Merge branch 'main' into 31712-fix-access-token-issue-oid4vc

docs/documentation/aggregation/pom.xml

@@ -26,12 +26,6 @@
             <version>${project.version}</version>
             <type>pom</type>
         </dependency>
-        <dependency>
-            <groupId>org.keycloak.documentation</groupId>
-            <artifactId>securing-apps</artifactId>
-            <version>${project.version}</version>
-            <type>pom</type>
-        </dependency>
         <dependency>
             <groupId>org.keycloak.documentation</groupId>
             <artifactId>server-admin</artifactId>
@@ -107,22 +101,6 @@
                             </resources>
                         </configuration>
                     </execution>
-                    <execution>
-                        <id>copy-securing_apps</id>
-                        <phase>process-resources</phase>
-                        <goals>
-                            <goal>copy-resources</goal>
-                        </goals>
-                        <configuration>
-                            <outputDirectory>${project.build.outputDirectory}/securing_apps/</outputDirectory>
-                            <resources>
-                                <resource>
-                                    <directory>../securing_apps/target/generated-docs</directory>
-                                    <include>**/**</include>
-                                </resource>
-                            </resources>
-                        </configuration>
-                    </execution>
                     <execution>
                         <id>copy-server_admin</id>
                         <phase>process-resources</phase>

docs/documentation/aggregation/src/index.html

@@ -34,7 +34,6 @@
 <body>
 <img src="keycloak_logo.png"/>
 <ul>
-    <li><a href="securing_apps/${masterFile}.html">Securing Apps</a></li>
     <li><a href="server_admin/${masterFile}.html">Server Admin</a></li>
     <li><a href="server_development/${masterFile}.html">Server Development</a></li>
     <li><a href="authorization_services/${masterFile}.html">Authorization Services</a></li>

docs/documentation/authorization_services/topics/getting-started-overview.adoc

@@ -7,4 +7,4 @@ get started with {project_name} Authorization Services:
 * {quickstartRepo_link}/tree/latest/jakarta/servlet-authz-client[Securing a JakartaEE Application in Wildfly]
 * {quickstartRepo_link}/tree/latest/spring/rest-authz-resource-server[Securing a Spring Boot Application]
 * link:https://quarkus.io/guides/security-keycloak-authorization[Securing Quarkus Applications]
-* {adapterguide_link_nodejs_adapter}[Securing Node.js Applications]
+* *Keycloak Node.js adapter* in the link:{securing_apps_link}[securing apps] section

docs/documentation/build-auto.sh

@@ -3,7 +3,7 @@
 OPTS=$1
 
 while true; do 
-    CHANGED=`inotifywait -r -e modify,move,create,delete authorization_services getting_started securing_apps server_admin server_development server_installation upgrading --format %w`
+    CHANGED=`inotifywait -r -e modify,move,create,delete authorization_services getting_started server_admin server_development server_installation upgrading --format %w`
     GUIDE=`echo $CHANGED | cut -d '/' -f 1`
     mvn clean install -f $GUIDE $OPTS  
 done

docs/documentation/pom.xml

@@ -35,7 +35,6 @@
         <module>header-maven-plugin</module>
         <module>api_documentation</module>
         <module>authorization_services</module>
-        <module>securing_apps</module>
         <module>server_admin</module>
         <module>server_development</module>
         <module>release_notes</module>

docs/documentation/release_notes/topics/11_0_0.adoc

@@ -26,7 +26,7 @@ please take a look at link:{upgradingguide_link_latest}[{upgradingguide_name}].
 The `SameSite` value `None` for `JSESSIONID` cookie is necessary for correct behavior of the {project_name} SAML adapter.
 Usage of a different value is causing resetting of the container's session with each request to {project_name}, when
 the SAML POST binging is used. Refer to the following steps for
-link:https://www.keycloak.org/guides#securing-apps[Keycloak SAML Galleon feature pack for WildFly and EAP] guide to keep the correct behavior. Notice, that this
+link:{securing_apps_link}[Keycloak SAML Galleon feature pack for WildFly and EAP] guide to keep the correct behavior. Notice, that this
 workaround should be working also with the previous versions of the adapter.
 
 == Other improvements

docs/documentation/release_notes/topics/23_0_0.adoc

@@ -95,7 +95,7 @@ It is being replaced by the Elytron OIDC adapter,which is included in WildFly, a
 The SAML adapter for WildFly and JBoss EAP is no longer distributed as a ZIP download, but rather a Galleon feature pack,
 making it easier and more seamless to install.
 
-See the link:{adapterguide_link}[{adapterguide_name}] for the details.
+See the link:{securing_apps_link}[{securing_apps_name}] for the details.
 
 endif::[]
 

docs/documentation/release_notes/topics/26_0_0.adoc

@@ -74,3 +74,11 @@ The new `footer.ftl` template provides a `content` macro that is rendered at the
 The `keycloak` login theme has been deprecated in favour of the new `keycloak.v2` and will be removed in a future version.
 While it remains the default for the new realms for compatibility reasons, it is strongly recommended to switch all the
 realm themes to `keycloak.v2`.
+
+= Admin Bootstrapping and Recovery
+
+In the past, regaining access to a {project_name} instance when all admin users were locked out was a challenging and complex process. Recognizing these challenges and aiming to significantly enhance the user experience, {project_name} now offers several straightforward methods to bootstrap a temporary admin account and recover lost admin access.
+
+It is now possible to run the `start` or `start-dev` commands with specific options to create a temporary admin account. Additionally, a new dedicated command has been introduced, which allows users to regain admin access without hassle.
+
+For detailed instructions and more information on this topic, refer to the link:{bootstrapadminrecovery_link}[{bootstrapadminrecovery_name}] guide.

docs/documentation/server_admin/topics/authentication/authentication-sessions.adoc

@@ -13,13 +13,13 @@ The authentication session usually expires after 30 minutes by default. The exac
 
 As described in the previous section, a situation can involve a user who is trying to authenticate to the {project_name} server from multiple tabs of a single browser. However, when that user authenticates in one browser tab,
 the other browser tabs will automatically restart the authentication. This authentication occurs due to the small javascript available on the {project_name} login pages. The restart will typically
-authenticate the user in other browser tabs and redirect to clients because there is an SSO session now due to the fact that the user just successfully authenticated in first browser tab. 
+authenticate the user in other browser tabs and redirect to clients because there is an SSO session now due to the fact that the user just successfully authenticated in first browser tab.
 Some rare exceptions exist when a user is not automatically authenticated in other browser tabs, such as for instance when using an OIDC parameter _prompt=login_ or <<_step-up-flow, step-up authentication>>  requesting a stronger
 authentication factor than the currently authenticated factor.
 
 In some rare cases, it can happen that after authentication in the first browser tab, other browser tabs are not able to restart authentication because the authentication session is already
 expired. In this case, the particular browser tab will redirect the error about the expired authentication session back to the client in a protocol specific way. For more details, see the corresponding sections
-of  link:{adapterguide_link}#_oidc-errors[OIDC documentation] and  link:{adapterguide_link}#_saml-errors[SAML documentation]. When the client application receives such an error, it can immediately resubmit the OIDC/SAML authentication request to {project_name} as
+of  *OIDC documentation* in the link:{securing_apps_link}[securing apps] section. When the client application receives such an error, it can immediately resubmit the OIDC/SAML authentication request to {project_name} as
 this should usually automatically authenticate the user due to the existing SSO session as described earlier. As a result, the end user is authenticated automatically in all browser tabs.
-The link:{adapterguide_link}#_javascript_adapter[{project_name} Javascript adapter], link:{adapterguide_link}#_saml[{project_name} SAML adapter], and <<_identity_broker, {project_name} Identity provider>>
+The *Keycloak JavaScript adapter* in the link:{securing_apps_link}[securing apps] section, and <<_identity_broker, {project_name} Identity provider>>
 support to handle this error automatically and retry the authentication to the {project_name} server in such a case.