keycloak-scim/release_notes/topics/21_0_0.adoc

= Old Admin Console removed

In Keycloak 19 the new admin console was graduated to the new default admin console, and the old admin console was
deprecated. In this release the old admin console has been removed completely.

= Keycloak uses Micrometer for metrics

Keycloak provides an optional a metrics endpoint which exports metrics in the Prometheus format.
In this release the implementation to provide this data switched from SmallRye to Micrometer.
Due to this change, metrics have been renamed.

See the migration guide for details.

= Hashicop Vault no longer supported

We removed the out-of-box support for Hashicorp vault in this release.

See this https://github.com/keycloak/keycloak/discussions/16446[discussion] for more details.

= SAML SP metadata changes

Prior to this release, SAML SP metadata contained the same key for both
signing and encryption use. Starting with this version of Keycloak,
we include only encryption intended realm keys for encryption use
in SP metadata. For each encryption key descriptor we also specify
the algorithm that it is supposed to be used with. The following table shows
the supported XML-Enc algorithms with the mapping to Keycloak realm keys.
See the link:{upgradingguide_link}[{upgradingguide_name}] for more details.

[cols="1,1"]
|===
|*XML-Enc algorithm*
|*Keycloak realm key algorithm*

|https://www.w3.org/TR/2002/REC-xmlenc-core-20021210/Overview.html#rsa-oaep-mgf1p[rsa-oaep-mgf1p]
|RSA-OAEP

|https://www.w3.org/TR/2002/REC-xmlenc-core-20021210/Overview.html#rsa-1_5[rsa-1_5]
|RSA1_5
|===

= Deprecated methods from user session provider were removed

Several deprecated methods were removed from user session provider. If not done already,
their usage needs to be replaced with the corresponding replacement documented in Javadoc
of Keycloak 20 release. See link:{upgradingguide_link}[{upgradingguide_name}] for more details.

= New storage: `IS_CLIENT_ROLE` searchable field was deprecated

The `IS_CLIENT_ROLE` searchable field from the `RoleModel` was deprecated. It
should be replaced with the `CLIENT_ID` searchable field used with the operators
`EXISTS` or `NOT_EXISTS`. See JavaDoc of Keycloak 21 for more details.
Add removal of old admin console to release notes (#1767) Closes #1766 2023-02-08 10:56:40 +00:00			`= Old Admin Console removed`

			`In Keycloak 19 the new admin console was graduated to the new default admin console, and the old admin console was`
			`deprecated. In this release the old admin console has been removed completely.`

Metrics changed from SmallRye to Micrometer keycloak/keycloak#15234 2022-12-05 10:50:56 +00:00			`= Keycloak uses Micrometer for metrics`

			`Keycloak provides an optional a metrics endpoint which exports metrics in the Prometheus format.`
			`In this release the implementation to provide this data switched from SmallRye to Micrometer.`
			`Due to this change, metrics have been renamed.`

			`See the migration guide for details.`
Remove Hashicorp Support Relates #9144 2023-01-13 13:00:28 +00:00
			`= Hashicop Vault no longer supported`

			`We removed the out-of-box support for Hashicorp vault in this release.`

Add documentation for SAML SP metadata changes in KC 21 (#1760) 2023-02-10 11:07:17 +00:00			`See this https://github.com/keycloak/keycloak/discussions/16446[discussion] for more details.`

			`= SAML SP metadata changes`

			`Prior to this release, SAML SP metadata contained the same key for both`
			`signing and encryption use. Starting with this version of Keycloak,`
			`we include only encryption intended realm keys for encryption use`
			`in SP metadata. For each encryption key descriptor we also specify`
			`the algorithm that it is supposed to be used with. The following table shows`
			`the supported XML-Enc algorithms with the mapping to Keycloak realm keys.`
			`See the link:{upgradingguide_link}[{upgradingguide_name}] for more details.`

			`[cols="1,1"]`
			`\|===`
			`\|XML-Enc algorithm`
			`\|Keycloak realm key algorithm`

			`\|https://www.w3.org/TR/2002/REC-xmlenc-core-20021210/Overview.html#rsa-oaep-mgf1p[rsa-oaep-mgf1p]`
			`\|RSA-OAEP`

			`\|https://www.w3.org/TR/2002/REC-xmlenc-core-20021210/Overview.html#rsa-1_5[rsa-1_5]`
			`\|RSA1_5`
Remove deprecated methods from `login-failure` area from `user-session` interface (#1772) Closes #15053 2023-02-17 12:02:36 +00:00			`\|===`

			`= Deprecated methods from user session provider were removed`

Document deprecating IS_CLIENT_ROLE searchable field (#1776) 2023-02-21 14:20:08 +00:00			`Several deprecated methods were removed from user session provider. If not done already,`
			`their usage needs to be replaced with the corresponding replacement documented in Javadoc`
			`of Keycloak 20 release. See link:{upgradingguide_link}[{upgradingguide_name}] for more details.`

			= New storage: `IS_CLIENT_ROLE` searchable field was deprecated

			The `IS_CLIENT_ROLE` searchable field from the `RoleModel` was deprecated. It
			should be replaced with the `CLIENT_ID` searchable field used with the operators
			`EXISTS` or `NOT_EXISTS`. See JavaDoc of Keycloak 21 for more details.