Release notes update with the core-clients contributions (#33279)

closes #32990

Signed-off-by: mposolda <mposolda@gmail.com>


Co-authored-by: andymunro <48995441+andymunro@users.noreply.github.com>
Signed-off-by: Marek Posolda <mposolda@gmail.com>
This commit is contained in:
Marek Posolda 2024-09-26 06:53:33 +02:00 committed by GitHub
parent 8f038f19dd
commit 061e74267f
No known key found for this signature in database
GPG key ID: B5690EEEBB952194

View file

@ -112,10 +112,49 @@ Starting with {project_name} 26, the Organizations feature is fully supported.
Now {project_name} allows configuring ECDH-ES, ECDH-ES+A128KW, ECDH-ES+A192KW or ECDH-ES+A256KW as the encryption key management algorithm for clients. The Key Agreement with Elliptic Curve Diffie-Hellman Ephemeral Static (ECDH-ES) specification introduces three new header parameters for the JWT: `epk`, `apu` and `apv`. Currently {project_name} implementation only manages the compulsory `epk` while the other two (which are optional) are never added to the header. For more information about those algorithms please refer to the link:https://datatracker.ietf.org/doc/html/rfc7518#section-4.6[JSON Web Algorithms (JWA)]. Now {project_name} allows configuring ECDH-ES, ECDH-ES+A128KW, ECDH-ES+A192KW or ECDH-ES+A256KW as the encryption key management algorithm for clients. The Key Agreement with Elliptic Curve Diffie-Hellman Ephemeral Static (ECDH-ES) specification introduces three new header parameters for the JWT: `epk`, `apu` and `apv`. Currently {project_name} implementation only manages the compulsory `epk` while the other two (which are optional) are never added to the header. For more information about those algorithms please refer to the link:https://datatracker.ietf.org/doc/html/rfc7518#section-4.6[JSON Web Algorithms (JWA)].
Also, a new key provider, `ecdh-generated`, is available to generate realm keys and support for ECDH algorithms is added into the Java KeyStore provider.
ifeval::[{project_community}==true] ifeval::[{project_community}==true]
Many thanks to https://github.com/justin-tay[Justin Tay] for the contribution. Many thanks to https://github.com/justin-tay[Justin Tay] for the contribution.
endif::[] endif::[]
= DPoP improvements
The DPoP (OAuth 2.0 Demonstrating Proof-of-Possession) preview feature has improvements. The DPoP is now supported for all grant types.
With previous releases, this feature was supported only for the `authorization_code` grant type. Support also exists for the DPoP token type on the UserInfo endpoint.
ifeval::[{project_community}==true]
Many thanks to https://github.com/Captain-P-Goldfish[Pascal Knüppel] for the contribution.
endif::[]
= Client Attribute condition in Client Policies
The condition based on the client-attribute was added into Client Policies. You can use condition to specify for the clients
with the specified client attribute having a specified value. It is possible to use either an AND or OR condition when evaluating this condition as mentioned in the documentation
for client policies.
ifeval::[{project_community}==true]
Many thanks to https://github.com/y-tabata[Yoshiyuki Tabata] for the contribution.
endif::[]
ifeval::[{project_community}==true]
= OpenID for Verifiable Credential Issuance
The OpenID for Verifiable Credential Issuance (OID4VCI) is still an experimental feature in {project_name}, but it was greatly improved in this release. You will find significant development and discussions
in the https://github.com/keycloak/kc-sig-fapi[Keycloak OAuth SIG]. Anyone from the Keycloak community is welcome to join.
Many thanks to all members of the OAuth SIG group for the participation on the development and discussions about this feature. Especially thanks to the
https://github.com/francis-pouatcha[Francis Pouatcha], https://github.com/Captain-P-Goldfish[Pascal Knüppel], https://github.com/tnorimat[Takashi Norimatsu],
https://github.com/IngridPuppet[Ingrid Kamga], https://github.com/wistefan[Stefan Wiedemann] and https://github.com/thomasdarimont[Thomas Darimont]
endif::[]
ifeval::[{project_community}==true]
= Securing Applications documentation converted into the guide format
The _Securing Applications and Services_ documentation was converted into the new format similar to the _Server Installation and Configuration_ documentation converted in the previous releases.
The documentation is now available under https://www.keycloak.org/guides[Keycloak Guides].
endif::[]
= OpenTelemetry Tracing support _(Preview)_ = OpenTelemetry Tracing support _(Preview)_
The underlying Quarkus support for OpenTelemetry Tracing has been exposed to {project_name} and allows obtaining application traces for better observability. The underlying Quarkus support for OpenTelemetry Tracing has been exposed to {project_name} and allows obtaining application traces for better observability.