Updated release notes for Keycloak 20 (#1712)

* Updated release notes for Keycloak 20

Closes #1711

* Update release_notes/topics/20_0_0.adoc
This commit is contained in:
Stian Thorgersen 2022-10-26 11:15:54 +02:00 committed by GitHub
parent e6791d7093
commit a0926e0022
No known key found for this signature in database
GPG key ID: 4AEE18F83AFDEB23

View file

@ -1,12 +1,36 @@
= WildFly distribution removed = WildFly distribution removed
With this release, we are removing the WildFly distribution which was already deprecated for some time. In case you are still using it, see our https://www.keycloak.org/migration/migrating-to-quarkus[Migration Guide] for switching to Quarkus distribution. In Keycloak 17.0.0 the new Quarkus based distribution of Keycloak, while the WildFly based distribution was deprecated.
With this release the WildFly distribution has been removed, and is no longer supported.
With that, we are also removing the legacy Kubernetes Operator and keeping only the new Quarkus-based Operator (see below for its release notes). If you are still using the WildFly distribution we highly encourage migrating to the Quarkus distribution as soon as
possible, see the https://www.keycloak.org/migration/migrating-to-quarkus[Migration Guide] for more details.
= Allow setting a base URL when configuring the hostname = New Keycloak Operator upgrade
In this release, we are introducing two additional server options to set a base URL for front end and Admin Console URLs. We are happy to announce that the new Keycloak Operator for the Quarkus based distribution is no longer a preview
feature. We added new functionality as well as a number of improvements, some which has resulted in breaking changes.
== Realm Operator
As the new Operator currently lacks some of the CRs (e.g. Client and User), we're introducing a temporary workaround in
the form of a Realm Operator. Please see its https://github.com/keycloak/keycloak-realm-operator[GitHub Repository] for
more details. See also https://www.keycloak.org/2022/09/operator-crs["The future of Keycloak Operator CRs" blogpost].
= Supported OpenJDK versions
Keycloak now supports OpenJDK 17 both for the server and adapters.
With the removal of the WildFly based distribution there is no longer support for running the Keycloak server on OpenJDK 8.
We also plan to remove support for Keycloak adapters on OpenJDK 8 in Keycloak 21.
Starting with Keycloak 22 we plan to only support the latest OpenJDK LTS release and aiming to quickly also support the
latest OpenJDK release. That means we will be also removing OpenJDK 11 support for the Keycloak server in Keycloak 22.
= Hostname provider now supports configuring the complete base URL
In this release, we are introducing two additional server options to set the base URL for frontend request and the Admin
Console:
* `hostname-url` * `hostname-url`
* `hostname-admin-url` * `hostname-admin-url`
@ -19,24 +43,56 @@ In this release, we are making important changes to `kc.bat` to give the same ex
= Upgrade of embedded H2 database = Upgrade of embedded H2 database
{project_name} ships for development purposes with an H2 database driver. As it is intended for development purposes only, it should never be used in a production environment. {project_name} ships for development purposes with an H2 database driver. As it is intended for development purposes
only, it should never be used in a production environment.
In this release, the H2 driver has been upgraded from version 1.x to version 2.x. In this release, the H2 driver has been upgraded from version 1.x to version 2.x.
See link:{upgradingguide_link}[{upgradingguide_name}] for details on how to migrate.
= New Keycloak Operator upgrade = Feature guard for hosting the Keycloak JavaScript adapter
We are happy to announce that the new Quarkus-based Keycloak Operator is no longer a tech preview feature. We added new functionality as well as the quality of life improvements. Some of them resulted in breaking changes. Applications are able to load `keycloak.js` directly from the Keycloak server. As it's not considered a best-practice
to load JavaScript libraries this way there is now a feature guard that allows disabling this ability.
Its important to emphasize that none of these breaking changes will come into effect automatically. Please, read our link:{upgradingguide_link}[{upgradingguide_name}] for more information. In Keycloak 21 we will deprecate this option, and in Keycloak 22 we plan to completely remove the ability to load
`keycloak.js` from the Keycloak server.
== Realm Operator = OTP Application SPI
As the new Operator currently lacks some of the CRs (e.g. Client and User), we're introducing a temporary workaround in the form of Realm Operator. Please see its https://github.com/keycloak/keycloak-realm-operator[GitHub Repository] for more details. See also https://www.keycloak.org/2022/09/operator-crs["The future of Keycloak Operator CRs" blogpost]. In previous releases the list of OTP applications displayed to users was hard-coded in Keycloak. With the introduction of
the OTP Application SPI it is now possible to disable built-in OTP applications, as well as adding custom OTP Applications.
= Custom Identity Providers can now set an icon for the provider
A custom identity provider can now set the icon used on the login pages. Thanks to https://github.com/klausbetz[Klaus Betz],
who happens also to maintain
https://github.com/klausbetz/apple-identity-provider-keycloak[an extension to Keycloak to support log in with AppleID].
= Open Banking UK support
Keycloak is now compliant with Open Banking UK.
Thanks to https://github.com/tnorimat[Takashi Norimatsu] for this contribution.
= FIPS 140-2 experimental support
There is now experimental support for deploying Keycloak into a FIPS 140-2 enabled environment. There will be a blog post
with the details shortly after the release with the details how you can try it. Feedback is welcome!
Thanks to https://github.com/david-rh[David Anderson], who contributed parts of this feature. Also, thanks to
https://github.com/sudeepd[Sudeep Das] and https://github.com/isaacjensen[Isaac Jensen] for their initial prototype
effort, which was used as an inspiration.
= Search groups by attribute
It is now possible to search groups by attribute through the Admin REST API. Thanks to
https://github.com/Redhat-Alice[Alice] for this contribution.
= View group membership in the account console
It is now possible to allow users to view their group memberships in the account console. Thanks to
https://github.com/cgeorgilakis[cgeorgilakis] for this contribution.
= Deprecated methods from data providers and models were removed = Deprecated methods from data providers and models were removed
Several deprecated methods were removed from data providers and models. Several deprecated methods were removed from data providers and models. If not done already, their usage needs to be
If not done already, their usage needs to be replaced with the corresponding replaced with the corresponding replacement documented in Javadoc of Keycloak 19 release. See
replacement documented in Javadoc of Keycloak 19 release. See
link:{upgradingguide_link}[{upgradingguide_name}] for more details. link:{upgradingguide_link}[{upgradingguide_name}] for more details.