import is not working

  #36057 closed Jan 8, 2025

• Organization Authenticator unexpected behaviour on re-authentication

  #36207 closed Jan 8, 2025

• Getting Started Kubernetes guide not updated

  #36270 closed Jan 8, 2025

• How to configure or update SameSite cookie in keycloak api to either **strict** or **lax**?

  #36289 closed Jan 8, 2025

• Brocken Display Name Field

  #31880 closed Jan 8, 2025

• Translation error Dutch doTryAnotherWay

  #33701 closed Jan 8, 2025

• Regression Mysql 8 support as the upgrade script do not use temporary table

  #35827 closed Jan 7, 2025

• Local IPv6 check still not correct

  #36227 closed Jan 7, 2025

• Move documentation for Node.js adapter into own repo

  #35539 closed Jan 7, 2025

• [FGAP] [UI] Implement AdminPermissionEvaluator implementation for FGAP v2

  #35147 closed Jan 7, 2025

• [FGAP] [UI] Implement changes to the Settings tab to align with FGAP v2 requirements

  #35148 closed Jan 7, 2025

• [FGAP] [UI] Implement changes to the Scopes tab (if it makes sense to include it at all) to align with FGAP v2 requirements

  #35151 closed Jan 7, 2025

• Add missing Polish translations to v3 account messages

  #36187 closed Jan 7, 2025

• Translate missing admin messages into Polish

  #36192 closed Jan 7, 2025

• [FGAP] [UI] Implement changes to the Export tab (if it makes sense to include it at all) to align with FGAP v2 requirements

  #35153 closed Jan 7, 2025

• Show status of storing events in "admin events" and "user events" view

  #34204 closed Jan 7, 2025

• Translations specified in the admin console do not override the translations specified in a theme

  #36037 closed Jan 7, 2025

41 Issues opened by 30 people

• ClientProtocolCondition.getProviderId() typo

  #36447 opened Jan 14, 2025

• Prepare a new guide for Keycloak's own metrics in the observability guide

  #36442 opened Jan 14, 2025

• Remove Node.js adapter documentation from main repo

  #36440 opened Jan 14, 2025

• Remove Node.js adapter documentation from main repo

  #36439 opened Jan 14, 2025

• In Brave browser keycloak-js tries to refresh token directly after login and fails

  #36430 opened Jan 14, 2025

• Missing margin on reset password info text (keycloak.v2)

  #36427 opened Jan 14, 2025

• Make @EnableFeature to handle the case with added provider of currently non-used SPI

  #36425 opened Jan 14, 2025

• Inability to list realms in the interface

  #36422 opened Jan 14, 2025

• Empty state in new events tabs

  #36413 opened Jan 13, 2025

• Verify email required action shows presents message that email was sent even on errors

  #36409 opened Jan 13, 2025

• Partial Import end point removed existing users credentials

  #36408 opened Jan 13, 2025

• Redirect after linking account

  #36405 opened Jan 13, 2025

• "identity-provider-redirector" does not forward LOGIN_HINT of authentication session

  #36396 opened Jan 13, 2025

• Align WebAuthn4J version with Quarkus

  #36385 opened Jan 13, 2025

• Several issues with Open API documentation

  #36384 opened Jan 13, 2025

• Operator tests failing on IPV6 environment

  #36383 opened Jan 13, 2025

• Adding a sub-flow in the Registration flow throws a NullPointerException.

  #36382 opened Jan 13, 2025

• Mismatch in resolution of localized properties between login and account pages

  #36381 opened Jan 13, 2025

• Add custom user profile attributes to register event

  #36364 opened Jan 12, 2025

• Turning off "Review Profile" on Authentication Flow doesn't take effect

  #36360 opened Jan 11, 2025

• [Keycloak CI] - Cookies tests - KcOidcBrokerTokenExchangeTest

  #36345 opened Jan 10, 2025

• Docs: server_development/topics/themes-react.adoc

  #36344 opened Jan 10, 2025

• Scrollbar missing so I can't scroll to the last menu item on the left

  #36338 opened Jan 9, 2025

• User profile validation messages will not be translated in Admin REST API

  #36337 opened Jan 9, 2025

• Have kc_idp_hint work along with prompt=create

  #36336 opened Jan 9, 2025

• [Keycloak CI] - User Federation Tests - LDAPUserProfileTest.testMultipleLDAPProviders

  #36320 opened Jan 9, 2025

• WebAuthn tests for extra origins

  #36317 opened Jan 9, 2025

• external IDP refresh tokens not replicated in infinispan distributed cache - token exchange fails on cluster of multiple pods

  #36316 opened Jan 9, 2025

• Check if organizations feature is enabled for realm

  #36312 opened Jan 8, 2025

• Identity Providers linked to Organization are displayed to users not member of organization

  #36309 opened Jan 8, 2025

• JSON editor does not work in admin-ui

  #36307 opened Jan 8, 2025

• New CLI command: update-compatibility

  #36306 opened Jan 8, 2025

• Initial Zero-Downtime Image handling in KC Operator

  #36305 opened Jan 8, 2025

• Can we avoid creation of user session when requested_token_type is access token?

  #36295 opened Jan 8, 2025

• [Keycloak JavaScript CI] - Admin UI E2E (2, firefox) - realm_test

  #36291 opened Jan 8, 2025

• [Keycloak Integration CI] - Extension - ExtendAccountConsoleTest

  #36290 opened Jan 8, 2025

• Permission editor shows resource IDs instead of names

  #36285 opened Jan 7, 2025

• Fail to import realm during the startup with specific name file

  #36284 opened Jan 7, 2025

• feat(metrics): add label `application` to metrics generated by `keycloak`

  #36280 opened Jan 7, 2025

• Building Keycloak locally on a Windows machine results in an executable that cannot be ran

  #36278 opened Jan 7, 2025

• Null Fields in Policy and Resource When Fetching Permission by ID via SDK

  #36274 opened Jan 7, 2025

83 Unresolved conversations

Sometimes conversations happen on old items that aren’t yet closed. Here is a list of all the Issues and Pull Requests with unresolved conversations.

• UI Customization document - initial chapters

  #35579 commented on Jan 10, 2025 • 32 new comments

• fix: detecting provider changes when running start optimized

  #35845 commented on Jan 9, 2025 • 8 new comments

• Enable branding without code changes

  #34246 commented on Jan 13, 2025 • 8 new comments

• Create credential signer providers to complement credential building

  #36056 commented on Jan 13, 2025 • 2 new comments

• Do not remove users in LDAP when queries return an empty result

  #35013 commented on Jan 13, 2025 • 1 new comment

• Bump @patternfly/react-core from 5.4.10 to 5.4.12 in /js

  #36029 commented on Jan 9, 2025 • 0 new comments

• Incorrect documentation for Direct Naked Impersonation Configuration

  #35902 commented on Jan 14, 2025 • 0 new comments

• [DPoP] : /protocol/openid-connect/token throw error when DPOP feature not enabled on client

  #36261 commented on Jan 14, 2025 • 0 new comments

• DPoP: promote from preview to supported

  #22311 commented on Jan 14, 2025 • 0 new comments

• Automatically disable dormant users.

  #11800 commented on Jan 14, 2025 • 0 new comments

• Support Caddy as a Reverse Proxy Provider for Client Certificate Authentication

  #20761 commented on Jan 14, 2025 • 0 new comments

• Flaky test: org.keycloak.testsuite.broker.KcOidcBrokerTokenExchangeTest#testInternalExternalTokenExchangeStoredToken

  #36031 commented on Jan 14, 2025 • 0 new comments

• Redirection code for valid /auth should be 307 instead of 302

  #36272 commented on Jan 14, 2025 • 0 new comments

• Network Error when attempting to fetch resource only in Firefox

  #36024 commented on Jan 13, 2025 • 0 new comments

• Organizations: Allow Organization Selection

  #34275 commented on Jan 13, 2025 • 0 new comments

• Support automatic reload of rotated certificates and private keys

  #26524 commented on Jan 13, 2025 • 0 new comments

• [Keycloak CI] - Forms IT (chrome) - LoginTest

  #35491 commented on Jan 13, 2025 • 0 new comments

• Update realm erases browser security header fields

  #32921 commented on Jan 13, 2025 • 0 new comments

• user attribute search throws error for Keycloak 24.0.9+

  #35950 commented on Jan 13, 2025 • 0 new comments

• Allow listing federated users without having to execute a search

  #21465 commented on Jan 13, 2025 • 0 new comments

• NPE when no subject_issuer is used for token exchange

  #34869 commented on Jan 13, 2025 • 0 new comments

• Ability to set DN for new users/groups seperate to DN used for search

  #28569 commented on Jan 13, 2025 • 0 new comments

• Support multiple namespaces in operator

  #27534 commented on Jan 13, 2025 • 0 new comments

• CVE-2024-12397 - HTTP Request Smuggling in io.quarkus.http:quarkus-http-core

  #36195 commented on Jan 10, 2025 • 0 new comments

• [FGAP] Design AdminPermissionEvaluator implementation for FGAP v2

  #36018 commented on Jan 14, 2025 • 0 new comments

• Add option to sign the IdP metadata for SAML

  #35934 commented on Jan 8, 2025 • 0 new comments

• Update messages_ko.properties

  #35729 commented on Jan 11, 2025 • 0 new comments

• Add support for RFC 8707 OAuth2 Resource Indicators (#14355)

  #35711 commented on Jan 8, 2025 • 0 new comments

• Add FAPI 2.0 + DPoP security profile as default profile of client policies

  #35443 commented on Jan 8, 2025 • 0 new comments

• Update realm: Remove browser security header attributes from the list of attributes to remove if missing

  #32922 commented on Jan 13, 2025 • 0 new comments

• JDBC resources leaked warning on server startup

  #34195 commented on Jan 14, 2025 • 0 new comments

• Realm not found while exists and works if entered directly in the URL

  #36159 commented on Jan 14, 2025 • 0 new comments

• Conection reset to database after upgrading to keycloak 25

  #33387 commented on Jan 14, 2025 • 0 new comments

• [Jenkins Operator CI] - Test remote - ClusteringTest on OpenShift

  #34868 commented on Jan 14, 2025 • 0 new comments

• The login interface has been unable to log in, and CSP prompts an error.

  #32607 commented on Jan 14, 2025 • 0 new comments

• quarkus-next: StackOverflowError causes build failure

  #34454 commented on Jan 14, 2025 • 0 new comments

• kc_locale parameter not working as expected in keycloak 25 (keycloak.v3 account theme)

  #36116 commented on Jan 14, 2025 • 0 new comments

• Decouple Node.js adapter from Keycloak release cycle

  #34862 commented on Jan 14, 2025 • 0 new comments

• Keycloak Version 25.0.4 Importing Clients via Json sets the Access Token Lifespan to 0 if the Realm setting was changed from the default.

  #36092 commented on Jan 14, 2025 • 0 new comments

• `VERIFY_EMAIL` is not supported as an Application Initiated Action

  #25154 commented on Jan 14, 2025 • 0 new comments

• Stuck on Admin Console Loading Screen - building from source

  #36189 commented on Jan 14, 2025 • 0 new comments

• Improve Support for Token-Exchange

  #31546 commented on Jan 14, 2025 • 0 new comments

• Keycloak Organizations

  #30180 commented on Jan 9, 2025 • 0 new comments

• Unable to set the adminEventsExpiration wile creating an new real via the API

  #36239 commented on Jan 9, 2025 • 0 new comments

• Add Support for Returning Organization ID in POST

  #36152 commented on Jan 9, 2025 • 0 new comments

• OIDC Backchannel Logout not called when session expires

  #25171 commented on Jan 9, 2025 • 0 new comments

• Make domains for organisations optional

  #31285 commented on Jan 9, 2025 • 0 new comments

• KC_RESTART cookie misses a payload

  #36143 commented on Jan 9, 2025 • 0 new comments

• Translation resolution bug in keycloak-admin-ui

  #36103 commented on Jan 8, 2025 • 0 new comments

• Zero downtime upgrade of keycloak

  #14455 commented on Jan 8, 2025 • 0 new comments

• Introduce guide for metrics provided by Keycloak

  #36262 commented on Jan 8, 2025 • 0 new comments

• Add option to disable inactive users after n days.

  #10040 commented on Jan 8, 2025 • 0 new comments

• [OID4VCI] Limit Client capabilities to OpenID Connect or OpenID4VCI

  #32967 commented on Jan 8, 2025 • 0 new comments

• [OID4VCI] Approaching Credential Scope based API design

  #32961 commented on Jan 8, 2025 • 0 new comments

• Clustering IT instability

  #35341 commented on Jan 8, 2025 • 0 new comments

• Write a guide about starting the server as a systemd service

  #10357 commented on Jan 8, 2025 • 0 new comments

• Review Metrics Support

  #9036 commented on Jan 8, 2025 • 0 new comments

• "linked-accounts" endpoint displays all Identity providers

  #19732 commented on Jan 7, 2025 • 0 new comments

• FGAP v2 Implementation: Admin Permission Evaluation, Authorization Schema Expansion, and UI improvements - milestone 3

  #34918 commented on Jan 7, 2025 • 0 new comments

• [FGAP] [UI] Implement changes to the Permission tab to align with FGAP v2 requirements

  #35149 commented on Jan 7, 2025 • 0 new comments

• Check if preview features can be promoted and supported by default

  #16737 commented on Jan 7, 2025 • 0 new comments

• Stop using font icons for IdP logos

  #21548 commented on Jan 7, 2025 • 0 new comments

• [CORS] Allow Access-Control-Allow-Headers customization

  #12682 commented on Jan 13, 2025 • 0 new comments

• Package names for new tests

  #34859 commented on Jan 13, 2025 • 0 new comments

• LDAP groups not showing members in Groups when using memberOf attribute

  #33477 commented on Jan 13, 2025 • 0 new comments

• Users Page Stuck on Loading After Updating to Version 26.0.7 When User-Based Policies Are Configured

  #35990 commented on Jan 13, 2025 • 0 new comments

• IPv6 support: OLM tests not passing

  #34922 commented on Jan 13, 2025 • 0 new comments

• [FGAP] Design `AdminPermissionEvaluator` implementation for FGAP v2

  #34921 commented on Jan 13, 2025 • 0 new comments

• liveness probe /health/live not UP while DB migrations initialization

  #35261 commented on Jan 13, 2025 • 0 new comments

• Allow configuration for SMTP timeouts via configuration

  #14509 commented on Jan 13, 2025 • 0 new comments

• auth/admin/realms/{realm-name}/groups?briefRepresentation=false returns empty subgroups.

  #27694 commented on Jan 13, 2025 • 0 new comments

• 401 Unauthorized on "Manage Account" affer upgrade to version 26.0.7 from 25.0.0

  #35976 commented on Jan 13, 2025 • 0 new comments

• Flaky test: org.keycloak.testsuite.saml.ArtifactBindingWithResolutionServiceTest#testReceiveArtifactLoginFullWithPost

  #34542 commented on Jan 13, 2025 • 0 new comments

• Data loss when using `dev-file` DB with H2 2.3.232

  #32785 commented on Jan 13, 2025 • 0 new comments

• Simplified encryption for JGroups communication

  #35577 commented on Jan 13, 2025 • 0 new comments

• User ID ignored during user creation using the REST API

  #12454 commented on Jan 13, 2025 • 0 new comments

• Map Federated LDAP 'nsAccountLock=true' to disable user

  #21502 commented on Jan 10, 2025 • 0 new comments

• "Content-type: application/json" should not be used for GET requests in Admin UI

  #36224 commented on Jan 10, 2025 • 0 new comments

• Grafana Dashboards

  #34651 commented on Jan 10, 2025 • 0 new comments

• Need username validator when importing from LDAP

  #32640 commented on Jan 10, 2025 • 0 new comments

• Flaky test: org.keycloak.testsuite.cluster.GroupInvalidationClusterTest#crudWithoutFailover

  #35172 commented on Jan 10, 2025 • 0 new comments

• [FGAP] Allow authorization services REST endpoints recognize Authorization schema

  #35176 commented on Jan 10, 2025 • 0 new comments

• Flaky test: org.keycloak.testsuite.broker.KcOidcBrokerTest#loginWithExistingUserWithBruteForceEnabled

  #36216 commented on Jan 10, 2025 • 0 new comments