fix: adds hostname:v1 (#26003)

closes: #25336

Signed-off-by: Steve Hawkins <shawkins@redhat.com>

common/src/main/java/org/keycloak/common/Profile.java

@@ -28,6 +28,7 @@ import java.util.Arrays;
 import java.util.Collections;
 import java.util.Comparator;
 import java.util.HashMap;
+import java.util.HashSet;
 import java.util.LinkedHashMap;
 import java.util.Map;
 import java.util.Objects;
@@ -104,10 +105,14 @@ public class Profile {
         MULTI_SITE("Multi-site support", Type.PREVIEW),
 
         OFFLINE_SESSION_PRELOADING("Offline session preloading", Type.DEPRECATED),
+        HOSTNAME_V1("Hostname Options V1", Type.DEFAULT),
+        //HOSTNAME_V2("Hostname Options V2", Type.DEFAULT, 2),
         ;
 
         private final Type type;
         private final String label;
+        private final String unversionedKey;
+        private final String key;
 
         private Set<Feature> dependencies;
         private int version;
@@ -123,8 +128,14 @@ public class Profile {
             this.label = label;
             this.type = type;
             this.version = version;
-            if (this.version > 1 && !this.name().endsWith("_V" + version)) {
+            this.key = name().toLowerCase().replaceAll("_", "-");
-                throw new IllegalStateException("It is expected that the enum name ends with the version");
+            if (this.name().endsWith("_V" + version)) {
+                unversionedKey = key.substring(0, key.length() - (String.valueOf(version).length() + 2));
+            } else {
+                this.unversionedKey = key;
+                if (this.version > 1) {
+                    throw new IllegalStateException("It is expected that the enum name ends with the version");
+                }
             }
             this.dependencies = Arrays.stream(dependencies).collect(Collectors.toSet());
         }
@@ -136,7 +147,7 @@ public class Profile {
          * {@link #getVersionedKey()} should instead be shown to users where possible.
          */
         public String getKey() {
-            return name().toLowerCase().replaceAll("_", "-");
+            return key;
         }
 
         /**
@@ -144,11 +155,7 @@ public class Profile {
          * will share this key.
          */
         public String getUnversionedKey() {
-            String key = getKey();
+            return unversionedKey;
-            if (version == 1) {
-                return key;
-            }
-            return key.substring(0, key.length() - (String.valueOf(version).length() + 2));
         }
 
         /**
@@ -195,6 +202,8 @@ public class Profile {
         }
     }
 
+    private static final Set<String> ESSENTIAL_FEATURES = Collections.unmodifiableSet(new HashSet<>(Arrays.asList(Feature.HOSTNAME_V1.getUnversionedKey())));
+
     private static final Logger logger = Logger.getLogger(Profile.class);
 
     private static Profile CURRENT;
@@ -220,6 +229,8 @@ public class Profile {
             Feature enabledFeature = null;
             if (unversionedConfig == FeatureConfig.ENABLED) {
                 enabledFeature = entry.getValue().iterator().next();
+            } else if (unversionedConfig == FeatureConfig.DISABLED && ESSENTIAL_FEATURES.contains(unversionedFeature)) {
+                throw new ProfileException(String.format("Feature %s cannot be disabled.", unversionedFeature));
             }
 
             // now check each feature version to ensure consistency and select any features enabled by default
@@ -317,6 +328,10 @@ public class Profile {
         return Collections.unmodifiableSet(getOrderedFeatures().keySet());
     }
 
+    public static Set<String> getDisableableUnversionedFeatureNames() {
+        return getOrderedFeatures().keySet().stream().filter(f -> !ESSENTIAL_FEATURES.contains(f)).collect(Collectors.toSet());
+    }
+
     /**
      * Get all of the feature versions for the given feature. They will be ordered by priority.
      * <p>

quarkus/config-api/src/main/java/org/keycloak/config/FeatureOptions.java

@@ -25,16 +25,16 @@ public class FeatureOptions {
             .buildTime(true)
             .build();
 
-    public static List<String> getFeatureValues(boolean includeVersions) {
+    public static List<String> getFeatureValues(boolean toEnable) {
         List<String> features = new ArrayList<>();
 
-        if (includeVersions) {
+        if (toEnable) {
             Profile.getAllUnversionedFeatureNames().forEach(f -> {
                 features.add(f + "[:" + Profile.getFeatureVersions(f).stream().sorted().map(v -> "v" + v.getVersion())
                         .collect(Collectors.joining(",")) + "]");
             });
         } else {
-            features.addAll(Profile.getAllUnversionedFeatureNames());
+            features.addAll(Profile.getDisableableUnversionedFeatureNames());
         }
 
         features.add(Profile.Feature.Type.PREVIEW.name().toLowerCase());

quarkus/runtime/src/main/java/org/keycloak/quarkus/runtime/hostname/DefaultHostnameProvider.java

@@ -37,6 +37,8 @@ import java.util.function.Function;
 import jakarta.ws.rs.core.UriInfo;
 import org.jboss.logging.Logger;
 import org.keycloak.Config;
+import org.keycloak.common.Profile;
+import org.keycloak.common.Profile.Feature;
 import org.keycloak.common.enums.SslRequired;
 import org.keycloak.common.util.Resteasy;
 import org.keycloak.config.HostnameOptions;
@@ -44,11 +46,12 @@ import org.keycloak.config.ProxyOptions;
 import org.keycloak.config.ProxyOptions.Mode;
 import org.keycloak.models.KeycloakSession;
 import org.keycloak.models.RealmModel;
+import org.keycloak.provider.EnvironmentDependentProviderFactory;
 import org.keycloak.urls.HostnameProvider;
 import org.keycloak.urls.HostnameProviderFactory;
 import org.keycloak.urls.UrlType;
 
-public final class DefaultHostnameProvider implements HostnameProvider, HostnameProviderFactory {
+public final class DefaultHostnameProvider implements HostnameProvider, HostnameProviderFactory, EnvironmentDependentProviderFactory {
 
     private static final Logger LOGGER = Logger.getLogger(DefaultHostnameProvider.class);
     private static final String REALM_URI_SESSION_ATTRIBUTE = DefaultHostnameProvider.class.getName() + ".realmUrl";
@@ -354,4 +357,9 @@ public final class DefaultHostnameProvider implements HostnameProvider, Hostname
 
         return defaultValue;
     }
+
+    @Override
+    public boolean isSupported() {
+        return Profile.isFeatureEnabled(Feature.HOSTNAME_V1);
+    }
 }

quarkus/tests/integration/src/test/resources/org/keycloak/it/cli/dist/approvals/cli/help/HelpCommandDistTest.testBuildHelp.unix.approved.txt

@@ -51,11 +51,11 @@ Feature:
                        account2[:v1], account3[:v1], admin-api[:v1], admin-fine-grained-authz[:v1],
                        admin2[:v1], authorization[:v1], ciba[:v1], client-policies[:v1],
                        client-secret-rotation[:v1], device-flow[:v1], docker[:v1], dpop[:v1],
-                       dynamic-scopes[:v1], fips[:v1], impersonation[:v1], js-adapter[:v1], kerberos
+                       dynamic-scopes[:v1], fips[:v1], hostname[:v1], impersonation[:v1], js-adapter
-                       [:v1], linkedin-oauth[:v1], multi-site[:v1], offline-session-preloading[:
+                       [:v1], kerberos[:v1], linkedin-oauth[:v1], multi-site[:v1],
-                       v1], par[:v1], preview, recovery-codes[:v1], scripts[:v1],
+                       offline-session-preloading[:v1], par[:v1], preview, recovery-codes[:v1],
-                       step-up-authentication[:v1], token-exchange[:v1], transient-users[:v1],
+                       scripts[:v1], step-up-authentication[:v1], token-exchange[:v1],
-                       update-email[:v1], web-authn[:v1].
+                       transient-users[:v1], update-email[:v1], web-authn[:v1].
 --features-disabled <feature>
                      Disables a set of one or more features. Possible values are: account-api,
                        account2, account3, admin-api, admin-fine-grained-authz, admin2,

quarkus/tests/integration/src/test/resources/org/keycloak/it/cli/dist/approvals/cli/help/HelpCommandDistTest.testBuildHelp.windows.approved.txt

@@ -36,6 +36,8 @@ Database:
 
 --db <vendor>        The database vendor. Possible values are: dev-file, dev-mem, mariadb, mssql,
                        mysql, oracle, postgres. Default: dev-file.
+--db-driver <driver> The fully qualified class name of the JDBC driver. If not set, a default
+                       driver is set accordingly to the chosen database.
 
 Transaction:
 
@@ -49,11 +51,11 @@ Feature:
                        account2[:v1], account3[:v1], admin-api[:v1], admin-fine-grained-authz[:v1],
                        admin2[:v1], authorization[:v1], ciba[:v1], client-policies[:v1],
                        client-secret-rotation[:v1], device-flow[:v1], docker[:v1], dpop[:v1],
-                       dynamic-scopes[:v1], fips[:v1], impersonation[:v1], js-adapter[:v1], kerberos
+                       dynamic-scopes[:v1], fips[:v1], hostname[:v1], impersonation[:v1], js-adapter
-                       [:v1], linkedin-oauth[:v1], multi-site[:v1], offline-session-preloading[:
+                       [:v1], kerberos[:v1], linkedin-oauth[:v1], multi-site[:v1],
-                       v1], par[:v1], preview, recovery-codes[:v1], scripts[:v1],
+                       offline-session-preloading[:v1], par[:v1], preview, recovery-codes[:v1],
-                       step-up-authentication[:v1], token-exchange[:v1], transient-users[:v1],
+                       scripts[:v1], step-up-authentication[:v1], token-exchange[:v1],
-                       update-email[:v1], web-authn[:v1].
+                       transient-users[:v1], update-email[:v1], web-authn[:v1].
 --features-disabled <feature>
                      Disables a set of one or more features. Possible values are: account-api,
                        account2, account3, admin-api, admin-fine-grained-authz, admin2,

quarkus/tests/integration/src/test/resources/org/keycloak/it/cli/dist/approvals/cli/help/HelpCommandDistTest.testExportHelp.unix.approved.txt

@@ -60,11 +60,11 @@ Feature:
                        account2[:v1], account3[:v1], admin-api[:v1], admin-fine-grained-authz[:v1],
                        admin2[:v1], authorization[:v1], ciba[:v1], client-policies[:v1],
                        client-secret-rotation[:v1], device-flow[:v1], docker[:v1], dpop[:v1],
-                       dynamic-scopes[:v1], fips[:v1], impersonation[:v1], js-adapter[:v1], kerberos
+                       dynamic-scopes[:v1], fips[:v1], hostname[:v1], impersonation[:v1], js-adapter
-                       [:v1], linkedin-oauth[:v1], multi-site[:v1], offline-session-preloading[:
+                       [:v1], kerberos[:v1], linkedin-oauth[:v1], multi-site[:v1],
-                       v1], par[:v1], preview, recovery-codes[:v1], scripts[:v1],
+                       offline-session-preloading[:v1], par[:v1], preview, recovery-codes[:v1],
-                       step-up-authentication[:v1], token-exchange[:v1], transient-users[:v1],
+                       scripts[:v1], step-up-authentication[:v1], token-exchange[:v1],
-                       update-email[:v1], web-authn[:v1].
+                       transient-users[:v1], update-email[:v1], web-authn[:v1].
 --features-disabled <feature>
                      Disables a set of one or more features. Possible values are: account-api,
                        account2, account3, admin-api, admin-fine-grained-authz, admin2,

quarkus/tests/integration/src/test/resources/org/keycloak/it/cli/dist/approvals/cli/help/HelpCommandDistTest.testExportHelpAll.unix.approved.txt

@@ -60,11 +60,11 @@ Feature:
                        account2[:v1], account3[:v1], admin-api[:v1], admin-fine-grained-authz[:v1],
                        admin2[:v1], authorization[:v1], ciba[:v1], client-policies[:v1],
                        client-secret-rotation[:v1], device-flow[:v1], docker[:v1], dpop[:v1],
-                       dynamic-scopes[:v1], fips[:v1], impersonation[:v1], js-adapter[:v1], kerberos
+                       dynamic-scopes[:v1], fips[:v1], hostname[:v1], impersonation[:v1], js-adapter
-                       [:v1], linkedin-oauth[:v1], multi-site[:v1], offline-session-preloading[:
+                       [:v1], kerberos[:v1], linkedin-oauth[:v1], multi-site[:v1],
-                       v1], par[:v1], preview, recovery-codes[:v1], scripts[:v1],
+                       offline-session-preloading[:v1], par[:v1], preview, recovery-codes[:v1],
-                       step-up-authentication[:v1], token-exchange[:v1], transient-users[:v1],
+                       scripts[:v1], step-up-authentication[:v1], token-exchange[:v1],
-                       update-email[:v1], web-authn[:v1].
+                       transient-users[:v1], update-email[:v1], web-authn[:v1].
 --features-disabled <feature>
                      Disables a set of one or more features. Possible values are: account-api,
                        account2, account3, admin-api, admin-fine-grained-authz, admin2,

quarkus/tests/integration/src/test/resources/org/keycloak/it/cli/dist/approvals/cli/help/HelpCommandDistTest.testImportHelp.unix.approved.txt

@@ -60,11 +60,11 @@ Feature:
                        account2[:v1], account3[:v1], admin-api[:v1], admin-fine-grained-authz[:v1],
                        admin2[:v1], authorization[:v1], ciba[:v1], client-policies[:v1],
                        client-secret-rotation[:v1], device-flow[:v1], docker[:v1], dpop[:v1],
-                       dynamic-scopes[:v1], fips[:v1], impersonation[:v1], js-adapter[:v1], kerberos
+                       dynamic-scopes[:v1], fips[:v1], hostname[:v1], impersonation[:v1], js-adapter
-                       [:v1], linkedin-oauth[:v1], multi-site[:v1], offline-session-preloading[:
+                       [:v1], kerberos[:v1], linkedin-oauth[:v1], multi-site[:v1],
-                       v1], par[:v1], preview, recovery-codes[:v1], scripts[:v1],
+                       offline-session-preloading[:v1], par[:v1], preview, recovery-codes[:v1],
-                       step-up-authentication[:v1], token-exchange[:v1], transient-users[:v1],
+                       scripts[:v1], step-up-authentication[:v1], token-exchange[:v1],
-                       update-email[:v1], web-authn[:v1].
+                       transient-users[:v1], update-email[:v1], web-authn[:v1].
 --features-disabled <feature>
                      Disables a set of one or more features. Possible values are: account-api,
                        account2, account3, admin-api, admin-fine-grained-authz, admin2,

quarkus/tests/integration/src/test/resources/org/keycloak/it/cli/dist/approvals/cli/help/HelpCommandDistTest.testImportHelpAll.unix.approved.txt

@@ -60,11 +60,11 @@ Feature:
                        account2[:v1], account3[:v1], admin-api[:v1], admin-fine-grained-authz[:v1],
                        admin2[:v1], authorization[:v1], ciba[:v1], client-policies[:v1],
                        client-secret-rotation[:v1], device-flow[:v1], docker[:v1], dpop[:v1],
-                       dynamic-scopes[:v1], fips[:v1], impersonation[:v1], js-adapter[:v1], kerberos
+                       dynamic-scopes[:v1], fips[:v1], hostname[:v1], impersonation[:v1], js-adapter
-                       [:v1], linkedin-oauth[:v1], multi-site[:v1], offline-session-preloading[:
+                       [:v1], kerberos[:v1], linkedin-oauth[:v1], multi-site[:v1],
-                       v1], par[:v1], preview, recovery-codes[:v1], scripts[:v1],
+                       offline-session-preloading[:v1], par[:v1], preview, recovery-codes[:v1],
-                       step-up-authentication[:v1], token-exchange[:v1], transient-users[:v1],
+                       scripts[:v1], step-up-authentication[:v1], token-exchange[:v1],
-                       update-email[:v1], web-authn[:v1].
+                       transient-users[:v1], update-email[:v1], web-authn[:v1].
 --features-disabled <feature>
                      Disables a set of one or more features. Possible values are: account-api,
                        account2, account3, admin-api, admin-fine-grained-authz, admin2,

quarkus/tests/integration/src/test/resources/org/keycloak/it/cli/dist/approvals/cli/help/HelpCommandDistTest.testStartDevHelp.unix.approved.txt

@@ -76,11 +76,11 @@ Feature:
                        account2[:v1], account3[:v1], admin-api[:v1], admin-fine-grained-authz[:v1],
                        admin2[:v1], authorization[:v1], ciba[:v1], client-policies[:v1],
                        client-secret-rotation[:v1], device-flow[:v1], docker[:v1], dpop[:v1],
-                       dynamic-scopes[:v1], fips[:v1], impersonation[:v1], js-adapter[:v1], kerberos
+                       dynamic-scopes[:v1], fips[:v1], hostname[:v1], impersonation[:v1], js-adapter
-                       [:v1], linkedin-oauth[:v1], multi-site[:v1], offline-session-preloading[:
+                       [:v1], kerberos[:v1], linkedin-oauth[:v1], multi-site[:v1],
-                       v1], par[:v1], preview, recovery-codes[:v1], scripts[:v1],
+                       offline-session-preloading[:v1], par[:v1], preview, recovery-codes[:v1],
-                       step-up-authentication[:v1], token-exchange[:v1], transient-users[:v1],
+                       scripts[:v1], step-up-authentication[:v1], token-exchange[:v1],
-                       update-email[:v1], web-authn[:v1].
+                       transient-users[:v1], update-email[:v1], web-authn[:v1].
 --features-disabled <feature>
                      Disables a set of one or more features. Possible values are: account-api,
                        account2, account3, admin-api, admin-fine-grained-authz, admin2,

quarkus/tests/integration/src/test/resources/org/keycloak/it/cli/dist/approvals/cli/help/HelpCommandDistTest.testStartDevHelp.windows.approved.txt

@@ -76,18 +76,19 @@ Feature:
                        account2[:v1], account3[:v1], admin-api[:v1], admin-fine-grained-authz[:v1],
                        admin2[:v1], authorization[:v1], ciba[:v1], client-policies[:v1],
                        client-secret-rotation[:v1], device-flow[:v1], docker[:v1], dpop[:v1],
-                       dynamic-scopes[:v1], fips[:v1], impersonation[:v1], js-adapter[:v1], kerberos
+                       dynamic-scopes[:v1], fips[:v1], hostname[:v1], impersonation[:v1], js-adapter
-                       [:v1], linkedin-oauth[:v1], multi-site[:v1], par[:v1], preview,
+                       [:v1], kerberos[:v1], linkedin-oauth[:v1], multi-site[:v1],
-                       recovery-codes[:v1], scripts[:v1], step-up-authentication[:v1],
+                       offline-session-preloading[:v1], par[:v1], preview, recovery-codes[:v1],
-                       token-exchange[:v1], transient-users[:v1], update-email[:v1], web-authn[:v1].
+                       scripts[:v1], step-up-authentication[:v1], token-exchange[:v1],
+                       transient-users[:v1], update-email[:v1], web-authn[:v1].
 --features-disabled <feature>
                      Disables a set of one or more features. Possible values are: account-api,
                        account2, account3, admin-api, admin-fine-grained-authz, admin2,
                        authorization, ciba, client-policies, client-secret-rotation, device-flow,
                        docker, dpop, dynamic-scopes, fips, impersonation, js-adapter, kerberos,
-                       linkedin-oauth, multi-site, par, preview, recovery-codes, scripts,
+                       linkedin-oauth, multi-site, offline-session-preloading, par, preview,
-                       step-up-authentication, token-exchange, transient-users, update-email,
+                       recovery-codes, scripts, step-up-authentication, token-exchange,
-                       web-authn.
+                       transient-users, update-email, web-authn.
 
 Hostname:
 
@@ -275,5 +276,5 @@ Security:
 
 Do NOT start the server using this command when deploying to production.
 
-Use 'kc.bat start-dev --help-all' to list all available options, including 
+Use 'kc.bat start-dev --help-all' to list all available options, including build
-build options.
+options.

quarkus/tests/integration/src/test/resources/org/keycloak/it/cli/dist/approvals/cli/help/HelpCommandDistTest.testStartDevHelpAll.unix.approved.txt

@@ -76,11 +76,11 @@ Feature:
                        account2[:v1], account3[:v1], admin-api[:v1], admin-fine-grained-authz[:v1],
                        admin2[:v1], authorization[:v1], ciba[:v1], client-policies[:v1],
                        client-secret-rotation[:v1], device-flow[:v1], docker[:v1], dpop[:v1],
-                       dynamic-scopes[:v1], fips[:v1], impersonation[:v1], js-adapter[:v1], kerberos
+                       dynamic-scopes[:v1], fips[:v1], hostname[:v1], impersonation[:v1], js-adapter
-                       [:v1], linkedin-oauth[:v1], multi-site[:v1], offline-session-preloading[:
+                       [:v1], kerberos[:v1], linkedin-oauth[:v1], multi-site[:v1],
-                       v1], par[:v1], preview, recovery-codes[:v1], scripts[:v1],
+                       offline-session-preloading[:v1], par[:v1], preview, recovery-codes[:v1],
-                       step-up-authentication[:v1], token-exchange[:v1], transient-users[:v1],
+                       scripts[:v1], step-up-authentication[:v1], token-exchange[:v1],
-                       update-email[:v1], web-authn[:v1].
+                       transient-users[:v1], update-email[:v1], web-authn[:v1].
 --features-disabled <feature>
                      Disables a set of one or more features. Possible values are: account-api,
                        account2, account3, admin-api, admin-fine-grained-authz, admin2,

quarkus/tests/integration/src/test/resources/org/keycloak/it/cli/dist/approvals/cli/help/HelpCommandDistTest.testStartDevHelpAll.windows.approved.txt

@@ -76,18 +76,19 @@ Feature:
                        account2[:v1], account3[:v1], admin-api[:v1], admin-fine-grained-authz[:v1],
                        admin2[:v1], authorization[:v1], ciba[:v1], client-policies[:v1],
                        client-secret-rotation[:v1], device-flow[:v1], docker[:v1], dpop[:v1],
-                       dynamic-scopes[:v1], fips[:v1], impersonation[:v1], js-adapter[:v1], kerberos
+                       dynamic-scopes[:v1], fips[:v1], hostname[:v1], impersonation[:v1], js-adapter
-                       [:v1], linkedin-oauth[:v1], multi-site[:v1], par[:v1], preview,
+                       [:v1], kerberos[:v1], linkedin-oauth[:v1], multi-site[:v1],
-                       recovery-codes[:v1], scripts[:v1], step-up-authentication[:v1],
+                       offline-session-preloading[:v1], par[:v1], preview, recovery-codes[:v1],
-                       token-exchange[:v1], transient-users[:v1], update-email[:v1], web-authn[:v1].
+                       scripts[:v1], step-up-authentication[:v1], token-exchange[:v1],
+                       transient-users[:v1], update-email[:v1], web-authn[:v1].
 --features-disabled <feature>
                      Disables a set of one or more features. Possible values are: account-api,
                        account2, account3, admin-api, admin-fine-grained-authz, admin2,
                        authorization, ciba, client-policies, client-secret-rotation, device-flow,
                        docker, dpop, dynamic-scopes, fips, impersonation, js-adapter, kerberos,
-                       linkedin-oauth, multi-site, par, preview, recovery-codes, scripts,
+                       linkedin-oauth, multi-site, offline-session-preloading, par, preview,
-                       step-up-authentication, token-exchange, transient-users, update-email,
+                       recovery-codes, scripts, step-up-authentication, token-exchange,
-                       web-authn.
+                       transient-users, update-email, web-authn.
 
 Hostname:
 
@@ -275,5 +276,5 @@ Security:
 
 Do NOT start the server using this command when deploying to production.
 
-Use 'kc.bat start-dev --help-all' to list all available options, including
+Use 'kc.bat start-dev --help-all' to list all available options, including build
-build options.
+options.

quarkus/tests/integration/src/test/resources/org/keycloak/it/cli/dist/approvals/cli/help/HelpCommandDistTest.testStartHelp.unix.approved.txt

@@ -77,11 +77,11 @@ Feature:
                        account2[:v1], account3[:v1], admin-api[:v1], admin-fine-grained-authz[:v1],
                        admin2[:v1], authorization[:v1], ciba[:v1], client-policies[:v1],
                        client-secret-rotation[:v1], device-flow[:v1], docker[:v1], dpop[:v1],
-                       dynamic-scopes[:v1], fips[:v1], impersonation[:v1], js-adapter[:v1], kerberos
+                       dynamic-scopes[:v1], fips[:v1], hostname[:v1], impersonation[:v1], js-adapter
-                       [:v1], linkedin-oauth[:v1], multi-site[:v1], offline-session-preloading[:
+                       [:v1], kerberos[:v1], linkedin-oauth[:v1], multi-site[:v1],
-                       v1], par[:v1], preview, recovery-codes[:v1], scripts[:v1],
+                       offline-session-preloading[:v1], par[:v1], preview, recovery-codes[:v1],
-                       step-up-authentication[:v1], token-exchange[:v1], transient-users[:v1],
+                       scripts[:v1], step-up-authentication[:v1], token-exchange[:v1],
-                       update-email[:v1], web-authn[:v1].
+                       transient-users[:v1], update-email[:v1], web-authn[:v1].
 --features-disabled <feature>
                      Disables a set of one or more features. Possible values are: account-api,
                        account2, account3, admin-api, admin-fine-grained-authz, admin2,

quarkus/tests/integration/src/test/resources/org/keycloak/it/cli/dist/approvals/cli/help/HelpCommandDistTest.testStartHelp.windows.approved.txt

@@ -77,18 +77,19 @@ Feature:
                        account2[:v1], account3[:v1], admin-api[:v1], admin-fine-grained-authz[:v1],
                        admin2[:v1], authorization[:v1], ciba[:v1], client-policies[:v1],
                        client-secret-rotation[:v1], device-flow[:v1], docker[:v1], dpop[:v1],
-                       dynamic-scopes[:v1], fips[:v1], impersonation[:v1], js-adapter[:v1], kerberos
+                       dynamic-scopes[:v1], fips[:v1], hostname[:v1], impersonation[:v1], js-adapter
-                       [:v1], linkedin-oauth[:v1], multi-site[:v1], par[:v1], preview,
+                       [:v1], kerberos[:v1], linkedin-oauth[:v1], multi-site[:v1],
-                       recovery-codes[:v1], scripts[:v1], step-up-authentication[:v1],
+                       offline-session-preloading[:v1], par[:v1], preview, recovery-codes[:v1],
-                       token-exchange[:v1], transient-users[:v1], update-email[:v1], web-authn[:v1].
+                       scripts[:v1], step-up-authentication[:v1], token-exchange[:v1],
+                       transient-users[:v1], update-email[:v1], web-authn[:v1].
 --features-disabled <feature>
                      Disables a set of one or more features. Possible values are: account-api,
                        account2, account3, admin-api, admin-fine-grained-authz, admin2,
                        authorization, ciba, client-policies, client-secret-rotation, device-flow,
                        docker, dpop, dynamic-scopes, fips, impersonation, js-adapter, kerberos,
-                       linkedin-oauth, multi-site, par, preview, recovery-codes, scripts,
+                       linkedin-oauth, multi-site, offline-session-preloading, par, preview,
-                       step-up-authentication, token-exchange, transient-users, update-email,
+                       recovery-codes, scripts, step-up-authentication, token-exchange,
-                       web-authn.
+                       transient-users, update-email, web-authn.
 
 Hostname:
 

quarkus/tests/integration/src/test/resources/org/keycloak/it/cli/dist/approvals/cli/help/HelpCommandDistTest.testStartHelpAll.unix.approved.txt

@@ -77,11 +77,11 @@ Feature:
                        account2[:v1], account3[:v1], admin-api[:v1], admin-fine-grained-authz[:v1],
                        admin2[:v1], authorization[:v1], ciba[:v1], client-policies[:v1],
                        client-secret-rotation[:v1], device-flow[:v1], docker[:v1], dpop[:v1],
-                       dynamic-scopes[:v1], fips[:v1], impersonation[:v1], js-adapter[:v1], kerberos
+                       dynamic-scopes[:v1], fips[:v1], hostname[:v1], impersonation[:v1], js-adapter
-                       [:v1], linkedin-oauth[:v1], multi-site[:v1], offline-session-preloading[:
+                       [:v1], kerberos[:v1], linkedin-oauth[:v1], multi-site[:v1],
-                       v1], par[:v1], preview, recovery-codes[:v1], scripts[:v1],
+                       offline-session-preloading[:v1], par[:v1], preview, recovery-codes[:v1],
-                       step-up-authentication[:v1], token-exchange[:v1], transient-users[:v1],
+                       scripts[:v1], step-up-authentication[:v1], token-exchange[:v1],
-                       update-email[:v1], web-authn[:v1].
+                       transient-users[:v1], update-email[:v1], web-authn[:v1].
 --features-disabled <feature>
                      Disables a set of one or more features. Possible values are: account-api,
                        account2, account3, admin-api, admin-fine-grained-authz, admin2,

quarkus/tests/integration/src/test/resources/org/keycloak/it/cli/dist/approvals/cli/help/HelpCommandDistTest.testStartHelpAll.windows.approved.txt

@@ -77,18 +77,19 @@ Feature:
                        account2[:v1], account3[:v1], admin-api[:v1], admin-fine-grained-authz[:v1],
                        admin2[:v1], authorization[:v1], ciba[:v1], client-policies[:v1],
                        client-secret-rotation[:v1], device-flow[:v1], docker[:v1], dpop[:v1],
-                       dynamic-scopes[:v1], fips[:v1], impersonation[:v1], js-adapter[:v1], kerberos
+                       dynamic-scopes[:v1], fips[:v1], hostname[:v1], impersonation[:v1], js-adapter
-                       [:v1], linkedin-oauth[:v1], multi-site[:v1], par[:v1], preview,
+                       [:v1], kerberos[:v1], linkedin-oauth[:v1], multi-site[:v1],
-                       recovery-codes[:v1], scripts[:v1], step-up-authentication[:v1],
+                       offline-session-preloading[:v1], par[:v1], preview, recovery-codes[:v1],
-                       token-exchange[:v1], transient-users[:v1], update-email[:v1], web-authn[:v1].
+                       scripts[:v1], step-up-authentication[:v1], token-exchange[:v1],
+                       transient-users[:v1], update-email[:v1], web-authn[:v1].
 --features-disabled <feature>
                      Disables a set of one or more features. Possible values are: account-api,
                        account2, account3, admin-api, admin-fine-grained-authz, admin2,
                        authorization, ciba, client-policies, client-secret-rotation, device-flow,
                        docker, dpop, dynamic-scopes, fips, impersonation, js-adapter, kerberos,
-                       linkedin-oauth, multi-site, par, preview, recovery-codes, scripts,
+                       linkedin-oauth, multi-site, offline-session-preloading, par, preview,
-                       step-up-authentication, token-exchange, transient-users, update-email,
+                       recovery-codes, scripts, step-up-authentication, token-exchange,
-                       web-authn.
+                       transient-users, update-email, web-authn.
 
 Hostname:
 

server-spi-private/src/main/java/org/keycloak/provider/EnvironmentDependentProviderFactory.java

@@ -31,7 +31,10 @@ public interface EnvironmentDependentProviderFactory {
      * @return <code>true</code> if the provider is supported and should be available, <code>false</code> otherwise
      * @deprecated Prefer overriding/using the {@link #isSupported(Config.Scope)} method.
      */
-    boolean isSupported();
+    @Deprecated
+    default boolean isSupported() {
+        return false;
+    }
 
     /**
      * An alternative to {@link #isSupported()} method to check if the provider is supported based on the