2018-01-31 09:23:33 +00:00
|
|
|
[[profiles]]
|
2016-12-20 08:17:53 +00:00
|
|
|
|
|
|
|
== Profiles
|
|
|
|
|
2018-12-04 17:59:38 +00:00
|
|
|
There are features in {project_name} that are not enabled by default, these include features that are not fully
|
|
|
|
supported. In addition there are some features that are enabled by default, but that can be disabled.
|
2017-08-30 05:24:43 +00:00
|
|
|
|
|
|
|
The features that can be enabled and disabled are:
|
|
|
|
|
2018-12-04 17:59:38 +00:00
|
|
|
[cols="4*", options="header"]
|
2017-08-30 05:24:43 +00:00
|
|
|
|===
|
|
|
|
|Name
|
|
|
|
|Description
|
|
|
|
|Enabled by default
|
2018-12-04 17:59:38 +00:00
|
|
|
|Support level
|
2017-08-30 05:24:43 +00:00
|
|
|
|
2018-12-04 17:59:38 +00:00
|
|
|
|account2
|
|
|
|
|New Account Management Console
|
2021-04-29 09:31:22 +00:00
|
|
|
|Yes
|
|
|
|
|Supported
|
2018-12-04 17:59:38 +00:00
|
|
|
|
|
|
|
|account_api
|
|
|
|
|Account Management REST API
|
2021-04-29 09:31:22 +00:00
|
|
|
|Yes
|
|
|
|
|Supported
|
2018-12-04 17:59:38 +00:00
|
|
|
|
|
|
|
|admin_fine_grained_authz
|
|
|
|
|Fine-Grained Admin Permissions
|
|
|
|
|No
|
|
|
|
|Preview
|
|
|
|
|
2021-04-30 08:04:54 +00:00
|
|
|
|ciba
|
|
|
|
|OpenID Connect Client Initiated Backchannel Authentication (CIBA)
|
2021-07-29 11:52:21 +00:00
|
|
|
|Yes
|
|
|
|
|Supported
|
2021-04-30 08:04:54 +00:00
|
|
|
|
2021-04-29 09:31:22 +00:00
|
|
|
|client_policies
|
|
|
|
|Add client configuration policies
|
2021-06-03 13:51:41 +00:00
|
|
|
|Yes
|
|
|
|
|Supported
|
2021-04-29 09:31:22 +00:00
|
|
|
|
2022-04-19 11:59:25 +00:00
|
|
|
|client_secret_rotation
|
|
|
|
|Enables client secret rotation for confidential clients
|
|
|
|
|Yes
|
|
|
|
|Preview
|
|
|
|
|
2021-07-29 11:52:21 +00:00
|
|
|
|par
|
|
|
|
|OAuth 2.0 Pushed Authorization Requests (PAR)
|
|
|
|
|Yes
|
|
|
|
|Supported
|
|
|
|
|
2021-06-07 21:59:47 +00:00
|
|
|
|declarative_user_profile
|
|
|
|
|Configure user profiles using a declarative style
|
|
|
|
|No
|
|
|
|
|Preview
|
|
|
|
|
2017-08-30 05:24:43 +00:00
|
|
|
|docker
|
|
|
|
|Docker Registry protocol
|
|
|
|
|No
|
2018-12-04 17:59:38 +00:00
|
|
|
|Supported
|
2017-08-30 05:24:43 +00:00
|
|
|
|
|
|
|
|impersonation
|
|
|
|
|Ability for admins to impersonate users
|
|
|
|
|Yes
|
2018-12-04 17:59:38 +00:00
|
|
|
|Supported
|
|
|
|
|
|
|
|
|openshift_integration
|
|
|
|
|Extension to enable securing OpenShift
|
|
|
|
|No
|
|
|
|
|Preview
|
2017-08-30 05:24:43 +00:00
|
|
|
|
2022-03-08 15:02:42 +00:00
|
|
|
|recovery_codes
|
|
|
|
|Recovery codes for authentication
|
|
|
|
|No
|
|
|
|
|Preview
|
|
|
|
|
2019-03-06 12:08:14 +00:00
|
|
|
|scripts
|
2017-08-30 05:24:43 +00:00
|
|
|
|Write custom authenticators using JavaScript
|
2019-03-06 12:08:14 +00:00
|
|
|
|No
|
2018-12-04 17:59:38 +00:00
|
|
|
|Preview
|
2016-12-20 08:17:53 +00:00
|
|
|
|
2022-03-03 17:23:23 +00:00
|
|
|
|step_up_authentication
|
|
|
|
|Step-up authentication
|
|
|
|
|Yes
|
|
|
|
|Supported
|
|
|
|
|
2018-12-04 17:59:38 +00:00
|
|
|
|token_exchange
|
|
|
|
|Token Exchange Service
|
|
|
|
|No
|
|
|
|
|Preview
|
2019-11-01 12:09:56 +00:00
|
|
|
|
|
|
|
|upload_scripts
|
2021-07-12 11:38:03 +00:00
|
|
|
|Upload scripts
|
2019-11-01 12:09:56 +00:00
|
|
|
|No
|
|
|
|
|Deprecated
|
2020-02-24 09:05:22 +00:00
|
|
|
|
|
|
|
|web_authn
|
|
|
|
|W3C Web Authentication (WebAuthn)
|
|
|
|
|Yes
|
2022-03-10 15:08:31 +00:00
|
|
|
|Supported
|
2021-04-26 04:11:45 +00:00
|
|
|
|
2022-05-09 16:51:26 +00:00
|
|
|
|update_email
|
|
|
|
|Update Email Workflow
|
|
|
|
|No
|
|
|
|
|Preview
|
|
|
|
|
2018-12-04 17:59:38 +00:00
|
|
|
|===
|
2016-12-20 08:17:53 +00:00
|
|
|
|
2018-12-04 17:59:38 +00:00
|
|
|
To enable all preview features start the server with:
|
2016-12-20 08:17:53 +00:00
|
|
|
|
|
|
|
[source]
|
|
|
|
----
|
|
|
|
bin/standalone.sh|bat -Dkeycloak.profile=preview
|
|
|
|
----
|
|
|
|
|
|
|
|
You can set this permanently by creating the file `standalone/configuration/profile.properties`
|
|
|
|
(or `domain/servers/server-one/configuration/profile.properties` for `server-one` in domain mode). Add the following to
|
|
|
|
the file:
|
|
|
|
|
|
|
|
[source]
|
|
|
|
----
|
|
|
|
profile=preview
|
|
|
|
----
|
|
|
|
|
2017-08-30 05:24:43 +00:00
|
|
|
To enable a specific feature start the server with:
|
|
|
|
|
|
|
|
[source]
|
|
|
|
----
|
2017-11-13 10:01:35 +00:00
|
|
|
bin/standalone.sh|bat -Dkeycloak.profile.feature.<feature name>=enabled
|
2017-08-30 05:24:43 +00:00
|
|
|
----
|
|
|
|
|
|
|
|
For example to enable Docker use `-Dkeycloak.profile.feature.docker=enabled`.
|
|
|
|
|
2016-12-20 08:17:53 +00:00
|
|
|
You can set this permanently in the `profile.properties` file by adding:
|
|
|
|
|
|
|
|
[source]
|
|
|
|
----
|
2018-12-04 17:59:38 +00:00
|
|
|
feature.docker=enabled
|
2016-12-20 08:17:53 +00:00
|
|
|
----
|
|
|
|
|
2018-12-04 17:59:38 +00:00
|
|
|
To disable a specific feature start the server with:
|
2016-12-20 08:17:53 +00:00
|
|
|
|
|
|
|
[source]
|
|
|
|
----
|
2018-12-04 17:59:38 +00:00
|
|
|
bin/standalone.sh|bat -Dkeycloak.profile.feature.<feature name>=disabled
|
2016-12-20 08:17:53 +00:00
|
|
|
----
|
|
|
|
|
2018-12-04 17:59:38 +00:00
|
|
|
For example to disable Impersonation use `-Dkeycloak.profile.feature.impersonation=disabled`.
|
2016-12-20 08:17:53 +00:00
|
|
|
|
|
|
|
You can set this permanently in the `profile.properties` file by adding:
|
|
|
|
|
|
|
|
[source]
|
|
|
|
----
|
2018-12-04 17:59:38 +00:00
|
|
|
feature.impersonation=disabled
|
2019-03-06 12:08:14 +00:00
|
|
|
----
|