2 Releases published by 1 person

• 26.3.0

  published Jul 2, 2025

• 26.3.1

  published Jul 9, 2025

262 Pull requests merged by 49 people

• [OID4VCI] Move realm attributes to clientScope and protocol-mappers

  #39768 merged Jul 10, 2025

• Remove /etc/system-fips file before executing fips-mode-setup (26.2)

  #41063 merged Jul 10, 2025

• fix: restricting lookup of existing resources to current owner

  #40985 merged Jul 10, 2025

• Remove /etc/system-fips file before executing fips-mode-setup (26.3)

  #41056 merged Jul 10, 2025

• Improve logging for client sessions load

  #41040 merged Jul 10, 2025

• Remove /etc/system-fips file before executing fips-mode-setup

  #41039 merged Jul 10, 2025

• Run clustering compatibility tests on release/x.y branches

  #40991 merged Jul 9, 2025

• Make UPDATE_EMAIL a supported feature

  #40273 merged Jul 9, 2025

• Generate a UUID to be the JTI instead of reusing the nonce.

  #40007 merged Jul 9, 2025

• Fix NPE when accessing group concurrently

  #41020 merged Jul 9, 2025

• Do not add steps if feature disabled in default flows Allow login if a step is disabled even the authenticator is not enabled by profile Closes #40954

  #41025 merged Jul 9, 2025

• Fix NPE when accessing group concurrently

  #41021 merged Jul 9, 2025

• [OID4VCI] : Update Credential Issuer Metadata Model for OID4VCI Draft-15

  #40749 merged Jul 9, 2025

• BUGFIX: session limit exceeded for both client & realm

  #38017 merged Jul 9, 2025

• Changing default passwordless webauthn policy to follow recommended values in the documentation

  #40820 merged Jul 9, 2025

• Set client in the session context for logout token encode

  #41004 merged Jul 9, 2025

• Do not add steps if feature disabled in default flows

  #40964 merged Jul 9, 2025

• Bump @types/node from 24.0.10 to 24.0.12 in /js

  #41016 merged Jul 9, 2025

• Fix NPE when accessing group concurrently

  #40940 merged Jul 8, 2025

• [OID4VCI]: Add a unique notification_id generation to OID4VCIssuerEndpoint used in CredentialResponse.

  #40229 merged Jul 8, 2025

• Rework floating promises to avoid concurrency side effects

  #40740 merged Jul 8, 2025

• Bump vite from 7.0.0 to 7.0.2 in /js

  #40953 merged Jul 8, 2025

• Bump i18next from 25.3.0 to 25.3.1 in /js

  #40950 merged Jul 8, 2025

• Bump rollup from 4.44.1 to 4.44.2 in /js

  #40951 merged Jul 8, 2025

• Bump react-hook-form from 7.59.0 to 7.60.0 in /js

  #40952 merged Jul 8, 2025

• Bump typescript-eslint from 8.35.1 to 8.36.0 in /js

  #40986 merged Jul 8, 2025

• Bump vite-plugin-checker from 0.9.3 to 0.10.0 in /js

  #40987 merged Jul 8, 2025

• Make passkeys feature dependent on web_authn

  #40976 merged Jul 8, 2025

• Update MAINTAINERS.md

  #40800 merged Jul 8, 2025

• 39546/remove kubernetes stack workarounds 26.2

  #40972 merged Jul 8, 2025

• Translations update from Hosted Weblate

  #40979 merged Jul 8, 2025

• Update documentation when no rolling update is performed

  #40974 merged Jul 8, 2025

• LDAP group mapper skips configured filter and imports all groups with…

  #40982 merged Jul 7, 2025

• Run clustering compatibility tests on release/x.y branches

  #40971 merged Jul 7, 2025

• UserSession Offline removed from DB if not in cache

  #40831 merged Jul 7, 2025

• Fix typo in consent scope

  #40787 merged Jul 7, 2025

• fix: streamlining the client scope update

  #40808 merged Jul 7, 2025

• Update documentation when no rolling update is performed

  #40963 merged Jul 7, 2025

• fix: correcting to use the X-Forwarded-Proto header

  #40905 merged Jul 7, 2025

• fix: correcting spi-theme options

  #40968 merged Jul 7, 2025

• fix: reducing memory footprint for cached entries

  #40807 merged Jul 7, 2025

• Use MgmtPermissionsV2 by default

  #40835 merged Jul 7, 2025

• fix: correcting spi-theme options

  #40966 merged Jul 7, 2025

• [OID4VCI] Remove interval property from Credential Offer

  #40412 merged Jul 7, 2025

• [OID4VCI] Always Return Array for Credential Responses

  #40409 merged Jul 7, 2025

• Provide CLI Parameters for jgroups.* options

  #40690 merged Jul 7, 2025

• Fix NPE when client is not set in context during token encoding

  #40936 merged Jul 7, 2025

• fix: detecting when we can set the serviceName (#40894)

  #40943 merged Jul 6, 2025

• Automatically connect to a writer instance of PostgreSQL

  #40384 merged Jul 4, 2025

• More secure call of Facebook debug token

  #40927 merged Jul 4, 2025

• Check cluster is correctly formed in ClusteredKeycloakServer

  #40859 merged Jul 4, 2025

• fix: detecting when we can set the serviceName

  #40894 merged Jul 4, 2025

• Fix: Inconsistent Results between /users and /users/count Endpoints

  #40265 merged Jul 3, 2025

• Remove myself from the Dutch language maintainers

  #40893 merged Jul 3, 2025

• Added new searchByAttributes function to UsersResource with the exact parameter

  #40168 merged Jul 3, 2025

• Allow host:port syntax for --debug in kc.sh

  #39924 merged Jul 3, 2025

• [26.3] Upgrade to Infinispan 15.0.16.Final

  #40869 merged Jul 3, 2025

• [26.2] Upgrade to Infinispan 15.0.16.Final

  #40871 merged Jul 3, 2025

• Verification of external OIDC token by introspection-endpoint. Adding…

  #40856 merged Jul 3, 2025

• [26.3.x] Unable to configure TLS reloading in Keycloak version 26.2.0 or later

  #40881 merged Jul 3, 2025

• Translations update from Hosted Weblate

  #40801 merged Jul 2, 2025

• Only include new fields for key generation if not useFile (26.3)

  #40868 merged Jul 2, 2025

• Upgrade to Infinispan 15.0.16.Final

  #40852 merged Jul 2, 2025

• fix: map just logging env wildcards to . (#40834)

  #40865 merged Jul 2, 2025

• [26.3.x] Mark options for additional datasources as preview

  #40840 merged Jul 2, 2025

• Only include new fields for key generation if not useFile

  #40863 merged Jul 2, 2025

• Bump @eslint/js from 9.30.0 to 9.30.1 in /js

  #40848 merged Jul 2, 2025

• Bump eslint from 9.30.0 to 9.30.1 in /js

  #40847 merged Jul 2, 2025

• Bump @faker-js/faker from 9.8.0 to 9.9.0 in /js

  #40846 merged Jul 2, 2025

• Bump @types/node from 24.0.8 to 24.0.10 in /js

  #40845 merged Jul 2, 2025

• Bump typescript-eslint from 8.35.0 to 8.35.1 in /js

  #40816 merged Jul 2, 2025

• Mark options for additional datasources as preview

  #40839 merged Jul 2, 2025

• consolidating profile logic and moving reaug related logic

  #38514 merged Jul 2, 2025

• fix: map just logging env wildcards to .

  #40834 merged Jul 2, 2025

• Bump i18next from 25.2.1 to 25.3.0 in /js

  #40815 merged Jul 1, 2025

• Bump @types/dagre from 0.7.52 to 0.7.53 in /js

  #40814 merged Jul 1, 2025

• Bump @types/node from 24.0.4 to 24.0.8 in /js

  #40813 merged Jul 1, 2025

• Bump tar-fs from 3.0.10 to 3.1.0 in /js

  #40812 merged Jul 1, 2025

• Bump @playwright/test from 1.53.1 to 1.53.2 in /js

  #40810 merged Jul 1, 2025

• Bump eslint from 9.29.0 to 9.30.0 in /js

  #40780 merged Jul 1, 2025

• [26.2.x] Unable to configure TLS reloading in Keycloak version 26.2.0 or later

  #40819 merged Jul 1, 2025

• test: Provide test cases for datasources ENV vars handling

  #40760 merged Jul 1, 2025

• Add missing javadocs to published artifacts to allow Maven Central Portal Publisher pass validation process.

  #40830 merged Jul 1, 2025

• Verification of external GitHub token via "check token" endpoint

  #40742 merged Jul 1, 2025

• Use POST binding for logout when REDIRECT url is not set and forced POST (26.2)

  #40824 merged Jul 1, 2025

• Improve javadoc for admin-client methods with injecting own resteasyC…

  #40803 merged Jul 1, 2025

• Updating upgrading guide about changes in user-profile-commons.ftl template

  #40828 merged Jul 1, 2025

• Add missing artifact descriptions to allow Maven Portal Publisher Validation pass.

  #40822 merged Jul 1, 2025

• fix: reducing memory footprint for cached entries

  #40806 merged Jun 30, 2025

• fix: reducing memory footprint

  #40804 merged Jun 30, 2025

• Updating upgrading guide about changes in user-profile-commons.ftl template

  #40794 merged Jun 30, 2025

• Add Xata to ADOPTERS.md

  #40802 merged Jun 30, 2025

• Unable to configure TLS reloading in Keycloak version 26.2.0 or later

  #40790 merged Jun 30, 2025

• [26.2.x] Update docs regarding to use statefulset and not a deployment

  #40797 merged Jun 30, 2025

• fix: adding logic to isolate realm migration processing

  #39377 merged Jun 30, 2025

• update docs regarding to use statefulset and not a deployment

  #40759 merged Jun 30, 2025

• Bump rollup from 4.44.0 to 4.44.1 in /js

  #40746 merged Jun 30, 2025

• Bump @eslint/js from 9.29.0 to 9.30.0 in /js

  #40778 merged Jun 30, 2025

• Bump react-hook-form from 7.58.1 to 7.59.0 in /js

  #40779 merged Jun 30, 2025

• Bump prettier from 3.6.0 to 3.6.2 in /js

  #40781 merged Jun 30, 2025

• Use POST binding for logout when REDIRECT url is not set and forced POST

  #40757 merged Jun 30, 2025

• Added missing translations for greek translation in the login page

  #40664 merged Jun 29, 2025

• Translations update from Hosted Weblate

  #40774 merged Jun 29, 2025

• Adjusted the comparisons for PersistentClientSessionEntity

  #40737 merged Jun 28, 2025

• Translations update from Hosted Weblate

  #40771 merged Jun 28, 2025

• make abstract class AbstractUserRoleMappingMapper public

  #40766 merged Jun 28, 2025

• Do not show update email link if the email attribute is not writable

  #40721 merged Jun 28, 2025

• fix: switching to the registry addon for olm testing (#40334) (#40349)

  #40769 merged Jun 28, 2025

• Disable email verification when email manually changed by idp review

  #40750 merged Jun 27, 2025

• Fixing how translatable fields are set and ignoring formatting for root user attributes

  #40724 merged Jun 27, 2025

• Documentation changes for Passkeys

  #40728 merged Jun 27, 2025

• Translations update from Hosted Weblate

  #40745 merged Jun 27, 2025

• Move section in the upgrading guide

  #40735 merged Jun 27, 2025

• Support all i18n keys for messages_ru.properties

  #40417 merged Jun 27, 2025

• Bump @eslint/compat from 1.3.0 to 1.3.1 in /js

  #40727 merged Jun 26, 2025

• Bump eslint-plugin-prettier from 5.5.0 to 5.5.1 in /js

  #40725 merged Jun 26, 2025

• Windows fixes for 26.0 branch (26.0)

  #40743 merged Jun 26, 2025

• Make rolling-updates-v2 preview feature

  #40732 merged Jun 26, 2025

• Access Token IDs have less than 128 bits of entropy

  #40287 merged Jun 26, 2025

• Set a unique fragment key to please React

  #40599 merged Jun 26, 2025

• Disable email verification when email manually changed by idp review (26.2)

  #40733 merged Jun 26, 2025

• Verification of external facebook token via "debug token" endpoint

  #40720 merged Jun 26, 2025

• [Test framework] ImpersonationTest migration

  #39324 merged Jun 26, 2025

• Translations update from Hosted Weblate

  #40642 merged Jun 26, 2025

• Adjusted the comparisons

  #40676 merged Jun 26, 2025

• fix: refinements for ipv6 only testing

  #40723 merged Jun 26, 2025

• Resolve resources with same URI if the permission request is based on URI matching

  #40698 merged Jun 26, 2025

• Integrate passkeys with the organization authenticator

  #40714 merged Jun 26, 2025

• Allow passkeys login when user has no password credential

  #40719 merged Jun 26, 2025

• Forward LOGIN_HINT of authentication session with identity-provider-r…

  #36943 merged Jun 26, 2025

• shows what patching logic should look like

  #40450 merged Jun 25, 2025

• Missing Quarkus flag for Syslog counting framing

  #40621 merged Jun 25, 2025

• fix: refining breaking behavior

  #40697 merged Jun 25, 2025

• quarkus-next: update Quarkus snapshots url

  #40716 merged Jun 25, 2025

• Bump vite from 6.3.5 to 7.0.0 in /js

  #40700 merged Jun 25, 2025

• Bump @types/node from 24.0.3 to 24.0.4 in /js

  #40699 merged Jun 25, 2025

• Bump mocha from 11.7.0 to 11.7.1 in /js

  #40701 merged Jun 25, 2025

• Revert changes from #40497

  #40715 merged Jun 25, 2025

• Create clustering test cases for OIDC flows

  #40623 merged Jun 25, 2025

• Bump rollup from 4.43.0 to 4.44.0 in /js

  #40627 merged Jun 25, 2025

• Bump react-hook-form from 7.57.0 to 7.58.1 in /js

  #40570 merged Jun 25, 2025

• Update javadoc of java admin-client for Keycloak 26.3

  #40710 merged Jun 25, 2025

• [26.2.x] Use updated PostgresDatabase from Liquibase 4.32.0

  #40686 merged Jun 25, 2025

• Integrate passkeys with separate username and password forms

  #40371 merged Jun 25, 2025

• Disable email verification when email manually changed by idp review.

  #40520 merged Jun 25, 2025

• Key generation for client authentication is always RSA 2048 with a 10-year validity, regardless of the selected algorithm

  #40428 merged Jun 25, 2025

• Bump eslint-plugin-prettier from 5.4.1 to 5.5.0 in /js

  #40569 merged Jun 24, 2025

• Bump prettier from 3.5.3 to 3.6.0 in /js

  #40673 merged Jun 24, 2025

• Bump typescript-eslint from 8.34.1 to 8.35.0 in /js

  #40672 merged Jun 24, 2025

• Bump @playwright/test from 1.53.0 to 1.53.1 in /js

  #40608 merged Jun 24, 2025

• Bump mocha from 11.6.0 to 11.7.0 in /js

  #40607 merged Jun 24, 2025

• Bump @dagrejs/dagre from 1.1.4 to 1.1.5 in /js

  #40571 merged Jun 24, 2025

• Bump vitest from 3.2.3 to 3.2.4 in /js

  #40568 merged Jun 24, 2025

• Deprecate the original Passkeys Conditional UI Authenticator

  #40674 merged Jun 24, 2025

• Use updated PostgresDatabase from Liquibase 4.32.0

  #40530 merged Jun 24, 2025

• fix: correcting additional legacy scope usage

  #40644 merged Jun 24, 2025

• Issue with Handling Negative Values in Certain Fields of Brute Force Detection

  #40538 merged Jun 24, 2025

• Fix: Removed conditional check preventing use of custom attribute names

  #40653 merged Jun 24, 2025

• Fix and enable account-ui tests

  #40671 merged Jun 24, 2025

• Bump @types/node from 24.0.1 to 24.0.3 in /js

  #40540 merged Jun 23, 2025

• Bump typescript-eslint from 8.34.0 to 8.34.1 in /js

  #40541 merged Jun 23, 2025

• Bump tar-fs from 3.0.9 to 3.0.10 in /js

  #40539 merged Jun 23, 2025

• Bump eslint from 9.28.0 to 9.29.0 in /js

  #40504 merged Jun 23, 2025

• Bump @eslint/js from 9.28.0 to 9.29.0 in /js

  #40503 merged Jun 23, 2025

• Bump lint-staged from 16.1.0 to 16.1.2 in /js

  #40502 merged Jun 23, 2025

• Bump react-i18next from 15.5.2 to 15.5.3 in /js

  #40467 merged Jun 23, 2025

• [26.2] Cache configuration backports

  #40636 merged Jun 20, 2025

• Update documentation about volatile sessions

  #40640 merged Jun 20, 2025

• Clarify OpenShift instructions

  #40488 merged Jun 20, 2025

• [docs] fix spelling error Update hostname.adoc

  #40638 merged Jun 20, 2025

• Translations update from Hosted Weblate

  #40626 merged Jun 20, 2025

• Use offline time calculations when transient created from offline

  #40624 merged Jun 20, 2025

• Applying escaping of theme contents

  #40597 merged Jun 19, 2025

• Use offline time calculations when transient created from offline

  #40615 merged Jun 19, 2025

• Allowing all maintainers to approve UI changes

  #40612 merged Jun 19, 2025

• Copy restored maven repo to home folder in Windows

  #40595 merged Jun 19, 2025

• [26.2.x] Additional Quarkus devtools dependencies in distribution

  #40610 merged Jun 19, 2025

• Additional Quarkus devtools dependencies in distribution

  #40458 merged Jun 19, 2025

• Making DefaultLazyLoader thread safe

  #40532 merged Jun 18, 2025

• Allowing all maintainers to approve UI changes

  #40577 merged Jun 18, 2025

• [26.2.x] Make UPDATE_TIME unique for MIGRATION_MODEL table

  #40590 merged Jun 18, 2025

• Make UPDATE_TIME unique for MIGRATION_MODEL table

  #40098 merged Jun 18, 2025

• Bump @rollup/plugin-commonjs from 28.0.3 to 28.0.6 in /js

  #40572 merged Jun 18, 2025

• Extend upgrading guide for OTP device has a unique label

  #40482 merged Jun 18, 2025

• Change to useRealm all the policies tabs

  #40286 merged Jun 18, 2025

• Parse long issue reference variant from body

  #40575 merged Jun 18, 2025

• Removing the Windows optimization as it is currently unstable

  #40588 merged Jun 18, 2025

• Removing the Windows optimization as it is currently unstable

  #40584 merged Jun 18, 2025

• chore(i18n): Update Polish lang in email and account theme

  #40581 merged Jun 18, 2025

• Preserve query parameters when redirecting requests

  #40490 merged Jun 18, 2025

• Reworking the release notes for the upcoming release

  #40549 merged Jun 18, 2025

• chore(i18n): Sync Polish translation with English

  #40567 merged Jun 18, 2025

• fix: prevent multiple init when dependsOn is used

  #40550 merged Jun 18, 2025

• docs(caching): clarified wording for the jgroups fd port offset

  #40565 merged Jun 18, 2025

• Mark user as disabled if reaching max login failures and permanent lockout is enabled

  #40560 merged Jun 18, 2025

• Clarify FIPS instructions

  #40562 merged Jun 18, 2025

• Translations update from Hosted Weblate

  #40536 merged Jun 18, 2025

• Invalidate user cache entries when email or username are different from storage

  #40256 merged Jun 17, 2025

• Update command for linking Maven repository on Windows

  #40554 merged Jun 17, 2025

• Fix message format parsing when linking accounts

  #40492 merged Jun 17, 2025

• Use computer language for createTimeout integer value

  #40544 merged Jun 17, 2025

• Fix markdown output by adding closing brackets

  #40367 merged Jun 17, 2025

• Parse long issue reference variant from body

  #40366 merged Jun 17, 2025

• Upgrade webauth4j to current release 0.29.3

  #40522 merged Jun 17, 2025

• add labels and annotations to service (httpSpec)

  #39925 merged Jun 17, 2025

• fix: prevent multiple init when dependsOn is used

  #40537 merged Jun 17, 2025

• Disabling persistent sessions affects also offline session cache

  #40484 merged Jun 17, 2025

• Clarify FIPS instructions

  #40534 merged Jun 17, 2025

• Update command for linking Maven repository on Windows

  #40529 merged Jun 17, 2025

• Translations update from Hosted Weblate

  #40449 merged Jun 16, 2025

• Bump github/codeql-action from 3.28.19 to 3.29.0

  #40432 merged Jun 16, 2025

• Avoid calling the underlying user storage multiple times when lazily loading model attributes

  #40418 merged Jun 16, 2025

• Add briefRepresentation to get organizations from user

  #40435 merged Jun 16, 2025

• kyrgyz language support

  #40473 merged Jun 16, 2025

• Load new locale before showing the alert

  #40495 merged Jun 16, 2025

• Update flows.adoc

  #40491 merged Jun 16, 2025

• fix: removing lifecylce in initContainers

  #40455 merged Jun 16, 2025

• 39429/OfflineSessionPersistenceTest testPersistenceMultipleNodesClientSessionsAtRandomNode

  #40459 merged Jun 16, 2025

• fix(i18n): add missing comma before 'a' in Polish password reset message

  #40471 merged Jun 13, 2025

• Fix link to client-registration in docs

  #40486 merged Jun 13, 2025

• Fix link to client-registration in docs

  #40462 merged Jun 13, 2025

• Add clustering tests to new test framework

  #40283 merged Jun 13, 2025

• support setting periodSeconds and failureThreashold in the Keyclock CR

  #40117 merged Jun 13, 2025

• fix: adding a -- separator for spi options

  #40005 merged Jun 13, 2025

• longer retries to increase stability

  #40378 merged Jun 13, 2025

• fix: adding a mapping directly from an env property to a wildcard

  #39602 merged Jun 13, 2025

• Bump rollup from 4.42.0 to 4.43.0 in /js

  #40429 merged Jun 12, 2025

• Bump @vitejs/plugin-react-swc from 3.10.1 to 3.10.2 in /js

  #40392 merged Jun 12, 2025

• Highlight all types of features in the admin console

  #40425 merged Jun 12, 2025

• Bump @playwright/test from 1.52.0 to 1.53.0 in /js

  #40393 merged Jun 12, 2025

• Bump @eslint/compat from 1.2.9 to 1.3.0 in /js

  #40430 merged Jun 12, 2025

• Bump @types/node from 24.0.0 to 24.0.1 in /js

  #40431 merged Jun 12, 2025

• Remove duplicate definition of WebAuthnErrorPage in AbstractWebAuthnAccountTest

  #40452 merged Jun 12, 2025

• Implemented validation to ensure each OTP device has a unique label

  #38657 merged Jun 12, 2025

• Add templates for release notes and migration guide

  #40442 merged Jun 12, 2025

• Add link to OIDC discovery specification to the docs.

  #40443 merged Jun 12, 2025

• Add tests for webauthn configuration AvoidSameAuthenticatorRegister

  #40437 merged Jun 12, 2025

• Remove obsolete information from the Keycloak deployment

  #40415 merged Jun 12, 2025

• Re-sort the release notes and upgrading guide

  #40424 merged Jun 12, 2025

• Documentation changes for the 2FA additions

  #40411 merged Jun 12, 2025

• Translations update from Hosted Weblate

  #40433 merged Jun 12, 2025

• Bump vitest from 3.2.2 to 3.2.3 in /js

  #40359 merged Jun 11, 2025

• Create a transient client session if the RPT is originating from a client session that does not exist in the user session

  #40414 merged Jun 11, 2025

• Update links to OAuth 2.1 draft spec and change link from BCP to RFC9700

  #40421 merged Jun 11, 2025

• [26.2] MigrationModel duplicate entry

  #40404 merged Jun 11, 2025

• fix: enabling property mapping during validation

  #40103 merged Jun 11, 2025

• Set window size instead of maximize because it fails in chrome 137 (26.2)

  #40416 merged Jun 11, 2025

• Validate client scopes registration policy configuration

  #40254 merged Jun 11, 2025

• Translations update from Hosted Weblate

  #40331 merged Jun 11, 2025

• Remove obsolete information from the Keycloak deployment

  #40376 merged Jun 11, 2025

• Set window size instead of maximize because it fails in chrome 137

  #40410 merged Jun 11, 2025

• Bump manusa/actions-setup-minikube from 2.13.1 to 2.14.0

  #39346 merged Jun 11, 2025

• Redirect requests from outdated theme version to the current theme version

  #39725 merged Jun 11, 2025

• MigrationModel duplicate entry

  #39994 merged Jun 11, 2025

• fix: being more flexible with the minikube ip

  #40379 merged Jun 11, 2025

• Fix missing background color for dropdown panels in keycloak.v2 theme

  #40382 merged Jun 11, 2025

• Bump @types/node from 22.15.26 to 24.0.0 in /js

  #40394 merged Jun 11, 2025

• Bump simple-git from 3.27.0 to 3.28.0 in /js

  #40338 merged Jun 10, 2025

• Bump rollup from 4.41.1 to 4.42.0 in /js

  #40337 merged Jun 10, 2025

• Bump eslint-plugin-prettier from 5.4.0 to 5.4.1 in /js

  #40123 merged Jun 10, 2025

• Password modification time attribute as an operational and read-only attribute

  #40280 merged Jun 10, 2025

• Pin Snyk action to latest commit hash

  #40381 merged Jun 10, 2025

61 Pull requests opened by 35 people

• use user and client from form when on the events section (#35098)

  #40389 opened Jun 10, 2025

• Fix invalid OpenAPI specifications

  #40401 opened Jun 11, 2025

• Ease implementation of custom AccountConsole extensions (#40464)

  #40465 opened Jun 12, 2025

• initial version of Modal Client select

  #40475 opened Jun 13, 2025

• Fix for "Account UI ignores identity provider display order"

  #40493 opened Jun 14, 2025

• Make organization `domains` optional

  #40508 opened Jun 16, 2025

• Manage Organization Invites

  #40526 opened Jun 16, 2025

• removed unreachable corsResponse calls

  #40552 opened Jun 17, 2025

• Add test related to creating group with sample attributes

  #40558 opened Jun 17, 2025

• Manage Organization Roles

  #40586 opened Jun 18, 2025

• set auto-mount service account token to false in keycloak pods

  #40605 opened Jun 18, 2025

• Allow editing the protocol mapper name

  #40618 opened Jun 19, 2025

• Show required fields when configuring protocol mappers

  #40620 opened Jun 19, 2025

• fix(organizations): display unlinked idp on unknown user matching email domain

  #40651 opened Jun 21, 2025

• added a non-null check to check whether the to be exported realm exists

  #40655 opened Jun 22, 2025

• Fixed the IDs comparison logic

  #40667 opened Jun 23, 2025

• Removed redundant null checks

  #40679 opened Jun 24, 2025

• Replace keySet with entrySet.

  #40685 opened Jun 24, 2025

• Fix wrong dependent registering in Registry

  #40691 opened Jun 24, 2025

• [OID4VCI]: Add support for parsing and understanding authorization_details at the Token Endpoint

  #40751 opened Jun 27, 2025

• Implement a new impersonation flow that uses action tokens

  #40767 opened Jun 27, 2025

• Fallback to display text consent scopes

  #40789 opened Jun 30, 2025

• Improve realm search by name (#40793)

  #40795 opened Jun 30, 2025

• Bump github/codeql-action from 3.29.0 to 3.29.2

  #40811 opened Jul 1, 2025

• Adjust comment for Property mapper transformation

  #40829 opened Jul 1, 2025

• Upgrade to the Quarkus 3.24.2 version

  #40867 opened Jul 2, 2025

• task: better document property mapping

  #40873 opened Jul 2, 2025

• Bump snyk/actions from cdb760004ba9ea4d525f2e043745dfe85bb9077e to 28606799782bc8e809f4076e9f8293bc4212d05e

  #40876 opened Jul 3, 2025

• implementing json patch

  #40904 opened Jul 3, 2025

• fix: further refining logic and docs around import/export

  #40906 opened Jul 3, 2025

• Bump react-i18next from 15.5.3 to 15.6.0 in /js

  #40909 opened Jul 4, 2025

• Add Selective Consent for clients

  #40922 opened Jul 4, 2025

• Allow configure encryption details for SAML clients

  #40937 opened Jul 4, 2025

• Remove FGAP:v1 from external-internal token exchange

  #40938 opened Jul 4, 2025

• Change error to 400 for unknown user

  #40939 opened Jul 4, 2025

• Update Traditional Chinese locale to latest version

  #40941 opened Jul 5, 2025

• Bump aquasecurity/trivy-action from 0.31.0 to 0.32.0

  #40949 opened Jul 7, 2025

• Forward isMemberOf call to the next delegate if the group is not mana…

  #40969 opened Jul 7, 2025

• Remove workaround for handling Syslog counting framing

  #40989 opened Jul 8, 2025

• Improve handling of enum types for Keycloak options

  #40994 opened Jul 8, 2025

• Fix #40995 avoid ModelException: At least one condition should be pr…

  #40996 opened Jul 8, 2025

• Default jdbc-ping cluster setup for distributed caches fails in Oracle

  #40999 opened Jul 8, 2025

• [OID4VCI] Add support for credential_response_encryption in credential request

  #41001 opened Jul 8, 2025

• fix: using defaults when mapFrom is null

  #41005 opened Jul 8, 2025

• Custom user profile providers should use the factory ID

  #41012 opened Jul 8, 2025

• Adding a config to the UPDATE_EMAIL action to force users to verify email

  #41013 opened Jul 8, 2025

• Bump chai from 5.2.0 to 5.2.1 in /js

  #41015 opened Jul 9, 2025

• Translations update from Hosted Weblate

  #41017 opened Jul 9, 2025

• Expose tokens expiresIn in KeycloakAdminClient

  #41024 opened Jul 9, 2025

• Wildcard mappers should be implicitly handled and value propagated

  #41026 opened Jul 9, 2025

• Allow Features to declare that they support Rolling upgrades

  #41027 opened Jul 9, 2025

• Mark user session for removal when the user bound to cannot be resolved

  #41042 opened Jul 9, 2025

• Update email feature only enabled if the required action is enabled at the realm

  #41046 opened Jul 9, 2025

• Bump i18next from 25.3.1 to 25.3.2 in /js

  #41047 opened Jul 10, 2025

• Increase timeout when publishing to Maven Central

  #41051 opened Jul 10, 2025

• saml-idp: Draft support for extended SAML identity provider configuration in Admin Console

  #41053 opened Jul 10, 2025

• Add option 'Requires short state parameter' to OIDC IDP

  #41059 opened Jul 10, 2025

• [26.2] Improve logging for client sessions load

  #41066 opened Jul 10, 2025

• [26.3] Improve logging for client sessions load

  #41067 opened Jul 10, 2025

• Add pagination to user idp links.

  #41068 opened Jul 10, 2025

• Remove /etc/system-fips file before executing fips-mode-setup (26.0)

  #41069 opened Jul 10, 2025

226 Issues closed by 28 people

• Group permission denies to view user

  #40965 closed Jul 10, 2025

• [OID4VCI] Return vc-credential-scopes in AccessToken-scope

  #39530 closed Jul 10, 2025

• [OID4VCI] Adjust ClientScope validation to ClientScope attributes

  #39529 closed Jul 10, 2025

• [OID4VCI] Update the claims structure in credential issuer metadata across credential format profiles

  #39289 closed Jul 10, 2025

• [OID4VCI] Deprecate support for retrieving credential by `format` or `claims` at the Credential Endpoint

  #39282 closed Jul 10, 2025

• [OID4VCI] use credential_configuration_id on credential-request if scope was used

  #39309 closed Jul 10, 2025

• [OID4VCI] Move vc-attributes from realm to ClientScopes

  #39528 closed Jul 10, 2025

• [Operator] UpdateTest.testImageChange throws TimeoutException

  #40932 closed Jul 10, 2025

• Improve logging for client sessions load

  #41034 closed Jul 10, 2025

• Apache Reverse Proxy Setup

  #41062 closed Jul 10, 2025

• [Keycloak CI] - Quarkus IT - MetricsDistTest

  #40888 closed Jul 10, 2025

• FIPS errors in CI

  #41038 closed Jul 10, 2025

• Console incorrectly refers to MAC algorithms as "Signature algorithm"

  #38664 closed Jul 10, 2025

• FIPS-enabled container Kerberos authentication fails because of user salt length requirements

  #38840 closed Jul 10, 2025

• Keycloak call taking more than 30 Sec

  #40703 closed Jul 9, 2025

• UserSessionModel.removeAuthenticatedClientSessions() does not consistently replicate changes across cluster nodes

  #40998 closed Jul 9, 2025

• Make UPDATE_EMAIL a supported feature

  #40227 closed Jul 9, 2025

• Action Tokens Copy Nonce Into JTI

  #40160 closed Jul 9, 2025

• Keycloak 26.3.0 Performance Degradation (Installed with Operator)

  #40946 closed Jul 9, 2025

• [OID4VCI] Clean up and update the Credential Issuer Metadata model

  #39290 closed Jul 9, 2025

• User session limit exceeded for both realm and client removes the wrong session

  #38016 closed Jul 9, 2025

• Changing default passwordless webauthn policy to follow recommended values in the documentation

  #40792 closed Jul 9, 2025

• Backchannel logout token with an unexpected signature algorithm key

  #40984 closed Jul 9, 2025

• Keycloak 26.3.0 Regression: Failed to login if web-authn is disabled

  #40954 closed Jul 9, 2025

• User serach with first/last name from keycklock consol with multiple words in giving no record

  #38736 closed Jul 9, 2025

• NPE during loading user groups with concurrent deletion

  #40368 closed Jul 8, 2025

• [OID4VCI] Consider returning a `notification_id` in credential responses to support issuance flows that can contain more than one credential

  #39284 closed Jul 8, 2025

• Avoid floating promises in UI code

  #40739 closed Jul 8, 2025

• keycloack-0 pod goes CrashLoopBackOff, I deploy Keycloack with the yaml file provided by keycloacl.org site

  #40752 closed Jul 8, 2025

• Memory leak when updating LDAP federated user (join groups / update attributes)

  #38477 closed Jul 8, 2025

• Make passkeys feature dependent on web_authn

  #40975 closed Jul 8, 2025

• Run clustering compatibility tests on release/x.y branches

  #40970 closed Jul 7, 2025

• UserSession Offline removed from DB if not in cache

  #40754 closed Jul 7, 2025

• Typo in Consent Scope Representation

  #40786 closed Jul 7, 2025

• Optimize createClients on realm import

  #40805 closed Jul 7, 2025

• Update limitations of the preview feature rolling updates for patch releases

  #40962 closed Jul 7, 2025

• Proxy detection needs tweaked for insecure context warning

  #40903 closed Jul 7, 2025

• REST Admin API - ClientsResource response with 200 OK even needed roles are missing

  #40192 closed Jul 7, 2025

• Run tests as part of Keycloak CI in main but make sure a failure does not block PR merging

  #39966 closed Jul 7, 2025

• Improve ec2 transport stack documentation

  #39226 closed Jul 7, 2025

• Docs: server_development/topics/themes.adoc

  #40930 closed Jul 7, 2025

• [OID4VCI] Remove reference to an interval property in Credential Offer payloads

  #39294 closed Jul 7, 2025

• [OID4VCI] Update credential response (even if deferred) to always return an array when not returning a `transaction_id`

  #39283 closed Jul 7, 2025

• Provide CLI Parameters for jgroups.* options

  #40481 closed Jul 7, 2025

• NPE thrown when encoding a token without having a client set in the session

  #40935 closed Jul 7, 2025

• Keycloak Version 25.0.4 Importing Clients via Json sets the Access Token Lifespan to 0 if the Realm setting was changed from the default.

  #36092 closed Jul 7, 2025

• SearchQueryUtils.getFields(searchQuery) does not allow \ in query

  #37281 closed Jul 7, 2025

• OrganizationProvider.getMembersCount ignores federated members

  #38474 closed Jul 7, 2025

• null username for federated records

  #38495 closed Jul 7, 2025

• Migrating from keycloak 15 to keycloak 20.0.1

  #16074 closed Jul 7, 2025

• Quarkus profile behaviour changed between v25 and v26

  #40925 closed Jul 5, 2025

• KC should connect to a writer instance of PostgreSQL automatically

  #40383 closed Jul 4, 2025

• Session Lost on Page Refresh in SPA For Keycloak v26.1.0

  #40854 closed Jul 4, 2025

• More secure call of Facebook debug token

  #40926 closed Jul 4, 2025

• Check cluster is correctly formed in ClusteredKeycloakServer

  #40858 closed Jul 4, 2025

• Keycloak Operator 26.3.0 fails to update to 26.3.0

  #40890 closed Jul 4, 2025

• Consistent behaviour for User API getUsers and count

  #38556 closed Jul 3, 2025

• Exact match in users/count

  #29295 closed Jul 3, 2025

• Users searchAttributes broken for empty value

  #39609 closed Jul 3, 2025

• `--debug` does not work with docker container version of Keycloak

  #38924 closed Jul 3, 2025

• Consider creating `ExternalToInternalTokenExchangeTest` for external to internal token exchange v2

  #40198 closed Jul 3, 2025

• Verification of external OIDC token by introspection-endpoint

  #40167 closed Jul 3, 2025

• Upgrade to Infinispan 15.0.16.Final

  #40851 closed Jul 2, 2025

• Size and validation options in SAML import

  #40860 closed Jul 2, 2025

• keycloak apache2 setup on Oracle Linux

  #40836 closed Jul 2, 2025

• Reverse proxy setup cookie issue

  #40861 closed Jul 2, 2025

• Mark options for additional datasources as preview

  #40838 closed Jul 2, 2025

• Consolidate profile logic

  #38581 closed Jul 2, 2025

• Change database wildcards to default to - instead of .

  #40833 closed Jul 2, 2025

• Organization Identity-First Login authenticator missing localization

  #38412 closed Jul 2, 2025

• Verification of external github token by github "check token" endpoint

  #40164 closed Jul 1, 2025

• Improve javadoc for admin-client methods with injecting own resteasyClient

  #40231 closed Jul 1, 2025

• Client Service Account User doesn't have direct or inherited attributes mapped in access token

  #40102 closed Jul 1, 2025

• Breaking template change: Unknown `locale` input field added to user-profile registration page

  #39562 closed Jul 1, 2025

• Appdev Realm broken

  #40355 closed Jul 1, 2025

• PassKey + Jackson version confict

  #40397 closed Jul 1, 2025

• Importing a realm takes more than 1 minute when multiple others exist.

  #35932 closed Jun 30, 2025

• FacadeClassLoader failing on quarkus-next workflow

  #40516 closed Jun 30, 2025

• Unable to configure TLS reloading in Keycloak version 26.2.0 or later

  #40713 closed Jun 30, 2025

• Improve migration performance

  #38649 closed Jun 30, 2025

• Migration progress missing

  #33978 closed Jun 30, 2025

• Emphasize using StatefulSet instead of Deployment

  #40090 closed Jun 30, 2025

• Support synchronization of OpenLDAP groups with the same cn but different parent OUs

  #40738 closed Jun 30, 2025

• Front logout channel broken in 26.2.5 for saml

  #40637 closed Jun 30, 2025

• Can't impersonate a user cross-realm?

  #38184 closed Jun 30, 2025

• Deadlocks on table OFFLINE_USER_SESSION / OFFLINE_CLIENT_SESSION with Keycloak 26.1.3

  #37864 closed Jun 30, 2025

• Translation key missing from Greek translations.

  #40632 closed Jun 29, 2025

• Make abstract class AbstractUserRoleMappingMapper public

  #40765 closed Jun 28, 2025

• Hide update email link in account console when email is read-only in user profile

  #39669 closed Jun 28, 2025

• 使用 Keycloak Operator 26.2.5 创建 CR ，自动创建的 NGINX ingress 服务名问题

  #40476 closed Jun 27, 2025

• Creating a user profile attribute "displayName" does not work as expected.

  #40497 closed Jun 27, 2025

• Documentation for passkeys for 26.3.0

  #40705 closed Jun 27, 2025

• Support all i18n keys for messages_ru.properties

  #40336 closed Jun 27, 2025

• Upgrade command rolling updates for patch releases / step 2: preview

  #38883 closed Jun 26, 2025

• Access Token IDs have less than 128 bits of entropy

  #38663 closed Jun 26, 2025

• Account console reports duplicate keys in development mode

  #40598 closed Jun 26, 2025

• SAML client Encryption keys: Import Java keystore returns Invalid keystore format

  #40499 closed Jun 26, 2025

• Verification of external facebook token by facebook "debug token" endpoint

  #40163 closed Jun 26, 2025

• Cannot register passkey as first 2FA credential.

  #39770 closed Jun 26, 2025

• Potential copy-paste issue in PersistentClientSessionEntity.java

  #40663 closed Jun 26, 2025

• Support IPv6 only environments

  #21277 closed Jun 26, 2025

• Multiple resources that match same URI with different scope cause inconsistent authorization response

  #40695 closed Jun 26, 2025

• Passkeys conditional UI: integration with the organization authenticator

  #40022 closed Jun 26, 2025

• Allow passkeys login when user has no password credential

  #40717 closed Jun 26, 2025

• "identity-provider-redirector" does not forward LOGIN_HINT of authentication session

  #36396 closed Jun 26, 2025

• Missing Quarkus flag for syslog logging

  #39893 closed Jun 25, 2025

• quarkus-next: update Quarkus snapshots url

  #40694 closed Jun 25, 2025

• Existing Organization Mapper in default Client Scope not in JWT in 26.2.5

  #40670 closed Jun 25, 2025

• Create test cases for admin UI

  #39968 closed Jun 25, 2025

• Create test cases for OIDC flows

  #39965 closed Jun 25, 2025

• Admin Console stuck in Loading following Kubernetes example

  #40113 closed Jun 25, 2025

• Update javadoc of java admin-client for Keycloak 26.3

  #40709 closed Jun 25, 2025

• Static Resources return 404 due to divergent startup hashes in Multi-Pod Deployment

  #40678 closed Jun 25, 2025

• Passkeys conditional UI: integration with independent username and password form

  #40021 closed Jun 25, 2025

• Review Profile makes users prone to phishing attacks

  #40446 closed Jun 25, 2025

• Key generation for client authentication is always RSA 2048 with a 10-year validity, regardless of the selected algorithm

  #38620 closed Jun 25, 2025

• Token exchange. Internal -> External fails(not_linked) even though account is linked

  #37193 closed Jun 25, 2025

• Querying users of a realm role does not return users that have transitive membership / membership via inheritance

  #37209 closed Jun 25, 2025

• Keycloak shows Attribute instead of username on Login Form

  #37937 closed Jun 25, 2025

• Deprecate or remove the current conditionalUI authenticator

  #40033 closed Jun 24, 2025

• Bootstrap admin account does not work

  #40688 closed Jun 24, 2025

• Liquibase update failed from KC 26.1 to KC 26.2 with PostgreSQL JDBC driver 42.7.5

  #39917 closed Jun 24, 2025

• Issue with Handling Negative Values in Certain Fields of Brute Force Detection

  #40353 closed Jun 24, 2025

• JGroups channel not starting in dns-ping stack even after configuring KC_CACHE_STACK as kubernetes

  #40372 closed Jun 24, 2025

• keycloak-core:26.1.5 references SystemPropertiesJsonParserFactory but keycloak-util is no longer published

  #40682 closed Jun 24, 2025

• keycloak-core 26.1.5 has stale internal references of SystemPropertiesJsonParserFactory

  #40681 closed Jun 24, 2025

• Account UI goBack link doesn't render when referrer query string is set

  #40303 closed Jun 24, 2025

• Group name input allows XSS via script tags in Keycloak 26.2.4

  #40350 closed Jun 24, 2025

• Disconnection issue when using O365 as IDP and multiple microsoft accounts

  #39952 closed Jun 24, 2025

• Account UI e2e tests do not run in CI

  #40498 closed Jun 24, 2025

• Reading secret from file vault not working

  #40652 closed Jun 23, 2025

• Keycloak returns incorrect `acr` claim value after `CONFIGURE_TOTP` execution

  #40391 closed Jun 23, 2025

• Can't implement custom TokenExchangeProvider

  #40264 closed Jun 23, 2025

• Unrecognized field "adminPermissionsClient"

  #39414 closed Jun 23, 2025

• NPE when no subject_issuer is used for token exchange

  #34869 closed Jun 23, 2025

• Admin-ui seems to be missing `url`

  #40650 closed Jun 21, 2025

• Nightly build shows outdated information on the Keycloak website

  #40542 closed Jun 21, 2025

• Update code ownership for UI code

  #40576 closed Jun 21, 2025

• Configuring category-specific log levels dont work

  #40648 closed Jun 21, 2025

• Update documentation about volatile sessions

  #40639 closed Jun 20, 2025

• Clarify OpenShift v4 Identity Provider instructions

  #40487 closed Jun 20, 2025

• [docs] fix spelling error in hostname.adoc

  #40641 closed Jun 20, 2025

• "Keycloak Authorization Not Enforced in External Applications (Salesforce, O365, Workday)"

  #40614 closed Jun 20, 2025

• kc.sh import not working

  #40295 closed Jun 20, 2025

• Google token exchange not working since not able to fetch user info for id token

  #38147 closed Jun 20, 2025

• UI Customization missing footer example

  #40596 closed Jun 19, 2025

• Negative expiration for token exchange using an offline session

  #40611 closed Jun 19, 2025

• Copy restored maven repo to home folder in Windows

  #40593 closed Jun 19, 2025

• Custom TrustStore is not loaded correctly by Keycloak

  #40527 closed Jun 19, 2025

• Quarkus devtools dependencies in 26.2.x

  #39227 closed Jun 19, 2025

• DefaultLazyLoader is not thread safe, but is used in a shared instance of CachedRealm

  #40531 closed Jun 18, 2025

• Make UPDATE_TIME unique for MIGRATION_MODEL table

  #40088 closed Jun 18, 2025

• Extend upgrading guide for OTP device has a unique label

  #40445 closed Jun 18, 2025

• Webauthn policy data resets to previous state after binding flow

  #40284 closed Jun 18, 2025

• Disable Windows C/D drive optimization

  #40583 closed Jun 18, 2025

• Add missing translations in email and account theme for Polish lang

  #40579 closed Jun 18, 2025

• When redirecting old resource versions, keep query parameters

  #40489 closed Jun 18, 2025

• Rewrite release notes to market the new features

  #40547 closed Jun 18, 2025

• Crash when specifying an incorrect LDAP DN

  #39875 closed Jun 18, 2025

• Synchronization of Polish language in login template

  #40566 closed Jun 18, 2025

• Add clarifying language around jgroups failure detection ports

  #40564 closed Jun 18, 2025

• Brute force detection permanent lockout flag not shown for users auto-unlocked after temporary lockout

  #40159 closed Jun 18, 2025

• Federated user IDs are not correctly evicted from cache

  #40085 closed Jun 17, 2025

• Account v1 Applications page get error

  #40545 closed Jun 17, 2025

• Some requests to admin/ui fail with status 500

  #40249 closed Jun 17, 2025

• Docs: upgrading/topics/changes/changes-26_0_0.adoc

  #39932 closed Jun 17, 2025

• Federation unlink failure message contains double single quotes

  #40479 closed Jun 17, 2025

• WebAuthn Passwordless Policy Timeout Field Causes Syntax Error When Value Exceeds 1000 Seconds Due to Locale-Specific Number Formatting in FTL Generated JavaScript

  #40474 closed Jun 17, 2025

• USER_SESSION_NOT_FOUND during token validation with valid access token

  #39958 closed Jun 17, 2025

• "Confidential Client" Client Policy Improperly Defined

  #40170 closed Jun 17, 2025

• Labeler fails to set version of parent issue

  #40365 closed Jun 17, 2025

• Upgrade webauthn4j to a newer version

  #40023 closed Jun 17, 2025

• Allow Keycloak operator to parameterize the Service annotations and labels

  #23283 closed Jun 17, 2025

• Multiple QuarkusJpaUpdaterProvider calls during boot

  #40408 closed Jun 17, 2025

• Missing adjustment about offline session caches for volatile sessions

  #40483 closed Jun 17, 2025

• Clarify FIPS instructions

  #40533 closed Jun 17, 2025

• Symbolic link creation fails on Windows CI

  #40543 closed Jun 17, 2025

• Theme SPI config values do not resolve correctly

  #40535 closed Jun 16, 2025

• `UserStorageManager.getUserById` called multiple times on `POST /realms/{realm}/protocol/{protocol}/token`

  #40213 closed Jun 16, 2025

• Unable to retrieve `attributes` with organization get members endpoint

  #40438 closed Jun 16, 2025

• Snyk "latest release branch" confused by extra release branches

  #39626 closed Jun 16, 2025

• Self-service option to reset OTP only

  #40513 closed Jun 16, 2025

• add (ky )kyrgyz language support

  #40448 closed Jun 16, 2025

• On change of language, confirmation is shown in old language

  #40494 closed Jun 16, 2025

• Authentication flows documentation should match new GUI

  #40514 closed Jun 16, 2025

• [Keycloak-Operator]: Rolling Updates -- Strategy=Auto, operator error keycloak-update-job is invalid -- Strategy=Explicit, operator always replaces

  #40360 closed Jun 16, 2025

• Flaky test: org.keycloak.testsuite.model.session.OfflineSessionPersistenceTest#testPersistenceMultipleNodesClientSessionsAtRandomNode

  #39429 closed Jun 16, 2025

• Default to num_owners=2 when the persistent-user-sessions feature is disabled

  #40472 closed Jun 16, 2025

• Realm default-settings overridding manipulated values

  #40506 closed Jun 16, 2025

• Upgrade from 24.0.5 to higer version failes with ERROR: rel ation "org" already exists

  #34499 closed Jun 16, 2025

• Missing AuthenticationFlowException handling in registration endpoint

  #37738 closed Jun 16, 2025

• The Polish translation is missing a comma

  #40485 closed Jun 13, 2025

• Link to dynamic client registration section is broken in docs

  #40444 closed Jun 13, 2025

• Create a POC of running 2 containers in the new testsuite

  #39962 closed Jun 13, 2025

• Configurable probes in the Operator

  #21995 closed Jun 13, 2025

• Optimized startup fails from `kc.spi-connections-http-client-default-expect-continue-enabled` passed at runtime

  #39063 closed Jun 13, 2025

• While adding User Attribute Mapper configuration is displayed repeatedly multiple times

  #40468 closed Jun 13, 2025

• Enhance mapping from env variables to wildcards

  #38259 closed Jun 13, 2025

• ClearExpiredUserSessions task ignores client-specific idle timeout value

  #39829 closed Jun 12, 2025

• Missing highlighting of deprecated and disabled-by-default features

  #40423 closed Jun 12, 2025

• Compilation error in AbstractWebAuthnAccountTest

  #40451 closed Jun 12, 2025

• Add webauthn and recovery-codes to the default authentication flows

  #39998 closed Jun 12, 2025

• Name for OTP device should be unique

  #38465 closed Jun 12, 2025

• Add templates for release notes and migration guide

  #40441 closed Jun 12, 2025

• Add link to OIDC Discovery Spec in the documentation of the certs endpoint

  #40440 closed Jun 12, 2025

• Passkey "Avoid same authenticator registration" doesn't work

  #27945 closed Jun 12, 2025

• Resort release notes for KC 26.3

  #40422 closed Jun 12, 2025

• Update documentation

  #40001 closed Jun 12, 2025

• Accessing User Events tab for an inactive user (has no events yet) causes a full table scan on `event_entity` table

  #37943 closed Jun 12, 2025

• Error when requesting token inspection for a access token requested by a offline token

  #39599 closed Jun 11, 2025

• Update links specs in OIDC guide

  #40419 closed Jun 11, 2025

• PropertyMapper validation should run with PropertyMappingInterceptor enabled

  #40095 closed Jun 11, 2025

• /admin/realms/{realm}/groups endpoint is slow in v26.2.4 with around 15k groups

  #40242 closed Jun 11, 2025

• Client Registration with fake scope

  #40187 closed Jun 11, 2025

• Create a POC of running 2 containers in Arquillian testsuite

  #39963 closed Jun 11, 2025

• Could not update user profile settings with newly defined role

  #40259 closed Jun 11, 2025

• Outdated information in HA Keycloak deployment

  #40375 closed Jun 11, 2025

• Failing WebAuthn IT (chrome) / WebAuthnSigningInTest.passwordlessWebAuthnTest

  #40402 closed Jun 11, 2025

• Redirect request from wrong version to the right version

  #39723 closed Jun 11, 2025

• MigrationModel duplicate entry on Recreate Upgrade in Cluster with 2+ nodes

  #39866 closed Jun 11, 2025

• Transparent filter panel in Admin > Events > Search events form

  #40135 closed Jun 11, 2025

• Allow private IP address as host in dev deployments

  #40356 closed Jun 11, 2025

• Query when searching exact attribute values does not use index. Result: slow search.

  #37607 closed Jun 11, 2025

• Error creating user in Windows Active Directory over LDAP

  #40096 closed Jun 10, 2025

• LDAP: error code 19 - pwdChangedTime: no user modification allowed

  #40270 closed Jun 10, 2025

• Pin Snyk action to latest commit hash

  #40380 closed Jun 10, 2025

183 Issues opened by 100 people

• Show KC version info in footer of all web UI pages

  #41077 opened Jul 10, 2025

• Navigating group breadcrumb is not reflected in group navigation tree/browser

  #41076 opened Jul 10, 2025

• Admin Console: Creating a child group reverts tree navigation to root

  #41075 opened Jul 10, 2025

• Import client sessions into Infinispan concurrently

  #41074 opened Jul 10, 2025

• `Extend to children` for group policy does not work correctly with FGAP

  #41073 opened Jul 10, 2025

• In (realm) role details, add tab "Assigned to groups"

  #41072 opened Jul 10, 2025

• Admin Console: Assign attribute/property or perform action on multiple, filtered list items

  #41071 opened Jul 10, 2025

• Admin Console: Add to all lists features like sorting, attribute/property columns management & filtering

  #41070 opened Jul 10, 2025

• Built-in Webhook Support for Keycloak Events

  #41065 opened Jul 10, 2025

• Reduce the time it takes to migrate tests to the new framework

  #41064 opened Jul 10, 2025

• DOC: Partial import/export insufficiently documented

  #41061 opened Jul 10, 2025

• Some executions don't show up in the execution menu

  #41060 opened Jul 10, 2025

• Enhance migration utility

  #41058 opened Jul 10, 2025

• Add native hCaptcha support as an alternative to reCAPTCHA

  #41057 opened Jul 10, 2025

• Backport the release related fixes to Keycloak main

  #41052 opened Jul 10, 2025

• 502 Error from Keycloak

  #41050 opened Jul 10, 2025

• Lack of coordination in database creation in 26.3.0 causes deployment failures

  #41048 opened Jul 10, 2025

• Update email feature only enabled if the required action is enabled at the realm

  #41045 opened Jul 9, 2025

• Federated users incorrectly listed on first load due to uninitialized userProfileProvidersEnabled

  #41044 opened Jul 9, 2025

• Able to create a client without entering Client ID

  #41041 opened Jul 9, 2025

• WebAuthN Setup: OperationError: A request is already pending.

  #41037 opened Jul 9, 2025

• Skip update email required action if email attriute is not writable

  #41035 opened Jul 9, 2025

• Policy implementation in OpenId Federation

  #41033 opened Jul 9, 2025

• Unused value in JpaUserFederatedStorageProvider. SAST

  #41032 opened Jul 9, 2025

• [OID4VCI] Determine algorithms for credential_response_encryption

  #41031 opened Jul 9, 2025

• DOC: 'Running Keycloak in a Container' inconsistent

  #41029 opened Jul 9, 2025

• Can't send e-mails to international e-mail addresses: bad UTF-8 syntax

  #41023 opened Jul 9, 2025

• Allow Features to declare that they support Rolling upgrades

  #41022 opened Jul 9, 2025

• Validate session session timeout and lifetime settings on edit

  #41019 opened Jul 9, 2025

• Flaky test: org.keycloak.testsuite.cluster.ClientInvalidationClusterTest#crudWithFailover

  #41018 opened Jul 9, 2025

• Operator auto update hash

  #41014 opened Jul 8, 2025

• Legacy format of build-time spi options

  #41010 opened Jul 8, 2025

• Missing signing with passkeys feature when FORCED_REAUTHENTICATION = true

  #41008 opened Jul 8, 2025

• Including OTLP headers for authorization

  #41007 opened Jul 8, 2025

• Micrometer to OpenTelemetry bridge for metrics

  #41006 opened Jul 8, 2025

• Possibility to list only requested configuration options for CLI help

  #41003 opened Jul 8, 2025

• Liquibase in Kubernetes with separate Job

  #41002 opened Jul 8, 2025

• Wildcard mappers should be implicitly handled and value propagated

  #40997 opened Jul 8, 2025

• LDAP / ModelException: At least one condition should be provided to OR query

  #40995 opened Jul 8, 2025

• Improve handling of enum types for Keycloak options

  #40993 opened Jul 8, 2025

• Fallback to English translations for unknown locale despite German being the realm default

  #40990 opened Jul 8, 2025

• Passkeys Enhancements

  #40988 opened Jul 8, 2025

• Remove options `cache-embedded-offline-sessions-max-count` and `cache-embedded-offline-client-sessions-max-count`

  #40981 opened Jul 7, 2025

• Can't update security-admin-console via admin UI with volatile sessions

  #40980 opened Jul 7, 2025

• Loglevel recorded from build phase

  #40977 opened Jul 7, 2025

• Remove deprecated method ConsentScopeRepresentation.getDisplayTest

  #40973 opened Jul 7, 2025

• Ambiguous translation entries returned for locale with realm overrides (unexpected parent locale behavior)

  #40967 opened Jul 7, 2025

• Create mixed cluster tests with state-transfter for OIDC flows

  #40960 opened Jul 7, 2025

• Update "Enabling and disabling features" documentation

  #40959 opened Jul 7, 2025

• Intermittent failure with HTTP POST /acs/resources/token due to the Authorization code was already used in another session in Keycloak

  #40956 opened Jul 7, 2025

• TiDB friendly MySQL Liquibase migration statements please

  #40947 opened Jul 6, 2025

• Unclear documentation for setting management server as http when main server is https

  #40945 opened Jul 6, 2025

• [Possible issue] Error 403 while attempting to add role to new realm

  #40944 opened Jul 5, 2025

• Liquibase driver broken in KC 26.3.0

  #40934 opened Jul 4, 2025

• Allow configure encryption details for SAML clients

  #40933 opened Jul 4, 2025

• Duplicates in unmanaged attributes

  #40929 opened Jul 4, 2025

• Compliant with RFC8414, return server metadata at /.well-known/oauth-authorization-server/realms/{realm}

  #40923 opened Jul 4, 2025

• Using organization uuid instead of group uuid in FGAP should fail

  #40921 opened Jul 4, 2025

• OpenID Federation OP with Automatic Registration

  #40920 opened Jul 4, 2025

• Verification of external token: twitter

  #40919 opened Jul 4, 2025

• Verification of external token: stackoverflow

  #40918 opened Jul 4, 2025

• Verification of external token: paypal

  #40917 opened Jul 4, 2025

• Verification of external token: openshift4

  #40916 opened Jul 4, 2025

• Verification of external token: microsoft

  #40915 opened Jul 4, 2025

• Verification of external token: linkedin

  #40914 opened Jul 4, 2025

• Verification of external token: gitlab

  #40913 opened Jul 4, 2025

• Verification of external token: bitbucket

  #40912 opened Jul 4, 2025

• Checking if client is allowed to exchange given subject_token issued by the IDP

  #40911 opened Jul 4, 2025

• Changed username on brokered system results in foreign key constraint violation

  #40907 opened Jul 3, 2025

• More fully document operator upgrade scenarios, in particular with custom images

  #40902 opened Jul 3, 2025

• Correct ten-year-old "autheticatorFlow" misspelling

  #40901 opened Jul 3, 2025

• Doublecheck event details during external-internal token exchange

  #40900 opened Jul 3, 2025

• Issuing the internal token during external-internal token exchange

  #40897 opened Jul 3, 2025

• Avoid creating user session during external-internal token exchange

  #40896 opened Jul 3, 2025

• Make sure user is not created during external-internal token exchange

  #40895 opened Jul 3, 2025

• shibmd:Scope in realm's SAML idp metadata

  #40892 opened Jul 3, 2025

• Fresh sessions created from action token handlers don't include state

  #40886 opened Jul 3, 2025

• Utilise --cache-embedded-network-bind-address in the Operator

  #40884 opened Jul 3, 2025

• Improve memory footprint of single file realm import

  #40875 opened Jul 2, 2025

• Update code and documentation for import of a new realm

  #40874 opened Jul 2, 2025

• Better document property mapping

  #40872 opened Jul 2, 2025

• Keycloak 500 internal server error

  #40866 opened Jul 2, 2025

• Unbounded login_hint Parameter Can Corrupt KC_RESTART Cookie and Break Login Flow

  #40857 opened Jul 2, 2025

• External-internal token exchange independent from FGAP v1

  #40855 opened Jul 2, 2025

• Dereference after null check

  #40853 opened Jul 2, 2025

• Admin and User event configuration representation incomplete, leading to two chained calls to update realm

  #40843 opened Jul 1, 2025

• REST API - /identity-provider/instances - offers no attribute "displayOrder"

  #40842 opened Jul 1, 2025

• Action Token Key

  #40841 opened Jul 1, 2025

• Cannot register passkey as first 2FA credential. (Continuation)

  #40837 opened Jul 1, 2025

• Improvements to how the IDP is identified from the external `subject_token`

  #40832 opened Jul 1, 2025

• Dereference of null in PersistentAuthenticatedClientSessionAdapter. SAST

  #40826 opened Jul 1, 2025

• Back port changes from release/26.3 branch related to Maven Central Publish Portal validation

  #40825 opened Jul 1, 2025

• referrerUrl in account-ui escapes query parameters incorrectly

  #40821 opened Jul 1, 2025

• Identity provider links list is limited to 100 entries for a user in the admin UI

  #40818 opened Jul 1, 2025

• DeclarativeUserProfileProvider#setConfiguration picks wrong component when multiple UserProfileProvider implementations exist

  #40817 opened Jul 1, 2025

• Provide a way to add custom labels to Realm Import job of Keycloak operator

  #40799 opened Jun 30, 2025

• Review remaining considerations around whether import needs to be performed with the cluster shutdown

  #40798 opened Jun 30, 2025

• Provide message as json instead of a text blob when loggin LOGIN, LOGOUT and similar events, when logformat is set to ECS or json

  #40796 opened Jun 30, 2025

• Realm search in Manage-Realms view should also include display-name

  #40793 opened Jun 30, 2025

• Custom scope display name not shown in Account UI

  #40788 opened Jun 30, 2025

• Default jdbc-ping cluster setup for distributed caches fails in Oracle

  #40784 opened Jun 30, 2025

• Flaky test: org.keycloak.testsuite.cluster.RealmInvalidationClusterTest#crudWithFailover

  #40782 opened Jun 30, 2025

• User got error in Keycloak 22.x "We are sorry... Login timeout. Please sign in again"

  #40775 opened Jun 29, 2025

• Support IdP Login Option in WebAuthn Passwordless Authenticator Page

  #40770 opened Jun 28, 2025

• Change naming for disabling additional datasource

  #40761 opened Jun 27, 2025

• Wrong dependency registering in the testsuite

  #40756 opened Jun 27, 2025

• Resource leak: FileInputStream in Util.readProperties(File) is never closed .SAST

  #40753 opened Jun 27, 2025

• explicit registration with Trust Chain in a OpenID Federation OP

  #40748 opened Jun 27, 2025

• Misconfigured Reset Credentials Flow allows immediate passwordless access

  #40744 opened Jun 26, 2025

• CVE-2025-49574 - Exposure of Resource to Wrong Sphere vulnerability in io.vertx:vertx-core

  #40736 opened Jun 26, 2025

• Help needed to access SSO within Keycloak

  #40731 opened Jun 26, 2025

• Authorization -> Evaluate: always returns "No search results"

  #40712 opened Jun 25, 2025

• Mention SHA1 is deprecated in the documentation

  #40706 opened Jun 25, 2025

• Internal to external token exchange

  #40704 opened Jun 25, 2025

• Remove the current conditionalUI authenticator

  #40696 opened Jun 24, 2025

• Concurrent requests to /admin/realms/{}/users/{} can return a user as disabled.

  #40689 opened Jun 24, 2025

• Remove workaround for PostgreSQL and Liquibase

  #40687 opened Jun 24, 2025

• Keycloak JS CI - Admin UI - Firefox e2e tests failure

  #40684 opened Jun 24, 2025

• Remove workaround for handling Syslog counting framing

  #40683 opened Jun 24, 2025

• Inconsistency between UserModel.isMemberOf and RoleUtils.isMember (with LDAP involved)

  #40680 opened Jun 24, 2025

• Redundant null checks - operator new. SAST

  #40677 opened Jun 24, 2025

• Support synchronization of LDAP groups with the same cn but different parent OUs

  #40675 opened Jun 24, 2025

• Incorrect types of collection arguments in CustomLockService. SAST

  #40666 opened Jun 23, 2025

• KeycloakServerConfigBuilder - add -D property values into the startup

  #40665 opened Jun 23, 2025

• Resources leak. SAST

  #40660 opened Jun 23, 2025

• Possible Dereference of Null. SAST

  #40659 opened Jun 23, 2025

• Organizations Authenticator : public IDP not displayed when user not existing and matching domain

  #40649 opened Jun 21, 2025

• Hide client secret from clients admin API

  #40646 opened Jun 20, 2025

• Use localtest.me instead of nip.io

  #40645 opened Jun 20, 2025

• Choose User step in the Reset Password flow is not allowing to change the user

  #40643 opened Jun 20, 2025

• Unusable (Dead) local storage. SAST

  #40635 opened Jun 20, 2025

• Provide a docker image with krb-workstation installed

  #40634 opened Jun 20, 2025

• Revoke previous action tokens for forgot password action

  #40631 opened Jun 20, 2025

• Double check when working with multithreading. SAST

  #40630 opened Jun 20, 2025

• Signs of fall-through behavior. SAST

  #40629 opened Jun 20, 2025

• Static‑resource handler falls back to i18n JSON on unknown extensions under /resources/{realm}/admin, exposing translation bundle

  #40622 opened Jun 19, 2025

• When editing protocol mappers, shows required properties

  #40619 opened Jun 19, 2025

• Make protocol mapper name editable

  #40617 opened Jun 19, 2025

• Issue: Unable to Restrict Client Login by Role — All Users Can Authenticate

  #40616 opened Jun 19, 2025

• Fetch error occurs on "Associated roles" tab for admin role

  #40613 opened Jun 19, 2025

• Exact searches should be the default when querying user by attributes in LDAP

  #40609 opened Jun 19, 2025

• Account UI reports "Something went wrong" if user doesn't have permissions to view applications

  #40603 opened Jun 18, 2025

• Account UI reports "Something went wrong" when opening an unknown path

  #40602 opened Jun 18, 2025

• Customization of the Account UI via `content.json` is missing in the docs

  #40600 opened Jun 18, 2025

• Upgrade to the Quarkus 3.24.2 version

  #40592 opened Jun 18, 2025

• Upgrade to the next Quarkus 3.20.x patch release

  #40591 opened Jun 18, 2025

• Missing Security Headers in Keycloak Server

  #40589 opened Jun 18, 2025

• Manage Organization Roles

  #40585 opened Jun 18, 2025

• Redundant null-checks in PolicyAdapter. SAST

  #40578 opened Jun 18, 2025

• Unable to guarantee stable LDAP sync period in clustered environment

  #40563 opened Jun 17, 2025

• User attributes should not be editable for user that does not have manage-users role

  #40559 opened Jun 17, 2025

• Uploading JSON import in UI causes extreme lag or entirely unresponsive page since 26.1

  #40557 opened Jun 17, 2025

• An error is displayed whenever you try to duplicate a group.

  #40556 opened Jun 17, 2025

• [OAuth2.0 - Dynamic Client Registration] Add support for Software Statements

  #40555 opened Jun 17, 2025

• Upgrade org.postgresql:postgresql to version 42.7.7 to address CVE-2025-49146

  #40553 opened Jun 17, 2025

• Unreachable Code In IdentityBrokerService

  #40548 opened Jun 17, 2025

• ENTITY_STATEMENT as TokenCategory for EntityStatement entity in Openid Federation and configuration

  #40546 opened Jun 17, 2025

• 26.2.5 Version missing on npmjs site for keycloak-js

  #40523 opened Jun 16, 2025

• Edit identity provider: alias lost its greyed out design

  #40521 opened Jun 16, 2025

• Selecting a federation using federationLink when creating a user

  #40519 opened Jun 16, 2025

• keycloak26 import users

  #40518 opened Jun 16, 2025

• Support for different key uses by authentication protocol

  #40515 opened Jun 16, 2025

• OpenID Federation RP with explicit registration

  #40512 opened Jun 16, 2025

• OpenID Federation OP with explicit registration

  #40511 opened Jun 16, 2025

• Organization flow do not redirect when credentials exist

  #40510 opened Jun 16, 2025

• OpenID Federation implementation

  #40509 opened Jun 16, 2025

• keycloak/keycloak terraform openid audience protocol mapper -- error.

  #40480 opened Jun 13, 2025

• 'UPDATE_PASSWORD_ERROR' event not recorded on failed OTP setup

  #40478 opened Jun 13, 2025

• Consistent Handling of User Attributes in Query Methods

  #40470 opened Jun 13, 2025

• Display the time of the last use of a credential for a user

  #40466 opened Jun 12, 2025

• Improve extensibility of custom AccountConsole endpoint handling

  #40464 opened Jun 12, 2025

• Login to Account Console produces two consecutive LOGIN events

  #40463 opened Jun 12, 2025

• Account UI ignores identity provider display order

  #40461 opened Jun 12, 2025

• keycloak-admin-client: authenticationManagement.getRequiredActions should allowed passing realm parameter

  #40453 opened Jun 12, 2025

• Ability to disable creation of default resource, policy and permission for new clients

  #40447 opened Jun 12, 2025

• Identity provider with FORCE sync mode does not detect email deletion

  #40434 opened Jun 12, 2025

• Can't update authentication flow

  #40420 opened Jun 11, 2025

• Create ServiceMonitor via KC Operator

  #40406 opened Jun 11, 2025

• Produce 'Logout' event in event listener provider when 'SSO Session Max' is reached

  #40403 opened Jun 11, 2025

• Invalid OpenAPI spec for Admin REST

  #40400 opened Jun 11, 2025

• ModelDuplicateException on next login after deleting an account and back-channel logout

  #40398 opened Jun 11, 2025

• Write documentation for additional datasources

  #40388 opened Jun 10, 2025

• Improve management of additional datasources

  #40387 opened Jun 10, 2025

176 Unresolved conversations

Sometimes conversations happen on old items that aren’t yet closed. Here is a list of all the Issues and Pull Requests with unresolved conversations.

• Adds a KeycloakMdcLogFilter and MdcDefinitionSpi.

  #39815 commented on Jul 3, 2025 • 37 new comments

• Make bootstrap admins temporary conditionally

  #40309 commented on Jun 18, 2025 • 16 new comments

• Move UserTest.java to the new testsuite

  #39805 commented on Jun 24, 2025 • 10 new comments

• [OID4VCI] Limiting Client capabilities to OpenID Connect or OpenID4VCI

  #39385 commented on Jul 10, 2025 • 6 new comments

• Move PartialImportTest.java to the new testsuite

  #40279 commented on Jul 10, 2025 • 5 new comments

• Migrate FineGrainAdminUnitTest.java to the new testsuite

  #40269 commented on Jul 10, 2025 • 4 new comments

• Move UserStorageRestTest.java to the new testsuite

  #40285 commented on Jul 10, 2025 • 3 new comments

• Move IllegalAdminUpgradeTest.java to the new testsuite

  #40282 commented on Jul 10, 2025 • 3 new comments

• [Test framework] ConcurrencyTest migration

  #37982 commented on Jul 10, 2025 • 2 new comments

• Username to be displayed instead of user id with clickable link

  #39640 commented on Jun 23, 2025 • 1 new comment

• Add Swagger UI capability when running in dev mode + OpenAPI YAML/JSON

  #39834 commented on Jul 9, 2025 • 1 new comment

• Managing members from LDAP

  #37401 commented on Jul 7, 2025 • 0 new comments

• SCIM support

  #13484 commented on Jul 5, 2025 • 0 new comments

• External to internal token exchange

  #38335 commented on Jul 4, 2025 • 0 new comments

• "linked-accounts" endpoint displays all Identity providers

  #19732 commented on Jul 3, 2025 • 0 new comments

• Vert.x thread slow / stuck

  #40225 commented on Jul 3, 2025 • 0 new comments

• Set `automountServiceAccountToken: false` on Keycloak pods

  #38843 commented on Jul 3, 2025 • 0 new comments

• processGrantRequest taking upwards of 8s to run

  #38780 commented on Jul 3, 2025 • 0 new comments

• Add link to clients in UsedBy hint for auth-flows listing in admin ui

  #40211 commented on Jul 2, 2025 • 0 new comments

• Test migration utility

  #37283 commented on Jun 28, 2025 • 0 new comments

• Trusted Host don't set CORS headers in OIDC Client Registration

  #39629 commented on Jul 7, 2025 • 0 new comments

• Update docs how to verify that a cluster has formed

  #40296 commented on Jul 7, 2025 • 0 new comments

• Make forwarding of acr_values configurable for IdPs

  #39813 commented on Jul 7, 2025 • 0 new comments

• User enumeration prevention

  #29346 commented on Jul 8, 2025 • 0 new comments

• Run unit tests as part of Java Distribution IT

  #16039 commented on Jul 8, 2025 • 0 new comments

• Enforce commits to be linked to issues

  #33340 commented on Jul 8, 2025 • 0 new comments

• Enable unit tests for Java Distribution testing

  #33510 commented on Jul 8, 2025 • 0 new comments

• Compatibility profiles

  #35650 commented on Jul 8, 2025 • 0 new comments

• Enable branding without code changes

  #34244 commented on Jul 8, 2025 • 0 new comments

• Improve WebAuthn tests documentation

  #10696 commented on Jul 8, 2025 • 0 new comments

• Wrap-up Weblate translations for Keycloak 26.3 release

  #40324 commented on Jul 8, 2025 • 0 new comments

• Issues related to reset credentials flow

  #39447 commented on Jun 30, 2025 • 0 new comments

• The `Redirect URI` field on the broker settings it not based on the front-end URL set to the realm but to the master realm

  #38826 commented on Jun 30, 2025 • 0 new comments

• Manage-membership is not sufficient to add a user to a group

  #38889 commented on Jun 30, 2025 • 0 new comments

• Update MariaDB connector to 3.5.3

  #39634 commented on Jun 30, 2025 • 0 new comments

• Deprecate or remove SHA1 support

  #32897 commented on Jun 30, 2025 • 0 new comments

• Passkeys get not saved on Android devices

  #32816 commented on Jun 30, 2025 • 0 new comments

• Add mutable AuthnContextClassRef for SAML adapter

  #22677 commented on Jun 30, 2025 • 0 new comments

• Hide realm from endpoints, JWT issuer, URLs advertised in the well-known endpoint etc.

  #12122 commented on Jul 1, 2025 • 0 new comments

• Memory leak with v26.0.2 ?

  #34397 commented on Jul 1, 2025 • 0 new comments

• Organizations are not present in JSON realm export

  #39334 commented on Jul 1, 2025 • 0 new comments

• Analyse the impact of the `podTemplate` field removal

  #40184 commented on Jul 1, 2025 • 0 new comments

• Keycloak Organizations

  #30180 commented on Jul 1, 2025 • 0 new comments

• IdP redirect fails when user belongs to multiple organizations with organization:* scope

  #39864 commented on Jul 1, 2025 • 0 new comments

• Client-initiated account linking fails when user already has a federated identity

  #35059 commented on Jul 1, 2025 • 0 new comments

• Expand operator caching spec

  #30217 commented on Jul 1, 2025 • 0 new comments

• External IDP tokens are not refreshed automatically for OAuth2 & OIDC IDPs when retrieving the external token

  #14644 commented on Jul 2, 2025 • 0 new comments

• Defects Identified by Static Analysis

  #40087 commented on Jul 2, 2025 • 0 new comments

• [PERF] Property mappers initialization

  #33955 commented on Jul 2, 2025 • 0 new comments

• [PERF] Parse default ISPN configuration in the build time

  #24246 commented on Jul 2, 2025 • 0 new comments

• Add ability to inspect generated SAML response for SAML Clients

  #30396 commented on Jul 9, 2025 • 0 new comments

• Add FAPI 2.0 + DPoP security profile as default profile of client policies

  #35443 commented on Jun 26, 2025 • 0 new comments

• Add support for RFC 8707 OAuth2 Resource Indicators (#14355)

  #35711 commented on Jun 27, 2025 • 0 new comments

• Fixed alternative flow execution

  #36082 commented on Jun 13, 2025 • 0 new comments

• Add permissive mode for client policy

  #38525 commented on Jul 1, 2025 • 0 new comments

• fix: WebAuthNPasswordless authenticator is incorrectly sorted after all other authenticators in alternative flows

  #39081 commented on Jul 10, 2025 • 0 new comments

• Fix: Make ReadOnly non-editable when set to TRUE

  #39171 commented on Jun 25, 2025 • 0 new comments

• Add support for looking up client secrets via Vault SPI

  #39650 commented on Jun 11, 2025 • 0 new comments

• OpenTelemetry Tracing: Visualize JGroups communication

  #39659 commented on Jun 12, 2025 • 0 new comments

• Add IdP configuration to disable forwarding of the acr_values parameter

  #39814 commented on Jul 9, 2025 • 0 new comments

• Implemented OIDC Prefixed User Attribute Mapper

  #39930 commented on Jul 6, 2025 • 0 new comments

• Resolve home organization when requesting the scope for all organizations

  #39977 commented on Jul 10, 2025 • 0 new comments

• fix: adding mechanisms for an http health check

  #40044 commented on Jul 8, 2025 • 0 new comments

• feat: More flexible TOTP QR codes (#40091)

  #40092 commented on Jun 10, 2025 • 0 new comments

• make account use the ErrorBoundary

  #40141 commented on Jun 16, 2025 • 0 new comments

• Migrate IdentityProviderTest.java to the new testsuite

  #40193 commented on Jun 25, 2025 • 0 new comments

• Add generic update methods for builders

  #40312 commented on Jul 2, 2025 • 0 new comments

• MgmtPermissions.hasOneAdminRole causes NPE for token exchange request

  #40348 commented on Jun 12, 2025 • 0 new comments

• Pass IDP config values to themes

  #40373 commented on Jun 12, 2025 • 0 new comments

• Flaky test: org.keycloak.testsuite.cluster.PermissionTicketInvalidationClusterTest#crudWithFailover

  #39854 commented on Jul 8, 2025 • 0 new comments

• Picture of the token-exchange flow in the documentation

  #39881 commented on Jul 8, 2025 • 0 new comments

• Organization with Identity Provider allowing login with password

  #39033 commented on Jul 9, 2025 • 0 new comments

• Better handling of Rolling configuration updates

  #38862 commented on Jul 9, 2025 • 0 new comments

• Passkeys support

  #23656 commented on Jul 9, 2025 • 0 new comments

• [OID4VCI] Implementing support for OID4VCI ID2 Draft 15

  #39273 commented on Jul 9, 2025 • 0 new comments

• Refresh token issuer check configurable

  #26017 commented on Jul 9, 2025 • 0 new comments

• Improve operator user experience with customized operand images

  #34637 commented on Jul 9, 2025 • 0 new comments

• when it fails to export realm with docker container

  #33800 commented on Jul 9, 2025 • 0 new comments

• Make Update Email a supported feature

  #39722 commented on Jul 9, 2025 • 0 new comments

• Review and update the documentation regarding the UPDATE EMAIL feature

  #40226 commented on Jul 9, 2025 • 0 new comments

• Full avatar support

  #33718 commented on Jul 10, 2025 • 0 new comments

• Integrate support for Windows Integrated Security

  #35589 commented on Jul 10, 2025 • 0 new comments

• Allow ampersands in first and last names in the PersonNameProhibitedCharactersValidator class

  #37059 commented on Jul 10, 2025 • 0 new comments

• [keycloak-js] loginHint not working on "keycloak.login(options)"

  #12864 commented on Jul 10, 2025 • 0 new comments

• Brute force detection for client credentials (confidential clients)

  #30077 commented on Jul 10, 2025 • 0 new comments

• Mass User Actions and Default List Size

  #17738 commented on Jul 10, 2025 • 0 new comments

• hide scopes from scopes_supported in discovery endpoint

  #10409 commented on Jun 25, 2025 • 0 new comments

• Adding client_id as prefix in client roles mapper

  #25156 commented on Jul 6, 2025 • 0 new comments

• Add serviceaccount option on keycloak CR

  #28728 commented on Jun 12, 2025 • 0 new comments

• Improve multivalued tooltip for organization membership mapper

  #34164 commented on Jun 12, 2025 • 0 new comments

• Display transport media for WebAuthn authenticators in Account console

  #10063 commented on Jun 12, 2025 • 0 new comments

• [UX Review] Optimize the number box in the Time-policy creation page of client Authorization

  #17758 commented on Jun 12, 2025 • 0 new comments

• Remove unnecessary conditions from code

  #17770 commented on Jun 12, 2025 • 0 new comments

• Caught errors should have the correct type associated with them

  #17771 commented on Jun 12, 2025 • 0 new comments

• [UX Review] Optimize the initial page of Keys in OIDC client

  #17762 commented on Jun 12, 2025 • 0 new comments

• Replace `use-react-router-breadcrumbs` with React Router's implementation

  #19309 commented on Jun 12, 2025 • 0 new comments

• Execute action email link - direct to the action itself

  #25719 commented on Jun 12, 2025 • 0 new comments

• Use browser router instead of hash router for admin ui

  #32979 commented on Jun 12, 2025 • 0 new comments

• Organizations: Assign Identity Provider to more than one organization.

  #31705 commented on Jun 13, 2025 • 0 new comments

• Selecting value in combobox not default listed

  #40246 commented on Jun 13, 2025 • 0 new comments

• [OID4VCI] Return the new `invalid_nonce` error if proofs are invalid because of an invalid nonce

  #39292 commented on Jun 13, 2025 • 0 new comments

• Config option to specify the number of trusted proxies in proxy=edge mode

  #13261 commented on Jun 13, 2025 • 0 new comments

• Quarkus not respecting java.io.tmpdir due to wrong path determination order

  #37533 commented on Jun 13, 2025 • 0 new comments

• Allow the target attribute on <a> in the kcSanitize

  #28846 commented on Jun 16, 2025 • 0 new comments

• Automatically disable dormant users.

  #11800 commented on Jun 16, 2025 • 0 new comments

• Update `authentication_test.spec.ts` to take Organization related authentication steps into account

  #33077 commented on Jun 16, 2025 • 0 new comments

• Custom UI Tab Incorrectly Displayed Under Multiple Tabs

  #38078 commented on Jun 16, 2025 • 0 new comments

• multivaluedHelp text truncated

  #39750 commented on Jun 16, 2025 • 0 new comments

• [DPoP] Implementing DPoP nonce

  #39042 commented on Jun 17, 2025 • 0 new comments

• Keycloak tests framework - Invalid driver parameters with recent Chrome versions

  #40289 commented on Jun 17, 2025 • 0 new comments

• Deprecate the `podTemplate` field

  #40185 commented on Jun 10, 2025 • 0 new comments

• Admin API v2: Blueprint

  #39221 commented on Jun 10, 2025 • 0 new comments

• Allow custom labels on Operator Ingress

  #37363 commented on Jun 10, 2025 • 0 new comments

• Enhanced migration story

  #37356 commented on Jun 10, 2025 • 0 new comments

• DN validation of reverse proxy

  #35858 commented on Jun 10, 2025 • 0 new comments

• Add Client CR MVP

  #31300 commented on Jun 10, 2025 • 0 new comments

• Add basic smoke tests for Admin and Account consoles when running behind a proxy

  #30828 commented on Jun 10, 2025 • 0 new comments

• Harden configuration of default image coordinates when building the Operator

  #27733 commented on Jun 10, 2025 • 0 new comments

• Configurable transaction timeouts with categories

  #26889 commented on Jun 10, 2025 • 0 new comments

• Analyze possible improvements for startup time and after-start memory footprint

  #23730 commented on Jun 10, 2025 • 0 new comments

• Keycloak Installation in disconnected Environments fails

  #15562 commented on Jun 10, 2025 • 0 new comments

• Enhancements to logging config

  #10618 commented on Jun 10, 2025 • 0 new comments

• Support for DB tests with XA enabled

  #39192 commented on Jun 10, 2025 • 0 new comments

• "reset credentials" flow should not work if email is unverified (or set the user's email as verified automatically)

  #37410 commented on Jun 11, 2025 • 0 new comments

• [Login UI] Password Strength Indicator

  #23573 commented on Jun 11, 2025 • 0 new comments

• feat(metrics): add label `application` to metrics generated by `keycloak`

  #36280 commented on Jun 11, 2025 • 0 new comments

• Support for running Keycloak as a Windows Service

  #37704 commented on Jun 11, 2025 • 0 new comments

• Write a guide about starting the server as a systemd service

  #10357 commented on Jun 11, 2025 • 0 new comments

• Binary data stored in UiTabProvider ComponentModel is retrieved as corrupted String

  #39557 commented on Jun 11, 2025 • 0 new comments

• [FGAP] Add map-roles-members scope to group resource type

  #38806 commented on Jun 12, 2025 • 0 new comments

• Built-in authentication flows are not updated for KC 26

  #36593 commented on Jun 12, 2025 • 0 new comments

• Allow JSON logging exception output type

  #17410 commented on Jun 12, 2025 • 0 new comments

• Read secrets from files

  #10816 commented on Jun 24, 2025 • 0 new comments

• [OID4VCI] Return `credential_identifiers` in the Token Response as per the spec and enable later use in the Credential Request

  #39279 commented on Jun 24, 2025 • 0 new comments

• Support for subgroups when evaluating permissions for the parent group

  #38696 commented on Jun 24, 2025 • 0 new comments

• Forbidden message if there are no any required roles in Admin Console

  #40255 commented on Jun 25, 2025 • 0 new comments

• Filter out users based on the permissions when listing users in roles

  #40200 commented on Jun 25, 2025 • 0 new comments

• Add option "Requires short state parameter" to OIDC IDP

  #40237 commented on Jun 25, 2025 • 0 new comments

• Extend validation in admin endpoints

  #26731 commented on Jun 25, 2025 • 0 new comments

• Move to single approach for setting `Robots` specifications: prefer `X-Robots-Tag` header to `<meta>` tags

  #34206 commented on Jun 25, 2025 • 0 new comments

• Add a mapper to manage accountExpires attribute in AD

  #36702 commented on Jun 25, 2025 • 0 new comments

• Align JwtClient authentication with latest OIDC spec updates

  #38751 commented on Jun 25, 2025 • 0 new comments

• Remove log4j 1.x usage

  #27932 commented on Jun 25, 2025 • 0 new comments

• Map iterators usage optimization. SAST

  #40064 commented on Jun 25, 2025 • 0 new comments

• Clone a realm through interface

  #24770 commented on Jun 25, 2025 • 0 new comments

• Allow LDAP redundancy when configuring multiple url's

  #31605 commented on Jun 25, 2025 • 0 new comments

• Gender mismatch in Spanish and Catalan string

  #40071 commented on Jun 26, 2025 • 0 new comments

• Disabling a User Does Not Remove Sessions, and User Deletion Does Not Trigger Logout Requests

  #37981 commented on Jun 26, 2025 • 0 new comments

• Zero-downtime Keycloak patch release upgrades for OpenID Connect interactions

  #38881 commented on Jun 26, 2025 • 0 new comments

• Disable OTP input field after multiple failed attempts

  #40266 commented on Jun 26, 2025 • 0 new comments

• Impersonate does not work with separate admin hostname

  #10655 commented on Jun 27, 2025 • 0 new comments

• Add filter to include/fill MDC with request specific data for json logging

  #39812 commented on Jun 27, 2025 • 0 new comments

• Review Content Security Policy (CSP)

  #16277 commented on Jun 27, 2025 • 0 new comments

• Support wildcard for port in redirect URI

  #39880 commented on Jun 28, 2025 • 0 new comments

• Allow setting the number of owners via a cache option

  #10875 commented on Jun 17, 2025 • 0 new comments

• Add support for `reencrypt` OpenShift Routes to the Operator

  #20128 commented on Jun 17, 2025 • 0 new comments

• No documentation how to clear caches via the Admin UI

  #40370 commented on Jun 17, 2025 • 0 new comments

• When click on the Help text for a profile attribute, HTML is not rendered

  #40247 commented on Jun 17, 2025 • 0 new comments

• Incorrect mapping of NameID in User Template Importer

  #40097 commented on Jun 17, 2025 • 0 new comments

• [Operator] Use TLS secret for Ingress

  #34777 commented on Jun 17, 2025 • 0 new comments

• Random but frequent duplicate key value violates unique constraint \"constraint_offl_us_ses_pk2\" errors

  #40374 commented on Jun 17, 2025 • 0 new comments

• group.spec.ts does not contain example of how to add attributes while creating groups

  #16947 commented on Jun 17, 2025 • 0 new comments

• OIDC Username Template Importer can clear username blocking any further action on user

  #40321 commented on Jun 18, 2025 • 0 new comments

• [OID4VCI] Understand key attestations as additional information to jwt proofs or as per new attestation proof type (for Key binding)

  #39287 commented on Jun 18, 2025 • 0 new comments

• High Availability guides should make distinction between single-site and multi-site deployments

  #30095 commented on Jun 18, 2025 • 0 new comments

• Registration not possible when using multiselect-checkboxes as required field

  #40174 commented on Jun 18, 2025 • 0 new comments

• Groups should be able to have multiple parents

  #11752 commented on Jun 19, 2025 • 0 new comments

• Missing fine-grained ability to grant permission to impersonate member of a specific role

  #40277 commented on Jun 19, 2025 • 0 new comments

• Export fails with an unexpected error if the realm does not exist

  #39122 commented on Jun 19, 2025 • 0 new comments

• Provide default krb5.conf in Docker image or extend migration docs

  #32527 commented on Jun 20, 2025 • 0 new comments

• Allow to map e-mail (as username) with "Username Template Importer" for SAML IDP

  #31985 commented on Jun 20, 2025 • 0 new comments

• Web Crypto API not available in `login-status-iframe.html` when using admin console from insecure context

  #37355 commented on Jun 20, 2025 • 0 new comments

• Admin console "Sessions" screen performance degradation when large number of sessions

  #38813 commented on Jun 23, 2025 • 0 new comments

• Realm session list doesn't show user sessions without a client session

  #38747 commented on Jun 23, 2025 • 0 new comments

• Flaky test: org.keycloak.testsuite.cluster.JGroupsCertificateRotationClusterTest#testCoordinatorHasScheduleTask

  #39091 commented on Jun 23, 2025 • 0 new comments

• LDAP expects fixed attribute pwdchangedtime attribute for last password change

  #39837 commented on Jun 24, 2025 • 0 new comments