1 Release published by 1 person

• 26.3.1

  published Jul 9, 2025

66 Pull requests merged by 23 people

• Translations update from Hosted Weblate

  #41017 merged Jul 12, 2025

• Selected client ID is a string and not an array

  #41090 merged Jul 11, 2025

• Remove FGAP:v1 from external-internal token exchange

  #40938 merged Jul 11, 2025

• Add SRE maintainers team to CODEOWNERS

  #41102 merged Jul 11, 2025

• Add option 'Requires short state parameter' to OIDC IDP

  #41059 merged Jul 11, 2025

• Check if PK for DATABASECHANGELOG already exists

  #41101 merged Jul 11, 2025

• Increase timeout when publishing to Maven Central (#41051)

  #41100 merged Jul 11, 2025

• Add generic update methods for builders

  #40312 merged Jul 11, 2025

• [26.3] Skip computing lifespan for read-only sessions

  #41094 merged Jul 11, 2025

• [26.2] Skip computing lifespan for read-only sessions

  #41093 merged Jul 11, 2025

• Skip computing lifespan for read-only sessions

  #41084 merged Jul 10, 2025

• Resolve home organization when requesting the scope for all organizations

  #39977 merged Jul 10, 2025

• Mark user session for removal when the user bound to cannot be resolved

  #41042 merged Jul 10, 2025

• Fix #40995 avoid ModelException: At least one condition should be pr…

  #40996 merged Jul 10, 2025

• Increase timeout when publishing to Maven Central

  #41051 merged Jul 10, 2025

• Remove /etc/system-fips file before executing fips-mode-setup (26.0)

  #41069 merged Jul 10, 2025

• [26.2] Improve logging for client sessions load

  #41066 merged Jul 10, 2025

• [26.3] Improve logging for client sessions load

  #41067 merged Jul 10, 2025

• [OID4VCI] Move realm attributes to clientScope and protocol-mappers

  #39768 merged Jul 10, 2025

• Remove /etc/system-fips file before executing fips-mode-setup (26.2)

  #41063 merged Jul 10, 2025

• fix: restricting lookup of existing resources to current owner

  #40985 merged Jul 10, 2025

• Remove /etc/system-fips file before executing fips-mode-setup (26.3)

  #41056 merged Jul 10, 2025

• Improve logging for client sessions load

  #41040 merged Jul 10, 2025

• Remove /etc/system-fips file before executing fips-mode-setup

  #41039 merged Jul 10, 2025

• Run clustering compatibility tests on release/x.y branches

  #40991 merged Jul 9, 2025

• Make UPDATE_EMAIL a supported feature

  #40273 merged Jul 9, 2025

• Generate a UUID to be the JTI instead of reusing the nonce.

  #40007 merged Jul 9, 2025

• Fix NPE when accessing group concurrently

  #41020 merged Jul 9, 2025

• Do not add steps if feature disabled in default flows Allow login if a step is disabled even the authenticator is not enabled by profile Closes #40954

  #41025 merged Jul 9, 2025

• Fix NPE when accessing group concurrently

  #41021 merged Jul 9, 2025

• [OID4VCI] : Update Credential Issuer Metadata Model for OID4VCI Draft-15

  #40749 merged Jul 9, 2025

• BUGFIX: session limit exceeded for both client & realm

  #38017 merged Jul 9, 2025

• Changing default passwordless webauthn policy to follow recommended values in the documentation

  #40820 merged Jul 9, 2025

• Set client in the session context for logout token encode

  #41004 merged Jul 9, 2025

• Do not add steps if feature disabled in default flows

  #40964 merged Jul 9, 2025

• Bump @types/node from 24.0.10 to 24.0.12 in /js

  #41016 merged Jul 9, 2025

• Fix NPE when accessing group concurrently

  #40940 merged Jul 8, 2025

• [OID4VCI]: Add a unique notification_id generation to OID4VCIssuerEndpoint used in CredentialResponse.

  #40229 merged Jul 8, 2025

• Rework floating promises to avoid concurrency side effects

  #40740 merged Jul 8, 2025

• Bump vite from 7.0.0 to 7.0.2 in /js

  #40953 merged Jul 8, 2025

• Bump i18next from 25.3.0 to 25.3.1 in /js

  #40950 merged Jul 8, 2025

• Bump rollup from 4.44.1 to 4.44.2 in /js

  #40951 merged Jul 8, 2025

• Bump react-hook-form from 7.59.0 to 7.60.0 in /js

  #40952 merged Jul 8, 2025

• Bump typescript-eslint from 8.35.1 to 8.36.0 in /js

  #40986 merged Jul 8, 2025

• Bump vite-plugin-checker from 0.9.3 to 0.10.0 in /js

  #40987 merged Jul 8, 2025

• Make passkeys feature dependent on web_authn

  #40976 merged Jul 8, 2025

• Update MAINTAINERS.md

  #40800 merged Jul 8, 2025

• 39546/remove kubernetes stack workarounds 26.2

  #40972 merged Jul 8, 2025

• Translations update from Hosted Weblate

  #40979 merged Jul 8, 2025

• Update documentation when no rolling update is performed

  #40974 merged Jul 8, 2025

• LDAP group mapper skips configured filter and imports all groups with…

  #40982 merged Jul 7, 2025

• Run clustering compatibility tests on release/x.y branches

  #40971 merged Jul 7, 2025

• UserSession Offline removed from DB if not in cache

  #40831 merged Jul 7, 2025

• Fix typo in consent scope

  #40787 merged Jul 7, 2025

• fix: streamlining the client scope update

  #40808 merged Jul 7, 2025

• Update documentation when no rolling update is performed

  #40963 merged Jul 7, 2025

• fix: correcting to use the X-Forwarded-Proto header

  #40905 merged Jul 7, 2025

• fix: correcting spi-theme options

  #40968 merged Jul 7, 2025

• fix: reducing memory footprint for cached entries

  #40807 merged Jul 7, 2025

• Use MgmtPermissionsV2 by default

  #40835 merged Jul 7, 2025

• fix: correcting spi-theme options

  #40966 merged Jul 7, 2025

• [OID4VCI] Remove interval property from Credential Offer

  #40412 merged Jul 7, 2025

• [OID4VCI] Always Return Array for Credential Responses

  #40409 merged Jul 7, 2025

• Provide CLI Parameters for jgroups.* options

  #40690 merged Jul 7, 2025

• Fix NPE when client is not set in context during token encoding

  #40936 merged Jul 7, 2025

• fix: detecting when we can set the serviceName (#40894)

  #40943 merged Jul 6, 2025

28 Pull requests opened by 13 people

• Bump aquasecurity/trivy-action from 0.31.0 to 0.32.0

  #40949 opened Jul 7, 2025

• Forward isMemberOf call to the next delegate if the group is not mana…

  #40969 opened Jul 7, 2025

• Remove workaround for handling Syslog counting framing

  #40989 opened Jul 8, 2025

• Improve handling of enum types for Keycloak options

  #40994 opened Jul 8, 2025

• Default jdbc-ping cluster setup for distributed caches fails in Oracle

  #40999 opened Jul 8, 2025

• [OID4VCI] Add support for credential_response_encryption in credential request

  #41001 opened Jul 8, 2025

• fix: prevent quarkus from persisting logging runtime defaults

  #41005 opened Jul 8, 2025

• Custom user profile providers should use the factory ID

  #41012 opened Jul 8, 2025

• Adding a config to the UPDATE_EMAIL action to force users to verify email

  #41013 opened Jul 8, 2025

• Bump chai from 5.2.0 to 5.2.1 in /js

  #41015 opened Jul 9, 2025

• Expose tokens expiresIn in KeycloakAdminClient

  #41024 opened Jul 9, 2025

• Wildcard mappers should be implicitly handled and value propagated

  #41026 opened Jul 9, 2025

• Allow Features to declare that they support Rolling upgrades

  #41027 opened Jul 9, 2025

• Update email feature only enabled if the required action is enabled at the realm

  #41046 opened Jul 9, 2025

• Bump i18next from 25.3.1 to 25.3.2 in /js

  #41047 opened Jul 10, 2025

• saml-idp: Draft support for extended SAML identity provider configuration in Admin Console

  #41053 opened Jul 10, 2025

• Add pagination to user idp links.

  #41068 opened Jul 10, 2025

• Require setting DB kind for additional datasources

  #41087 opened Jul 10, 2025

• fix: providing a single property to declare management interface as http

  #41089 opened Jul 10, 2025

• Bump @types/node from 24.0.12 to 24.0.13 in /js

  #41095 opened Jul 11, 2025

• Bump @playwright/test from 1.53.2 to 1.54.0 in /js

  #41096 opened Jul 11, 2025

• Bump vite from 7.0.3 to 7.0.4 in /js

  #41097 opened Jul 11, 2025

• [admin-v2] Provide simple validation with Jakarta/Hibernate Validation

  #41110 opened Jul 11, 2025

• Add option 'Requires short state parameter' to OIDC IDP

  #41112 opened Jul 11, 2025

• Add option 'Requires short state parameter' to OIDC IDP

  #41113 opened Jul 11, 2025

• Add option 'Requires short state parameter' to OIDC IDP

  #41114 opened Jul 11, 2025

• Check if PK for DATABASECHANGELOG already exists (26.3)

  #41115 opened Jul 11, 2025

• Add a global filter which throws bad request if a query parameter value has a control character

  #41118 opened Jul 11, 2025

59 Issues closed by 13 people

• Permission evaluatio for resource type Clients broken

  #41080 closed Jul 11, 2025

• External-internal token exchange independent from FGAP v1

  #40855 closed Jul 11, 2025

• Add SRE team as code owners

  #41111 closed Jul 11, 2025

• Add option "Requires short state parameter" to OIDC IDP

  #40237 closed Jul 11, 2025

• Multiple primary key defined when attempting to upgrade after 26.3.0

  #41082 closed Jul 11, 2025

• Issue: Unable to Restrict Client Login by Role — All Users Can Authenticate

  #40616 closed Jul 11, 2025

• Add generic update methods for builders

  #40311 closed Jul 11, 2025

• Can't update security-admin-console via admin UI with volatile sessions

  #40980 closed Jul 10, 2025

• IdP redirect fails when user belongs to multiple organizations with organization:* scope

  #39864 closed Jul 10, 2025

• ModelDuplicateException on next login after deleting an account and back-channel logout

  #40398 closed Jul 10, 2025

• LDAP / ModelException: At least one condition should be provided to OR query

  #40995 closed Jul 10, 2025

• [OID4VCI] Update the claims structure in credential issuer metadata across credential format profiles

  #39289 closed Jul 10, 2025

• [OID4VCI] Adjust ClientScope validation to ClientScope attributes

  #39529 closed Jul 10, 2025

• [OID4VCI] Return vc-credential-scopes in AccessToken-scope

  #39530 closed Jul 10, 2025

• [OID4VCI] Deprecate support for retrieving credential by `format` or `claims` at the Credential Endpoint

  #39282 closed Jul 10, 2025

• [OID4VCI] use credential_configuration_id on credential-request if scope was used

  #39309 closed Jul 10, 2025

• [OID4VCI] Move vc-attributes from realm to ClientScopes

  #39528 closed Jul 10, 2025

• [Operator] UpdateTest.testImageChange throws TimeoutException

  #40932 closed Jul 10, 2025

• Improve logging for client sessions load

  #41034 closed Jul 10, 2025

• Apache Reverse Proxy Setup

  #41062 closed Jul 10, 2025

• [Keycloak CI] - Quarkus IT - MetricsDistTest

  #40888 closed Jul 10, 2025

• FIPS errors in CI

  #41038 closed Jul 10, 2025

• FIPS-enabled container Kerberos authentication fails because of user salt length requirements

  #38840 closed Jul 10, 2025

• Keycloak call taking more than 30 Sec

  #40703 closed Jul 9, 2025

• UserSessionModel.removeAuthenticatedClientSessions() does not consistently replicate changes across cluster nodes

  #40998 closed Jul 9, 2025

• Make UPDATE_EMAIL a supported feature

  #40227 closed Jul 9, 2025

• Action Tokens Copy Nonce Into JTI

  #40160 closed Jul 9, 2025

• Keycloak 26.3.0 Performance Degradation (Installed with Operator)

  #40946 closed Jul 9, 2025

• [OID4VCI] Clean up and update the Credential Issuer Metadata model

  #39290 closed Jul 9, 2025

• User session limit exceeded for both realm and client removes the wrong session

  #38016 closed Jul 9, 2025

• Changing default passwordless webauthn policy to follow recommended values in the documentation

  #40792 closed Jul 9, 2025

• Backchannel logout token with an unexpected signature algorithm key

  #40984 closed Jul 9, 2025

• Keycloak 26.3.0 Regression: Failed to login if web-authn is disabled

  #40954 closed Jul 9, 2025

• User serach with first/last name from keycklock consol with multiple words in giving no record

  #38736 closed Jul 9, 2025

• NPE during loading user groups with concurrent deletion

  #40368 closed Jul 8, 2025

• [OID4VCI] Consider returning a `notification_id` in credential responses to support issuance flows that can contain more than one credential

  #39284 closed Jul 8, 2025

• Avoid floating promises in UI code

  #40739 closed Jul 8, 2025

• keycloack-0 pod goes CrashLoopBackOff, I deploy Keycloack with the yaml file provided by keycloacl.org site

  #40752 closed Jul 8, 2025

• Memory leak when updating LDAP federated user (join groups / update attributes)

  #38477 closed Jul 8, 2025

• Make passkeys feature dependent on web_authn

  #40975 closed Jul 8, 2025

• Run clustering compatibility tests on release/x.y branches

  #40970 closed Jul 7, 2025

• UserSession Offline removed from DB if not in cache

  #40754 closed Jul 7, 2025

• Typo in Consent Scope Representation

  #40786 closed Jul 7, 2025

• Optimize createClients on realm import

  #40805 closed Jul 7, 2025

• Update limitations of the preview feature rolling updates for patch releases

  #40962 closed Jul 7, 2025

• Proxy detection needs tweaked for insecure context warning

  #40903 closed Jul 7, 2025

• REST Admin API - ClientsResource response with 200 OK even needed roles are missing

  #40192 closed Jul 7, 2025

• Run tests as part of Keycloak CI in main but make sure a failure does not block PR merging

  #39966 closed Jul 7, 2025

• Improve ec2 transport stack documentation

  #39226 closed Jul 7, 2025

• Docs: server_development/topics/themes.adoc

  #40930 closed Jul 7, 2025

• [OID4VCI] Remove reference to an interval property in Credential Offer payloads

  #39294 closed Jul 7, 2025

• [OID4VCI] Update credential response (even if deferred) to always return an array when not returning a `transaction_id`

  #39283 closed Jul 7, 2025

• Provide CLI Parameters for jgroups.* options

  #40481 closed Jul 7, 2025

• NPE thrown when encoding a token without having a client set in the session

  #40935 closed Jul 7, 2025

• Keycloak Version 25.0.4 Importing Clients via Json sets the Access Token Lifespan to 0 if the Realm setting was changed from the default.

  #36092 closed Jul 7, 2025

• SearchQueryUtils.getFields(searchQuery) does not allow \ in query

  #37281 closed Jul 7, 2025

• OrganizationProvider.getMembersCount ignores federated members

  #38474 closed Jul 7, 2025

• null username for federated records

  #38495 closed Jul 7, 2025

• Migrating from keycloak 15 to keycloak 20.0.1

  #16074 closed Jul 7, 2025

70 Issues opened by 45 people

• keycloak 26.3.1 - no claims included in the access token

  #41123 opened Jul 12, 2025

• UI missing critical client secret length configuration in Keycloak 24+

  #41122 opened Jul 12, 2025

• FAPI 2.0 Final - Documentation

  #41121 opened Jul 12, 2025

• FAPI 2.0 Final - Add FAPI 2.0 Final security profile as default profile of client policies

  #41120 opened Jul 12, 2025

• FAPI 2.0 Final - only accept its issuer identifier value as a string in the aud claim received in client authentication assertions

  #41119 opened Jul 12, 2025

• NUL byte characters are sent from query parameters to the database causing SQL exception

  #41117 opened Jul 11, 2025

• Resolution of admin-cli's composite roles for lightweight token fails upon concurrent realm deletion

  #41109 opened Jul 11, 2025

• Unreachable branch in DBusMatchRule. SAST

  #41108 opened Jul 11, 2025

• Unused function result in ProtocolMappersResource. SAST

  #41107 opened Jul 11, 2025

• Unused function result in SAML11ParserUtil. SAST

  #41106 opened Jul 11, 2025

• Unknown relation when removing realm role with --db-schema configured

  #41105 opened Jul 11, 2025

• [Keycloak CI] - SSSD - SSSDUserProfileTest

  #41104 opened Jul 11, 2025

• Service Account users now showing in the User List

  #41103 opened Jul 11, 2025

• Allow Language Selection for Organization User Invitations

  #41099 opened Jul 11, 2025

• Locked out after upgrade to 26.3.1 due to missing sub in lightweight access token

  #41098 opened Jul 11, 2025

• Newly added OAuth2 Identity Provider feature in 26.3.0 doesn't refresh external access tokens automatically

  #41085 opened Jul 10, 2025

• Missing users on wrong federation provider configuration

  #41083 opened Jul 10, 2025

• pods do not have app.kubernetes.io/name label set on pods.

  #41079 opened Jul 10, 2025

• Admin Console: Filter by realm roles by default in role to group mapping

  #41078 opened Jul 10, 2025

• Show KC version info in footer of all web UI pages

  #41077 opened Jul 10, 2025

• Navigating group breadcrumb is not reflected in group navigation tree/browser

  #41076 opened Jul 10, 2025

• Admin Console: Creating a child group reverts tree navigation to root

  #41075 opened Jul 10, 2025

• Import client sessions into Infinispan concurrently

  #41074 opened Jul 10, 2025

• `Extend to children` for group policy does not work correctly with FGAP

  #41073 opened Jul 10, 2025

• In (realm) role details, add tab "Assigned to groups"

  #41072 opened Jul 10, 2025

• Admin Console: Assign attribute/property or perform action on multiple, filtered list items

  #41071 opened Jul 10, 2025

• Admin Console: Add to all lists features like sorting, attribute/property columns management & filtering

  #41070 opened Jul 10, 2025

• Built-in Webhook Support for Keycloak Events

  #41065 opened Jul 10, 2025

• Reduce the time it takes to migrate tests to the new framework

  #41064 opened Jul 10, 2025

• DOC: Partial import/export insufficiently documented

  #41061 opened Jul 10, 2025

• Some executions don't show up in the execution menu

  #41060 opened Jul 10, 2025

• Enhance migration utility

  #41058 opened Jul 10, 2025

• Add native hCaptcha support as an alternative to reCAPTCHA

  #41057 opened Jul 10, 2025

• Backport the release related fixes to Keycloak main

  #41052 opened Jul 10, 2025

• 502 Error from Keycloak

  #41050 opened Jul 10, 2025

• Lack of coordination in database creation in 26.3.0 causes deployment failures

  #41048 opened Jul 10, 2025

• Update email feature only enabled if the required action is enabled at the realm

  #41045 opened Jul 9, 2025

• Federated users incorrectly listed on first load due to uninitialized userProfileProvidersEnabled

  #41044 opened Jul 9, 2025

• Able to create a client without entering Client ID

  #41041 opened Jul 9, 2025

• WebAuthN Setup: OperationError: A request is already pending.

  #41037 opened Jul 9, 2025

• Skip update email required action if email attriute is not writable

  #41035 opened Jul 9, 2025

• Policy implementation in OpenId Federation

  #41033 opened Jul 9, 2025

• Unused value in JpaUserFederatedStorageProvider. SAST

  #41032 opened Jul 9, 2025

• [OID4VCI] Determine algorithms for credential_response_encryption

  #41031 opened Jul 9, 2025

• DOC: 'Running Keycloak in a Container' inconsistent

  #41029 opened Jul 9, 2025

• Can't send e-mails to international e-mail addresses: bad UTF-8 syntax

  #41023 opened Jul 9, 2025

• Allow Features to declare that they support Rolling upgrades

  #41022 opened Jul 9, 2025

• Validate session session timeout and lifetime settings on edit

  #41019 opened Jul 9, 2025

• Flaky test: org.keycloak.testsuite.cluster.ClientInvalidationClusterTest#crudWithFailover

  #41018 opened Jul 9, 2025

• Operator auto update hash

  #41014 opened Jul 8, 2025

• Legacy format of build-time spi options

  #41010 opened Jul 8, 2025

• Missing signing with passkeys feature when FORCED_REAUTHENTICATION = true

  #41008 opened Jul 8, 2025

• Including OTLP headers for authorization

  #41007 opened Jul 8, 2025

• Micrometer to OpenTelemetry bridge for metrics

  #41006 opened Jul 8, 2025

• Possibility to list only requested configuration options for CLI help

  #41003 opened Jul 8, 2025

• Liquibase in Kubernetes with separate Job

  #41002 opened Jul 8, 2025

• Wildcard mappers should be implicitly handled and value propagated

  #40997 opened Jul 8, 2025

• Improve handling of enum types for Keycloak options

  #40993 opened Jul 8, 2025

• Fallback to English translations for unknown locale despite German being the realm default

  #40990 opened Jul 8, 2025

• Passkeys Enhancements

  #40988 opened Jul 8, 2025

• Remove options `cache-embedded-offline-sessions-max-count` and `cache-embedded-offline-client-sessions-max-count`

  #40981 opened Jul 7, 2025

• Loglevel recorded from build phase

  #40977 opened Jul 7, 2025

• Remove deprecated method ConsentScopeRepresentation.getDisplayTest

  #40973 opened Jul 7, 2025

• Ambiguous translation entries returned for locale with realm overrides (unexpected parent locale behavior)

  #40967 opened Jul 7, 2025

• Group permission denies to view user

  #40965 opened Jul 7, 2025

• Create mixed cluster tests with state-transfter for OIDC flows

  #40960 opened Jul 7, 2025

• Update "Enabling and disabling features" documentation

  #40959 opened Jul 7, 2025

• Intermittent failure with HTTP POST /acs/resources/token due to the Authorization code was already used in another session in Keycloak

  #40956 opened Jul 7, 2025

• TiDB friendly MySQL Liquibase migration statements please

  #40947 opened Jul 6, 2025

• Unclear documentation for setting management server as http when main server is https

  #40945 opened Jul 6, 2025

98 Unresolved conversations

Sometimes conversations happen on old items that aren’t yet closed. Here is a list of all the Issues and Pull Requests with unresolved conversations.

• [OID4VCI]: Add support for parsing and understanding authorization_details at the Token Endpoint

  #40751 commented on Jul 11, 2025 • 8 new comments

• [OID4VCI] Limiting Client capabilities to OpenID Connect or OpenID4VCI

  #39385 commented on Jul 10, 2025 • 6 new comments

• Upgrade to the Quarkus 3.24.2 version

  #40867 commented on Jul 9, 2025 • 4 new comments

• Migrate FineGrainAdminUnitTest.java to the new testsuite

  #40269 commented on Jul 10, 2025 • 3 new comments

• [Test framework] ConcurrencyTest migration

  #37982 commented on Jul 10, 2025 • 2 new comments

• Move IllegalAdminUpgradeTest.java to the new testsuite

  #40282 commented on Jul 10, 2025 • 2 new comments

• Move UserStorageRestTest.java to the new testsuite

  #40285 commented on Jul 10, 2025 • 2 new comments

• Move PartialImportTest.java to the new testsuite

  #40279 commented on Jul 10, 2025 • 1 new comment

• Fallback to display text consent scopes

  #40789 commented on Jul 11, 2025 • 1 new comment

• Flaky test: org.keycloak.testsuite.cluster.PermissionTicketInvalidationClusterTest#crudWithFailover

  #39854 commented on Jul 11, 2025 • 0 new comments

• Flaky test: org.keycloak.testsuite.cluster.JGroupsCertificateRotationClusterTest#testCoordinatorHasScheduleTask

  #39091 commented on Jul 11, 2025 • 0 new comments

• Update docs how to verify that a cluster has formed

  #40296 commented on Jul 11, 2025 • 0 new comments

• External to internal token exchange

  #38335 commented on Jul 11, 2025 • 0 new comments

• Flaky test: org.keycloak.testsuite.cluster.RealmInvalidationClusterTest#crudWithFailover

  #40782 commented on Jul 11, 2025 • 0 new comments

• Custom scope display name not shown in Account UI

  #40788 commented on Jul 11, 2025 • 0 new comments

• referrerUrl in account-ui escapes query parameters incorrectly

  #40821 commented on Jul 11, 2025 • 0 new comments

• FAPI 2.0 Security Profile final version support

  #38769 commented on Jul 12, 2025 • 0 new comments

• Adding client_id as prefix in client roles mapper

  #25156 commented on Jul 6, 2025 • 0 new comments

• Keycloak Organizations

  #30180 commented on Jul 11, 2025 • 0 new comments

• Defects Identified by Static Analysis

  #40087 commented on Jul 11, 2025 • 0 new comments

• Cannot register passkey as first 2FA credential. (Continuation)

  #40837 commented on Jul 11, 2025 • 0 new comments

• Internal to external token exchange

  #40704 commented on Jul 11, 2025 • 0 new comments

• An error is displayed whenever you try to duplicate a group.

  #40556 commented on Jul 11, 2025 • 0 new comments

• Login to Account Console produces two consecutive LOGIN events

  #40463 commented on Jul 11, 2025 • 0 new comments

• No documentation how to clear caches via the Admin UI

  #40370 commented on Jul 11, 2025 • 0 new comments

• keycloak/keycloak terraform openid audience protocol mapper -- error.

  #40480 commented on Jul 11, 2025 • 0 new comments

• User attributes should not be editable for user that does not have manage-users role

  #40559 commented on Jul 11, 2025 • 0 new comments

• Operator CSV contains duplicit permissions

  #38879 commented on Jul 11, 2025 • 0 new comments

• Console incorrectly refers to MAC algorithms as "Signature algorithm"

  #38664 commented on Jul 10, 2025 • 0 new comments

• Update Traditional Chinese locale to latest version

  #40941 commented on Jul 7, 2025 • 0 new comments

• Change error to 400 for unknown user

  #40939 commented on Jul 8, 2025 • 0 new comments

• Allow configure encryption details for SAML clients

  #40937 commented on Jul 11, 2025 • 0 new comments

• Bump react-i18next from 15.5.3 to 15.6.0 in /js

  #40909 commented on Jul 8, 2025 • 0 new comments

• implementing json patch

  #40904 commented on Jul 10, 2025 • 0 new comments

• Improve realm search by name (#40793)

  #40795 commented on Jul 7, 2025 • 0 new comments

• Fixed the IDs comparison logic

  #40667 commented on Jul 8, 2025 • 0 new comments

• set auto-mount service account token to false in keycloak pods

  #40605 commented on Jul 12, 2025 • 0 new comments

• Manage Organization Invites

  #40526 commented on Jul 10, 2025 • 0 new comments

• Make organization `domains` optional

  #40508 commented on Jul 10, 2025 • 0 new comments

• Pass IDP config values to themes

  #40373 commented on Jul 11, 2025 • 0 new comments

• Add kcw script to Keycloak repository

  #40223 commented on Jul 11, 2025 • 0 new comments

• fix: adding mechanisms for an http health check

  #40044 commented on Jul 8, 2025 • 0 new comments

• Implemented OIDC Prefixed User Attribute Mapper

  #39930 commented on Jul 10, 2025 • 0 new comments

• Add Swagger UI capability when running in dev mode + OpenAPI YAML/JSON

  #39834 commented on Jul 9, 2025 • 0 new comments

• Adds a KeycloakMdcLogFilter and MdcDefinitionSpi.

  #39815 commented on Jul 11, 2025 • 0 new comments

• Add IdP configuration to disable forwarding of the acr_values parameter

  #39814 commented on Jul 10, 2025 • 0 new comments

• fix: WebAuthNPasswordless authenticator is incorrectly sorted after all other authenticators in alternative flows

  #39081 commented on Jul 10, 2025 • 0 new comments

• Ensure regex policies work for multi-valued claims

  #33674 commented on Jul 11, 2025 • 0 new comments

• Add ability to inspect generated SAML response for SAML Clients

  #30396 commented on Jul 9, 2025 • 0 new comments

• Always support an http health check

  #39506 commented on Jul 10, 2025 • 0 new comments

• Enable unit tests for Java Distribution testing

  #33510 commented on Jul 8, 2025 • 0 new comments

• Enforce commits to be linked to issues

  #33340 commented on Jul 8, 2025 • 0 new comments

• Run unit tests as part of Java Distribution IT

  #16039 commented on Jul 8, 2025 • 0 new comments

• Organizations Authenticator : public IDP not displayed when user not existing and matching domain

  #40649 commented on Jul 8, 2025 • 0 new comments

• Duplicates in unmanaged attributes

  #40929 commented on Jul 8, 2025 • 0 new comments

• User enumeration prevention

  #29346 commented on Jul 8, 2025 • 0 new comments

• Remove workaround for PostgreSQL and Liquibase

  #40687 commented on Jul 8, 2025 • 0 new comments

• Upgrade to the Quarkus 3.24.2 version

  #40592 commented on Jul 8, 2025 • 0 new comments

• Compliant with RFC8414, return server metadata at /.well-known/oauth-authorization-server/realms/{realm}

  #40923 commented on Jul 8, 2025 • 0 new comments

• [Possible issue] Error 403 while attempting to add role to new realm

  #40944 commented on Jul 7, 2025 • 0 new comments

• Identity provider links list is limited to 100 entries for a user in the admin UI

  #40818 commented on Jul 7, 2025 • 0 new comments

• Authorization -> Evaluate: always returns "No search results"

  #40712 commented on Jul 7, 2025 • 0 new comments

• Keycloak JS CI - Admin UI - Firefox e2e tests failure

  #40684 commented on Jul 7, 2025 • 0 new comments

• Fetch error occurs on "Associated roles" tab for admin role

  #40613 commented on Jul 7, 2025 • 0 new comments

• Realm search in Manage-Realms view should also include display-name

  #40793 commented on Jul 7, 2025 • 0 new comments

• Admin and User event configuration representation incomplete, leading to two chained calls to update realm

  #40843 commented on Jul 7, 2025 • 0 new comments

• Dereference of null in PersistentAuthenticatedClientSessionAdapter. SAST

  #40826 commented on Jul 7, 2025 • 0 new comments

• Action Token Key

  #40841 commented on Jul 7, 2025 • 0 new comments

• Make forwarding of acr_values configurable for IdPs

  #39813 commented on Jul 7, 2025 • 0 new comments

• Improvements to how the IDP is identified from the external `subject_token`

  #40832 commented on Jul 7, 2025 • 0 new comments

• Liquibase driver broken in KC 26.3.0

  #40934 commented on Jul 7, 2025 • 0 new comments

• Trusted Host don't set CORS headers in OIDC Client Registration

  #39629 commented on Jul 7, 2025 • 0 new comments

• Managing members from LDAP

  #37401 commented on Jul 7, 2025 • 0 new comments

• Keycloak 500 internal server error

  #40866 commented on Jul 6, 2025 • 0 new comments

• Using organization uuid instead of group uuid in FGAP should fail

  #40921 commented on Jul 10, 2025 • 0 new comments

• Mass User Actions and Default List Size

  #17738 commented on Jul 10, 2025 • 0 new comments

• Brute force detection for client credentials (confidential clients)

  #30077 commented on Jul 10, 2025 • 0 new comments

• [keycloak-js] loginHint not working on "keycloak.login(options)"

  #12864 commented on Jul 10, 2025 • 0 new comments

• Allow ampersands in first and last names in the PersonNameProhibitedCharactersValidator class

  #37059 commented on Jul 10, 2025 • 0 new comments

• Integrate support for Windows Integrated Security

  #35589 commented on Jul 10, 2025 • 0 new comments

• Full avatar support

  #33718 commented on Jul 10, 2025 • 0 new comments

• Review and update the documentation regarding the UPDATE EMAIL feature

  #40226 commented on Jul 9, 2025 • 0 new comments

• Make Update Email a supported feature

  #39722 commented on Jul 9, 2025 • 0 new comments

• when it fails to export realm with docker container

  #33800 commented on Jul 9, 2025 • 0 new comments

• Improve operator user experience with customized operand images

  #34637 commented on Jul 9, 2025 • 0 new comments

• Refresh token issuer check configurable

  #26017 commented on Jul 9, 2025 • 0 new comments

• OpenID Federation implementation

  #40509 commented on Jul 9, 2025 • 0 new comments

• [OID4VCI] Implementing support for OID4VCI ID2 Draft 15

  #39273 commented on Jul 9, 2025 • 0 new comments

• Default jdbc-ping cluster setup for distributed caches fails in Oracle

  #40784 commented on Jul 9, 2025 • 0 new comments

• Passkeys support

  #23656 commented on Jul 9, 2025 • 0 new comments

• Better handling of Rolling configuration updates

  #38862 commented on Jul 9, 2025 • 0 new comments

• Organization with Identity Provider allowing login with password

  #39033 commented on Jul 9, 2025 • 0 new comments

• Changed username on brokered system results in foreign key constraint violation

  #40907 commented on Jul 8, 2025 • 0 new comments

• Picture of the token-exchange flow in the documentation

  #39881 commented on Jul 8, 2025 • 0 new comments

• Wrap-up Weblate translations for Keycloak 26.3 release

  #40324 commented on Jul 8, 2025 • 0 new comments

• Improve WebAuthn tests documentation

  #10696 commented on Jul 8, 2025 • 0 new comments

• Enable branding without code changes

  #34244 commented on Jul 8, 2025 • 0 new comments

• Compatibility profiles

  #35650 commented on Jul 8, 2025 • 0 new comments