keycloak-scim/release_notes/topics/8_0_0.adoc

= Highlights

== Vault

Several configuration fields can obtain their value from
a vault instead of entering the value directly: LDAP bind password,
SMTP password, and identity provider secrets.

Furthermore, new vault SPI has been introduced to enable development
of extensions to access secrets from custom vaults.

== Messages in theme resources

Message bundles in theme resources enables internationalization of custom providers such as authenticators. They are also shared between all theme types, making it possible to for example share messages between the login and account console. Thanks to https://github.com/micedre[micedre].

== RoleMappingsProvider SPI for the SAML adapters

We have added a new SPI that allows for the configuration of custom role mappers that are used by the SAML adapters to map
the roles extracted from the SAML assertion into roles that exist in the SP application environment. This is particularly useful
when the adapters need to communicate with third party IDPs and the roles set by the IDP in the assertion do not correspond to
the roles that were defined for the SP application. The provider to be used can configured in the `keycloak-saml.xml`
file or in the `keycloak-saml` subsystem. An implementation that performs the role mappings based on the contents of a properties
file was also provided.

Notice that when {project_name} acts as the IDP we can use the built-in role mappers to perform any necessary mappings
before setting the roles into the assertion, so this SPI will probably be redundant in this case. The `RoleMappingsProvider`
SPI was designed for situations when the IDP offer no way to map roles before adding them to the assertion.

== WildFly 18 Upgrade

Keycloak server was upgraded to use WildFly 18 under the covers.

== W3C Web Authentication support

In this release, we added initial support for W3C Web Authentication (WebAuthn). There are a few limitations in current implementation,
however we are working on further improvements in this area. Thanks to https://github.com/tnorimat[tnorimat] for the contribution. Also thanks to
https://github.com/ynojima[ynojima] for the help and feedback.


= Other Improvements

== System properties and environment variables support in theme.properties

It is now possible to use system properties and environment variables within theme.properties file. Thanks to https://github.com/Opa-[Opa-]

== Support more signing algorithms for client authentication with signed JWT

Thanks to https://github.com/tnorimat[tnorimat], we support more signing algorithms for client authentication with signed JWT.

== Support enable/disable logging into the JavaScript adapter

Thanks to https://github.com/jonkoops[jonkoops] now it's possible to enable or disable logging for the JS adapter.

== Updates for Gatekeeper 

* Secure token and logout endpoint were included in Gatekeeper. Thanks to https://github.com/fredbi[fredbi]
* There was a bug on Gatekeeper which was making cookies to be applied to subdomains. Thanks to https://github.com/daniel-ac-martin[daniel-ac-martin] the issue was fixed
* Now Gatekeeper provides support to https://www.owasp.org/index.php/SameSite[Same-site cookies]. Thanks to https://github.com/fiji-flo[fiji-flo]
KEYCLOAK-11072 Document Vault SPI 2019-09-06 13:43:32 +00:00			`= Highlights`

			`== Vault`

			`Several configuration fields can obtain their value from`
			`a vault instead of entering the value directly: LDAP bind password,`
			`SMTP password, and identity provider secrets.`

			`Furthermore, new vault SPI has been introduced to enable development`
			`of extensions to access secrets from custom vaults.`
Update 8_0_0.adoc 2019-09-11 06:11:33 +00:00
			`== Messages in theme resources`

Update 8_0_0.adoc 2019-09-11 06:12:14 +00:00			`Message bundles in theme resources enables internationalization of custom providers such as authenticators. They are also shared between all theme types, making it possible to for example share messages between the login and account console. Thanks to https://github.com/micedre[micedre].`
[KEYCLOAK-7264] Add documentation for the new RoleMappingsProvider SPI 2019-08-01 04:42:11 +00:00
			`== RoleMappingsProvider SPI for the SAML adapters`

			`We have added a new SPI that allows for the configuration of custom role mappers that are used by the SAML adapters to map`
			`the roles extracted from the SAML assertion into roles that exist in the SP application environment. This is particularly useful`
			`when the adapters need to communicate with third party IDPs and the roles set by the IDP in the assertion do not correspond to`
			the roles that were defined for the SP application. The provider to be used can configured in the `keycloak-saml.xml`
			file or in the `keycloak-saml` subsystem. An implementation that performs the role mappings based on the contents of a properties
			`file was also provided.`

			`Notice that when {project_name} acts as the IDP we can use the built-in role mappers to perform any necessary mappings`
			before setting the roles into the assertion, so this SPI will probably be redundant in this case. The `RoleMappingsProvider`
			`SPI was designed for situations when the IDP offer no way to map roles before adding them to the assertion.`
Update 8_0_0.adoc 2019-10-17 12:44:12 +00:00
KEYCLOAK-10728 Upgrade to WildFly 18 Final 2019-10-18 09:00:36 +00:00			`== WildFly 18 Upgrade`

			`Keycloak server was upgraded to use WildFly 18 under the covers.`

Release notes for WebAuthn 2019-10-24 16:24:32 +00:00			`== W3C Web Authentication support`

			`In this release, we added initial support for W3C Web Authentication (WebAuthn). There are a few limitations in current implementation,`
			`however we are working on further improvements in this area. Thanks to https://github.com/tnorimat[tnorimat] for the contribution. Also thanks to`
			`https://github.com/ynojima[ynojima] for the help and feedback.`


Update 8_0_0.adoc 2019-10-17 12:44:12 +00:00			`= Other Improvements`

			`== System properties and environment variables support in theme.properties`

			`It is now possible to use system properties and environment variables within theme.properties file. Thanks to https://github.com/Opa-[Opa-]`
Release notes for WebAuthn 2019-10-24 16:24:32 +00:00
			`== Support more signing algorithms for client authentication with signed JWT`

			`Thanks to https://github.com/tnorimat[tnorimat], we support more signing algorithms for client authentication with signed JWT.`
Update the release notes to give credits to our contributors 2019-10-30 19:59:53 +00:00
			`== Support enable/disable logging into the JavaScript adapter`

			`Thanks to https://github.com/jonkoops[jonkoops] now it's possible to enable or disable logging for the JS adapter.`

			`== Updates for Gatekeeper`

			`* Secure token and logout endpoint were included in Gatekeeper. Thanks to https://github.com/fredbi[fredbi]`
			`* There was a bug on Gatekeeper which was making cookies to be applied to subdomains. Thanks to https://github.com/daniel-ac-martin[daniel-ac-martin] the issue was fixed`
			`* Now Gatekeeper provides support to https://www.owasp.org/index.php/SameSite[Same-site cookies]. Thanks to https://github.com/fiji-flo[fiji-flo]`