Keycloak 21.0.0 released

February 23 2023

To download the release go to Keycloak downloads.

Upgrading

Before upgrading refer to the migration guide for a complete list of changes.

All resolved issues

New features

• #11698 Add an option allowing to disable client registration access token rotation keycloak
• #15271 Add support for Microsoft Authenticator keycloak
• #16107 Short verification_uri for Device Authorization Request keycloak
• #16787 support multi hosted-domain in `GoogleIdentityProvider` keycloak
• #17037 Allow configuring of redirectUri for the cordova adapter keycloak adapter/javascript

Enhancements

• #1738 Deprecate SHA1 based algorithms for SAML signatures keycloak-documentation
• #1743 Documentation of some options of SAML IDP is not up-to-date keycloak-documentation
• #8820 Official Support for Microsoft mobile authenticator app keycloak
• #8982 Blacklist false positive rate could be set a lot lower. keycloak
• #9008 Update client with registration access token gained by client registration keycloak authorization-services
• #9017 Pre-authorization hook for client policies keycloak
• #9144 Remove Hashicorp Support keycloak dist/quarkus
• #9388 Global lock interface keycloak storage
• #9420 Use bulk deletes in HotRod store keycloak storage
• #9699 Include list of possible option values in help messages. keycloak dist/quarkus
• #10018 JPA Map Storage: leverage function-based indexes (Postgresql) keycloak storage
• #10090 Remove workaround in HotRodUtils#paginateQuery keycloak storage
• #10376 Add MapKeycloakTransaction.exists(id) method keycloak storage
• #10988 Remove doubled field from HotRod entities keycloak storage
• #11744 Remove `session.area().getById(id)` from Map provider methods keycloak storage
• #12067 Investigate a way to update indexes in no-downtime way for HotRod store keycloak storage
• #12068 Leverage Infinispan lifespan for ExpirableEntities in HotRod storage keycloak storage
• #12950 Implement "advanced claim to group" mapping for SAML keycloak
• #13219 Followup: JPA Map store wants to use `hibernate.integrator_provider` in Quarkus keycloak
• #13222 Followup: Revisit JTA vs. RESOURCE_LOCAL for JPA map storage for Quarkus and other Setups keycloak storage
• #13346 Cannot save profile on User Management Console while CJK characters in username keycloak user-profile
• #13544 Quarkus testsuite should use storage=chm by default where it makes sense keycloak testsuite
• #13606 Keycloak uses incorrect encryption keys as SAML identity brokers in SPSSODescriptor keycloak
• #13632 File map storage: Basic storage keycloak storage
• #13725 Make GHA Map-JPA base testsuite running with Quarkus keycloak storage
• #14503 Allow to configure firstname and lastname to be optional during registration keycloak user-profile
• #14504 Ability to add fields in job template for KeycloakRealmImport CR keycloak
• #14583 Provide partial import of realms for the map storage, ideally without needing a representation keycloak storage
• #14686 Add missing german translation for emailInstructionUsername keycloak
• #14739 Improve readability and manageability of deployment configuration for operator keycloak operator
• #14915 Cleanup setting of Hibernate version twice in root pom and Quarkus pom keycloak dist/quarkus
• #15026 Declarative user profile should allow to mark the email attribute as non required keycloak
• #15053 Remove deprecated methods from `login-failure` area from `user-session` interface keycloak storage
• #15223 Make sure the KeycloakSession is not closed more than once keycloak core
• #15234 Switch to micrometer metrics keycloak
• #15256 Expose attribute metadata from the User API keycloak user-profile
• #15374 Remove dependencies on Resteasy API and rely on JAX-RS API as much as possible keycloak
• #15450 Remove unnecessary injection points from JAX-RS (sub)resources keycloak
• #15507 JPA Map Storage: leverage function-based indexes (CockroachDB) keycloak storage
• #15525 Remove unnecessary injection points from our JAX-RS resources keycloak
• #15576 Enable Oracle DB drivers for KeycloakServer in the testsuite utils keycloak
• #15602 Remove injection points for Resteasy contextual data and use the Keycloak context instead keycloak
• #15603 Keycloak distribution contains testing libraries keycloak dist/quarkus
• #15605 Avoid creating proxies at runtime for Rest-based SPIs keycloak
• #15612 Client registration service must not check client protocol for Bearer token keycloak
• #15644 Review `set-quarkus-version.sh` keycloak dist/quarkus
• #15666 Update to latest version of Keycloak Actionbot keycloak
• #15677 Enumerate fields in autogenerated class descriptor keycloak storage
• #15706 Create model-map-file module with empty implementations keycloak storage
• #15740 ./kc.sh does not pickups conf/quarkus.properties keycloak docs
• #15749 Add logging to KeycloakModelUtils.runJobInRetriableTransaction keycloak storage
• #15810 Remove dependency on Resteasy Multipart Provider keycloak
• #15811 Make sure JAX-RS resource methods are advertizing the media type they support keycloak
• #15812 ConcurrentModificationException in DeclarativeUserProfileProvider keycloak user-profile
• #15846 Support autogeneration of camel case field names keycloak storage
• #15885 Add write ability to file store keycloak storage
• #15890 Introduce tests for pessimistic locking usecases keycloak storage
• #15901 Enable Infinispan Metrics keycloak
• #15946 User Attribute Policy keycloak
• #15977 Upgrade to Infinispan 14.0.4.Final keycloak storage
• #16008 Update to JBoss Parent 39 keycloak
• #16020 Adding CRDB into GHA for the new store keycloak storage
• #16089 Normalize memory usage in tests and OOM behavior keycloak storage
• #16091 Cache Maven Wrapper JAR in GitHub actions keycloak ci
• #16139 The search does not work if only partial information is entered keycloak
• #16220 Clarify using of `--optimized` flag with DBs keycloak docs
• #16224 Incrementally cache consents on a per client basis keycloak infinispan
• #16248 Keycloak operator. Add labels to keycloak PODs keycloak
• #16281 Keep consistency when importing realms at startup when they are exported via the `export` command keycloak
• #16308 Compatibility with Maven4 build cache and parallel builds keycloak ci
• #16320 Single client export bug keycloak
• #16373 Remove invalid property from Operator properties keycloak dist/quarkus
• #16420 Support runnning tests using an embedded distribution keycloak
• #16529 Move Admin UI custom REST endpoints to main repository keycloak
• #16616 Make lockTimeout better configurable in JpaMapStorageProviderFactory keycloak storage
• #16676 Create basic read-only file store keycloak storage
• #16690 Make LockAcquiringTimeoutException a runtime exception keycloak storage
• #16751 Do not enable caching metrics by default and provide a guide keycloak
• #16807 KeycloakIngress (controller) should configure edge TLS when back-end protocol is HTTP keycloak operator
• #16892 Update proxy guide with information about session stickness keycloak docs
• #16921 Recovery codes input error not displayed in the standardized way keycloak
• #16962 Make it possible to run the embedded distribution in FIPS mode keycloak
• #17133 Apply documentation standards to Getting Started Guides keycloak
• #17134 Create an SPI for DeviceActivityManager keycloak
• #17865 Add "Encryption algorithm" option of SAML IDP keycloak admin/ui
• #17935 Update message for 'Valid Post Logout Redirect URIs' client option keycloak admin/ui
• #18080 Testing running on release branches keycloak admin/ui

Bugs

• #8833 Performing an external-to-internal token exchange with an ID token with provider mappers enabled results in `unknown_error`. keycloak token-exchange
• #8958 NullPointerException when editing a sub flow without a description keycloak authentication
• #9003 Documentation Error: User Storage SPI: CredentialInputValidator keycloak core
• #9345 Can't join a node under certain conditions keycloak admin/api
• #9771 Hard-coded signature algorithm in token verification keycloak oidc
• #9991 required action terms_and_conditions is not imported keycloak import-export
• #10668 Kerberos User Federation creates a user that does not exist keycloak ldap
• #10672 Kerberos User Federation creates a user that does not exist when username including "//" keycloak ldap
• #10755 Replace operation set wrong lifespan in remote infinispan database and leads to session eviction keycloak storage
• #10958 Client ID in LDAP Mappers User Federation doesn't align with Rename Client ID keycloak ldap
• #11608 Realm password policy regex does not work keycloak authentication
• #11627 New cluster joiners hang while trying to preload remote sessions (not offline) keycloak storage
• #11726 Conflicting data returned for /users/id and /users endpoints when user is temporarily locked keycloak admin/api
• #11783 Timeout when waiting for 3rd party check iframe message. keycloak adapter/javascript
• #12039 Account console doesn't show the currently logged in user keycloak account/ui
• #12053 [SAML Broker] BadPaddingException because Keycloak uses signing key pair for decryption keycloak saml
• #12523 DELETE user api uses inefficient SQL queries while deleting data from OFFLINE_CLIENT_SESSION keycloak storage
• #12567 SQLGrammarException would occur if a user doesn't belong to any groups keycloak storage
• #12618 Role name containing ";"(semicolon) leads "Resource not found..." error in the admin console keycloak admin/api
• #12649 GET /{realm}/users/{id}/groups ignores 'search' query parameter keycloak admin/api
• #12819 Inconsistent behavior of group attribute caching keycloak storage
• #12913 Keycloak 18.0.2 mixed content issue. keycloak dist/quarkus
• #12970 Public URL autodetection from request does not work when using reverse proxy on non standard ports keycloak dist/quarkus
• #12979 Admin console infinite redirect loop before password prompt keycloak dist/quarkus
• #13063 Setting hostname-admin=localhost redirects to keycloak.example.com keycloak dist/quarkus
• #13089 Infinispan/TCPPING does not span the cluster over all specified nodes keycloak dist/quarkus
• #13114 Reencrypt proxy ignored with new operator keycloak operator
• #13122 Deleting Users in Keycloak Cluster with 3 or more Nodes is not possible keycloak dist/quarkus
• #13148 keycloak(behind nginx) .well-known/openid-configuration path not return correct token or jwt url（custom port loss） keycloak dist/quarkus
• #13157 Response_mode not setup on request when using keycloak Java client keycloak authorization-services
• #13210 JPA Map Storage with CRDB: ConcurrentLoginTest failures keycloak storage
• #13236 Username is removed when updating service account with empty/null email when declarative user profile and registrationEmailAsUsername is enabled keycloak user-profile
• #13340 Performance Issues with many offline sessions keycloak storage
• #13354 LDAP integration doesn't map emails keycloak ldap
• #13656 I get these [com.arjuna.ats.arjuna] warnings and right after the readiness probe dies keycloak storage
• #13988 19 - update-email feature - email change does not affect the username when "Email as username" option is checked keycloak authentication
• #14035 User/User Profile API inconsistent behaviour : partial PUT clear all user fields when user profile enabled keycloak user-profile
• #14071 Keycloak docker container default theme environment variable not working keycloak dist/quarkus
• #14173 IDP Provider is hidden from the login form after the back button is pressed keycloak authentication
• #14197 Configurable session limits bug on chrome & edge keycloak authentication
• #14234 SigningInPage has wrong icon keycloak account/ui
• #14323 Unexpected error when authenticating client: java.lang.RuntimeException: Illegal base64url string! keycloak oidc
• #14433 customized ingress resource is deleted as soon as a Keycloak pod is killed keycloak operator
• #14537 400 for /token endpoint for Multiple Keycloak Servers keycloak dist/quarkus
• #14610 Default Build Failing Due to Test Failures keycloak core
• #14638 Keycloak 19.0.1 can not atrt with mariaDB 10.8.4 keycloak dist/quarkus
• #14657 Keycloak 18.0.0 - Upgrade to 19.0.2 - ISPN Cache error keycloak dist/quarkus
• #14689 User Session Count Limiter not working for some users keycloak authentication
• #14703 Email field that is not required still renders with an asterisk in registration form keycloak authentication
• #14772 Paging for "Users in role" is not guaranteed to work with JPA keycloak storage
• #14794 Error when using similar keys with different algorithms in a jwks for identity provider signature validation keycloak oidc
• #14843 User password is visible on admin events tab keycloak authentication
• #14884 Weird export/re-import behaviour regarding `post.logout.redirect.uris` keycloak oidc
• #15008 Configure custom user provider results in RuntimeException: Failed to find provider map for user keycloak dist/quarkus
• #15021 Unable to create idp role mapper (oidc / saml) with old admin UI keycloak admin/ui
• #15060 Transaction deadlock with Microsoft SQL if "sendStringParametersAsUnicode=false" not set in db url properties keycloak storage
• #15083 Status 500 when trying to retrieve non-existing external IDP token keycloak oidc
• #15093 JPA Map Storage: JpaRootAuthenticationSessionEntity constructor missing version parameter keycloak storage
• #15116 Old admin console theme still visible for selection even though the corresponding feature is disabled keycloak admin/ui
• #15118 Build Timeouts on integration tests keycloak ci
• #15231 Groups beyond first 10 are not accessible keycloak admin/ui
• #15236 Cannot convert undefined or null to object keycloak admin/ui
• #15252 Conditional Authentication flow - Deny Access Error Message - custom property not loaded keycloak authentication
• #15269 User Profile removes all user attributes keycloak admin/api
• #15278 KeycloakErrorHandler throws NPE if session is missing keycloak core
• #15295 AdminV2 not loading through reverse proxy (reencrypt) keycloak admin/ui
• #15324 KC_HTTP_RELATIVE_PATH --http-relative-path ingress or nginx not work keycloak admin/ui
• #15326 Multipod (kubernetes) upgrade from v19 to v20 fails keycloak infinispan
• #15346 Error when loading public keys keycloak oidc
• #15361 user_info not working after upgrading from 19.0.3 to 20.0.0 keycloak oidc
• #15394 Admin account user name is forcibly changed keycloak dist/quarkus
• #15412 All configurations documentation lists database vendor as a build configuration keycloak docs
• #15422 Keycloak User Federation Provider LDAP connection with Azure Active Directory connection is unsuccessful. keycloak ldap
• #15429 NPE in userinfo endpoint keycloak oidc
• #15431 User Profile Attributes not showing up in Admincp User view and User account management view keycloak
• #15432 Startup Fails with NullPointerException in Kubernetes with Keycloakx Helm chart keycloak core
• #15449 Not able to create user with non english character in Keycloak 14 environment keycloak admin/ui
• #15482 User Federation: getReadable() can throw a NPR for a federated user if the user has no attributes keycloak storage
• #15485 12.0.4 - User names fields accept special characters keycloak admin/ui
• #15487 Flaky test: Model Tests DBLockTest keycloak testsuite
• #15493 make nginx certificate-lookup thread safe keycloak authentication
• #15497 Unknown bind DN using LDAP anonymous bind aka bind type none keycloak ldap
• #15503 Flaky tests: Connection timed out to repo.maven keycloak testsuite
• #15538 Custom admin theme not working keycloak admin/ui
• #15539 Invalid redirect uri / keycloak authentication
• #15558 UserSessionProviderTest#testOnClientRemoved fails on CockroachDB keycloak storage
• #15564 Flaky test: RequiredActionTotpSetupTest.setupTotpExistingReusableCodeDisabled keycloak testsuite
• #15566 Failed to generate javadoc keycloak
• #15571 Keycloak 20.0 - Build Configurations not applied? KC_FEATURES=token-exchange keycloak
• #15607 JDK 17 InaccessibleObjectException with infinispan keycloak storage
• #15608 Keycloak wrongly assumes that the default datasource is the first one keycloak dist/quarkus
• #15614 Fix update of group mappers on certain changes of the group path keycloak
• #15656 Password change sometimes triggers error keycloak core
• #15668 User Profile: Editing the username attribute adds empty permissions keycloak user-profile
• #15685 Search by group attributes might break on OracleDB keycloak storage
• #15687 IdentityProviderModel from third party packages are ignored keycloak identity-brokering
• #15699 Unique constraints should use attribute value hash instead of the value itself keycloak storage
• #15701 Unable to run map-storage-jpa tests with custom Postgres image keycloak testsuite
• #15712 Keycloak won't start due to Unsupported database file version or invalid file header in file "/var/lib/keycloak/data/h2/keycloakdb.mv.db" [90048-214] keycloak core
• #15718 Flaky test: RefreshTokenTest.tokenRefreshRequest_ClientES512_RealmRS256 keycloak testsuite
• #15738 ERROR: Failed to start server in (production) mode after update from 19.0.3 quarkus to 20.0.1 keycloak core
• #15739 Device Authorization Grant fails with valid S256 code challenge keycloak core
• #15744 CORS error from token endpoint keycloak authentication
• #15761 Flaky test: JavascriptAdapterTest.implicitFlowOnTokenExpireTest keycloak testsuite
• #15767 Make KeycloakDeploymentBuilder initialize CryptoIntegration keycloak core
• #15777 Can't change 'Restart login' keycloak account/ui
• #15781 kc 19.0.3 with oracle 11g: realm export with users leads SQL Error: 1000, SQLState: 72000 (maximum open cursors exceeded) keycloak storage
• #15801 Multiple failures in Model Tests keycloak testsuite
• #15803 Keycloak upgrade fails: relation databasechangeloglock already exists keycloak core
• #15806 Console not login since Keycloak 19+ keycloak authentication
• #15807 fix typo in kcWebAuthnKeyIcon keycloak account/api
• #15817 Get opentid token server error keycloak account/api
• #15823 Overriding email template provider according to guide fails keycloak core
• #15824 Failed to find Liquibase implementation when using Postgres DB keycloak core
• #15849 JPA Map Storage: Add transaction retry logic to LoginActionsService.authenticate keycloak storage
• #15869 Upload Script error keycloak account/api
• #15886 After changing URL, admin console load old URL keycloak admin/ui
• #15889 Keycloak 20.0.1 on Oracle Database - ORA-00932: inconsistent datatypes: expected - got NCLOB keycloak core
• #15894 Sign in to your account with SAML integration resulting in "Unexpected error when authenticating with identity provider" and no error found on logs. keycloak saml
• #15904 Flaky test: HostnameDistTest keycloak testsuite
• #15916 Java 17 support not given keycloak dist/quarkus
• #15921 Can not set Context path on Keycloak 20 keycloak dist/quarkus
• #15925 JAVA_OPTS_APPEND does not allow overriding the ipv4/ipv6 setting keycloak dist/quarkus
• #15944 API call to get user profile config should allow any admin role. keycloak admin/api
• #15952 export client saml key JKS from realm ui admin theme keycloakv2 give invalid JKS keycloak admin/ui
• #16002 Health Check failure when KC_HTTP_RELATIVE_PATH set on 20.0.0 keycloak core
• #16030 Better error handling on startup keycloak dist/quarkus
• #16046 GHA are not running HotRod tests because of config error keycloak storage
• #16047 NPE while trying to access the list of users in the admin console keycloak admin/api
• #16048 Flaky test: OfflineServletsAdapterTest keycloak ci
• #16053 `FieldsGenerator` doesn't generate `getMapKeyClass()` and `getMapValueClass()` for `Map config` fields keycloak storage
• #16067 Title/header of Admin REST API page incorrectly shows placeholder keycloak docs
• #16069 Stuck at Loading the admin console keycloak admin/cli
• #16078 Flaky test: UserSessionConcurrencyTest.testConcurrentNotesChange keycloak storage
• #16079 Flaky test: UserSessionExpirationTest>KeycloakModelTest.createEnvironment keycloak storage
• #16099 Keycloak admin page is not loading keycloak dist/quarkus
• #16108 Flaky test: org.keycloak.testsuite.federation.kerberos.KerberosLdapTest#spnegoLoginTest keycloak ci
• #16109 Flaky test: org.keycloak.testsuite.federation.kerberos.KerberosLdapTest#validatePasswordPolicyTest keycloak ci
• #16110 Flaky test: org.keycloak.testsuite.federation.kerberos.KerberosLdapTest#testClientOverrideFlowUsingBrowserHttpChallenge keycloak ci
• #16111 Flaky test: org.keycloak.testsuite.federation.kerberos.KerberosLdapTest#writableEditModeTest keycloak ci
• #16112 Flaky test: org.keycloak.testsuite.federation.kerberos.KerberosLdapTest#spnegoCaseInsensitiveTest keycloak ci
• #16113 Flaky test: org.keycloak.testsuite.federation.kerberos.KerberosLdapTest#usernamePasswordLoginTest keycloak ci
• #16114 Flaky test: org.keycloak.testsuite.federation.kerberos.KerberosLdapTest#credentialDelegationTest keycloak ci
• #16115 Flaky test: org.keycloak.testsuite.federation.kerberos.KerberosLdapTest#spnegoLoginWithRequiredKerberosAuthExecutionTest keycloak ci
• #16116 Flaky test: org.keycloak.testsuite.federation.kerberos.KerberosLdapTest#spnegoNotAvailableTest keycloak ci
• #16117 Flaky test: org.keycloak.testsuite.federation.kerberos.KerberosLdapTest#spnegoWithInvalidTokenTest keycloak ci
• #16125 Warning printed in Keycloak CI jobs keycloak ci
• #16130 Flaky test: org.keycloak.testsuite.cookies.CookiesPathTest#testOldCookieWithNodeInValue keycloak ci
• #16131 Flaky test: org.keycloak.testsuite.cookies.CookiesPathTest#testMultipleCookies keycloak ci
• #16132 Flaky test: org.keycloak.testsuite.cookies.CookiesPathTest#testOldCookieWithWrongPath keycloak ci
• #16133 Flaky test: org.keycloak.testsuite.cookies.CookiesPathTest#testCookiesPath keycloak ci
• #16143 Flaky test: org.keycloak.testsuite.forms.LoginTest#loginWithoutForcePasswordChangePolicy keycloak ci
• #16174 Username is not updated if email was changed keycloak user-profile
• #16191 Keycloak 20.0.1 quarkus Distro is failing with MSSqlServer on second time restart keycloak core
• #16202 LinkageError for FipsMode during startup keycloak core
• #16211 AccountConsole leaks translated messages into cached theme keycloak account/ui
• #16216 Some authorization adapter test failing on Java 17 keycloak testsuite
• #16222 operator doesn't watch other namespaces keycloak operator
• #16232 Flaky test: org.keycloak.testsuite.admin.UserTest.sendResetPasswordEmailWithCustomLifespan keycloak ci
• #16240 SAMLServletAdapterTest and SAMLFilterServletAdapterTest failing on Java 17 keycloak testsuite
• #16255 Field generator: `getCollectionElementClass` method not generated when no addElement method is present in interface keycloak storage
• #16261 io.quarkus.builder.BuildException caused by java.lang.OutOfMemoryError: unable to create native thread keycloak dist/quarkus
• #16263 Do not show username field when updating profile if UPDATE_EMAIL feature is enabled and email as username is enabled keycloak user-profile
• #16274 Read-only user attributes error from Keycloak Admin API keycloak admin/api
• #16283 No data stored in external database (MariaDB) keycloak storage
• #16290 Migrating from keycloak 15 to keycloak 20.0.1: If we pass wrong username then getting Internal Server Error keycloak core
• #16297 NPE if user not exists in PolicyEvaluationRequest keycloak admin/api
• #16306 Role/Group based authentication not working for users authenticated by External IdPs (Azure AD, GitHub etc) keycloak authorization-services
• #16313 In CI, new-store-integration-tests for CRDB is sometimes cancelled after 70 minutes keycloak storage
• #16317 EntityField `mapPut` and `collectionAdd` default methods doesn't insert an element when `get(e)` returns `null` keycloak storage
• #16330 Hibernate 6 upgrade: native query registration keycloak storage
• #16332 Hibernate 6 upgrade: unable to extract query parameter name in QueryCacheKey keycloak storage
• #16333 Email theme is not working after update to 20.0.2 keycloak translations
• #16334 Hibernate 6 upgrade: API changes in JpaAutoFlushListener keycloak storage
• #16335 Hibernate 6 upgrade: valueType in `JsonbType` is no longer set keycloak storage
• #16336 Hibernate 6 upgrade: JSON functions need to be registered using new APIs keycloak storage
• #16337 Hibernate 6 upgrade: Entity -> id mapping no longer automatically done keycloak storage
• #16347 Priority order of protocol mappers keycloak oidc
• #16401 Clients secret with % for clients (access type : confidential) have to be encoded keycloak authorization-services
• #16403 Keycloak - Missing data in the userinfo response keycloak core
• #16443 Keycloak 19.0.1 search from UI bug keycloak admin/ui
• #16465 ElytronSessionTokenStore#logoutHttpSessions() does not work as expected due to UNDERTOW-2159 keycloak adapter/jee
• #16467 The user could not be deleted unknown_error keycloak account/api
• #16502 Hibernate 6 upgrade: Warning about missing Bean Validation provider keycloak storage
• #16513 Wrong property for events in map-storage-hot-rod on Undertow keycloak storage
• #16514 Flaky tests: DateTimeParse failures in New Account Console tests keycloak ci
• #16538 Quarkus 3: Model tests fail to finish keycloak testsuite
• #16552 JpaClientModelCriteriaBuilder doesn't work correctly with H6 keycloak storage
• #16584 Userinfo Endpoint Gives 500 (nullpointerexception) on POST request keycloak account/api
• #16586 Upgrading from keycloak 20.0.1-20.0.2+ breaks app logout keycloak oidc
• #16592 Memory leak when running the embedded server keycloak core
• #16605 http-relative-path is not working keycloak core
• #16622 Snyk workflow failing when running the checks against the Operator keycloak ci
• #16634 Hibernate Error performing load command with JDK 17 keycloak storage
• #16642 Database migrations are not transactional keycloak storage
• #16649 Fixing OfflineSessionPersistenceTest in Quarkus3 branch keycloak storage
• #16657 Flaky test: org.keycloak.common.ProfileTest#enablePreviewWithPropertiesFile & #configWithPropertiesFile keycloak ci
• #16658 Label for "Review Profile config" modal is not displayed properly in new admin console keycloak admin/api
• #16669 Flaky test: org.keycloak.testsuite.ui.account2.WelcomeScreenTest#resourcesTest keycloak ci
• #16679 Update Email Action does not properly update username if username=email is active keycloak authentication
• #16684 cannot open admin console after upgrade to 20.0.3 keycloak admin/ui
• #16693 Hibernate 6 referencing m:n association from both entities with both `joinColumns` and `inverseJoinColumns` causes interference keycloak storage
• #16705 Snyk Workflow failing due to the usage of the same category on multiple sections keycloak ci
• #16711 SAML tests in quarkus3 branch failing due to missing SAAJ factory keycloak testsuite
• #16721 Failing tests due to outdated X509Certificate request attribute name keycloak testsuite
• #16727 Keycloak 20.0.3 container does not support Java 17 keycloak dist/quarkus
• #16743 ArtifactBindingTest fails on quarkus 3 branch with ClassNotFoundException keycloak testsuite
• #16745 ISPN000559: Cannot marshall 'class org.infinispan.marshall.protostream.impl.MarshallableUserObject': java.io.NotSerializableException: org.keycloak.models.cache.infinispan.entities.NonExistentItem keycloak dist/quarkus
• #16775 Operator ignores DB vendor when using custom image. Forces h2 instead of chosen vendor. keycloak operator
• #16797 Make sure PBKDF2 providers are using the expect size for derived keys keycloak authentication
• #16801 Log message about leaked statement in JPA map storage keycloak storage
• #16804 Connection Refused on Quarkus Tests keycloak dist/quarkus
• #16818 Any tests using PhantomJS failing in some newer linux environments keycloak testsuite
• #16857 Fix `Overwriting value of clientRole field` log message keycloak storage
• #16880 Keycloak LDAPS does not find valid certification path to requested target in Production keycloak ldap
• #16899 [typing] user.listGroups typing seems incorrect keycloak admin/client-js
• #16901 Can't update user groups keycloak admin/client-js
• #16974 Trivy Workflow failing with context deadline exceeded keycloak ci
• #16988 application/x-unknown-content-type when loading admin console JS and CSS keycloak admin/ui
• #17010 Changing realm id will not update relative URLs in `account-console` client keycloak account/ui
• #17022 lastSync value into COMPONENT_CONFIG is always updated keycloak core
• #17029 File store path traversal keycloak storage
• #17141 Exception in log: Response already committed, can't be changed keycloak storage
• #17162 build failed with pom can not import keycloak ci
• #17197 Discovery document is missing mandatory fields keycloak account/api
• #17216 Link "Sign out" incorrectly hardcoded to localhost in the authz example applications keycloak testsuite
• #17833 Paging doesn't work on filtered tables keycloak admin/ui
• #17870 User profile - Button email verified doesn't appear keycloak admin/ui
• #17874 Client assertion signature configuration of identity broker is missing on new security admin console keycloak admin/ui
• #17887 User profile - Validation Options not working keycloak admin/ui
• #17914 Client Advanced Settings: Access Token Lifespan displayed as "Never expires" when realm value is used (default 1h) keycloak admin/ui
• #17919 Federation Link no longer visible for Users keycloak admin/ui
• #17920 User profile - firstName not showing keycloak admin/ui
• #17921 [Keycloak 20.0.1 ] JWKS url can't be configured keycloak admin/ui
• #17925 New admin console missing action that allows synchronizing LDAP groups to Keycloak keycloak admin/ui
• #17937 Custom User Provider SPI: MULTIVALUED_STRING_TYPE setting not being shown on ui (but saved and retrieved) keycloak admin/ui
• #17968 Azure AD Error: AADSTS90023: Unsupported 'prompt' value keycloak admin/ui
• #17974 Align user profile UI with the behavior from the old admin console keycloak user-profile