External-Mirrors/keycloak
2
0
Fork 0
mirror of https://github.com/keycloak/keycloak.git synced 2026-01-10 15:32:05 -03:30
Code Issues Packages Projects Releases Wiki Activity

Update upgrade guide about changes in how the parameter is propagated to OPs

Browse Source 
Closes #42139

Signed-off-by: Pedro Igor <pigor.craveiro@gmail.com>
This commit is contained in:
Pedro Igor 2025-09-22 18:15:46 -03:00
parent 9655cecf8e
commit 73ee2cb3e2
1 changed files with 8 additions and 0 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

8
docs/documentation/upgrading/topics/changes/changes-26_4_0.adoc
View File

@ -4,6 +4,14 @@
Breaking changes are identified as those that might require changes for existing users to their configurations or applications.
In minor or patch releases, {project_name} will only introduce breaking changes to fix bugs.
=== `acr_values` request parameter is not forwarded automatically to identity providers
The `acr_values` request parameter is no longer automatically forwarded to OpenID Connect identity providers during authentication.
This change enhances security by preventing unintended disclosure of authentication context information to external IDPs.
If you are relying on the `acr_values` parameter to be propagated to an identity provider, you must now explicitly set `acr_values` request parameter
to the `Forwarded query parameters` setting in the identity provider configuration.
// ------------------------ Notable changes ------------------------ //
== Notable changes