libre.sh/keycloak-scim
2
0
Fork 0
Code Issues 14 Pull requests Releases Packages Activity Actions 6

Include Account Console version 3 as a theme (#19641)

Browse source
This commit is contained in:
Jon Koops 2023-04-13 15:41:40 +02:00 committed by GitHub
parent ca9c6dddc1
commit a2eb619e0e
No known key found for this signature in database
GPG key ID: 4AEE18F83AFDEB23
27 changed files with 460 additions and 239 deletions
Show stats Download patch file Download diff file Expand all files Collapse all files

3
common/src/main/java/org/keycloak/common/Profile.java
View file

@ -44,7 +44,8 @@ public class Profile {
AUTHORIZATION("Authorization Service", Type.DEFAULT),
ACCOUNT_API("Account Management REST API", Type.DEFAULT),
ACCOUNT2("New Account Management Console", Type.DEFAULT, Feature.ACCOUNT_API),
ACCOUNT2("Account Management Console", Type.DEFAULT, Feature.ACCOUNT_API),
ACCOUNT3("New Account Management Console", Type.EXPERIMENTAL, Feature.ACCOUNT_API),
ADMIN_FINE_GRAINED_AUTHZ("Fine-Grained Admin Permissions", Type.PREVIEW),

21
common/src/test/java/org/keycloak/common/ProfileTest.java
View file

@ -70,12 +70,27 @@ public class ProfileTest {
}
Assert.assertEquals(Profile.ProfileName.DEFAULT, profile.getName());
Set<Profile.Feature> disabledFeatutes = new HashSet<>(Arrays.asList(Profile.Feature.FIPS, Profile.Feature.ADMIN_FINE_GRAINED_AUTHZ, Profile.Feature.DYNAMIC_SCOPES, Profile.Feature.DOCKER, Profile.Feature.RECOVERY_CODES, Profile.Feature.SCRIPTS, Profile.Feature.TOKEN_EXCHANGE, Profile.Feature.OPENSHIFT_INTEGRATION, Profile.Feature.MAP_STORAGE, Profile.Feature.DECLARATIVE_USER_PROFILE, Profile.Feature.CLIENT_SECRET_ROTATION, Profile.Feature.UPDATE_EMAIL));
Set<Profile.Feature> disabledFeatures = new HashSet<>(Arrays.asList(
Profile.Feature.FIPS,
Profile.Feature.ACCOUNT3,
Profile.Feature.ADMIN_FINE_GRAINED_AUTHZ,
Profile.Feature.DYNAMIC_SCOPES,
Profile.Feature.DOCKER,
Profile.Feature.RECOVERY_CODES,
Profile.Feature.SCRIPTS,
Profile.Feature.TOKEN_EXCHANGE,
Profile.Feature.OPENSHIFT_INTEGRATION,
Profile.Feature.MAP_STORAGE,
Profile.Feature.DECLARATIVE_USER_PROFILE,
Profile.Feature.CLIENT_SECRET_ROTATION,
Profile.Feature.UPDATE_EMAIL
));
// KERBEROS can be disabled (i.e. FIPS mode disables SunJGSS provider)
if (Profile.Feature.KERBEROS.getType() == Profile.Feature.Type.DISABLED_BY_DEFAULT) {
disabledFeatutes.add(Profile.Feature.KERBEROS);
disabledFeatures.add(Profile.Feature.KERBEROS);
}
assertEquals(profile.getDisabledFeatures(), disabledFeatutes);
assertEquals(profile.getDisabledFeatures(), disabledFeatures);
assertEquals(profile.getPreviewFeatures(), Profile.Feature.ADMIN_FINE_GRAINED_AUTHZ, Profile.Feature.RECOVERY_CODES, Profile.Feature.SCRIPTS, Profile.Feature.TOKEN_EXCHANGE, Profile.Feature.OPENSHIFT_INTEGRATION, Profile.Feature.DECLARATIVE_USER_PROFILE, Profile.Feature.CLIENT_SECRET_ROTATION, Profile.Feature.UPDATE_EMAIL);
}

8
docs/documentation/release_notes/topics/21_1_0.adoc
View file

@ -1,3 +1,11 @@
= FIPS 140-2 support
FIPS 140-2 support in Keycloak, which was preview in the previous release, is now promoted to be officially supported.
= Experimental new Account Console
The Account Console Version 3 is now available as an experimental feature in Keycloak. This version supports custom fields created with User Profile. If you are looking to try it out and provide us with some early feedback you can enable it as follows:
```
bin/kc.sh start-dev --features=account3
```

10
js/apps/account-ui/maven-resources/META-INF/keycloak-themes.json Normal file
View file

@ -0,0 +1,10 @@
{
"themes": [
{
"name": "keycloak.v3",
"types": [
"account"
]
}
]
}

2
js/apps/account-ui/maven-resources/theme/keycloak.v3/account/theme.properties Normal file
View file

@ -0,0 +1,2 @@
parent=base
deprecatedMode=false

115
js/apps/account-ui/pom.xml Normal file
View file

@ -0,0 +1,115 @@
<?xml version="1.0" encoding="UTF-8"?>
<project xmlns="http://maven.apache.org/POM/4.0.0" xmlns:xsi="http://www.w3.org/2001/XMLSchema-instance" xsi:schemaLocation="http://maven.apache.org/POM/4.0.0 http://maven.apache.org/maven-v4_0_0.xsd">
<modelVersion>4.0.0</modelVersion>
<parent>
<artifactId>keycloak-js-parent</artifactId>
<groupId>org.keycloak</groupId>
<version>999.0.0-SNAPSHOT</version>
<relativePath>../../pom.xml</relativePath>
</parent>
<artifactId>keycloak-account-ui</artifactId>
<name>Keycloak Account UI</name>
<description>The user inferface to manage an account on the Keycloak server.</description>
<build>
<resources>
<resource>
<directory>maven-resources</directory>
</resource>
<resource>
<directory>dist</directory>
<targetPath>theme/keycloak.v3/account/resources</targetPath>
<excludes>
<exclude>index.html</exclude>
</excludes>
</resource>
</resources>
<plugins>
<plugin>
<groupId>org.apache.maven.plugins</groupId>
<artifactId>maven-deploy-plugin</artifactId>
<configuration>
<skip>true</skip>
</configuration>
</plugin>
<plugin>
<groupId>com.github.eirslett</groupId>
<artifactId>frontend-maven-plugin</artifactId>
<executions>
<execution>
<id>npm-build</id>
<goals>
<goal>npm</goal>
</goals>
<configuration>
<arguments>run build --workspace=account-ui</arguments>
</configuration>
</execution>
</executions>
<configuration>
<workingDirectory>../..</workingDirectory>
</configuration>
</plugin>
<plugin>
<groupId>com.google.code.maven-replacer-plugin</groupId>
<artifactId>maven-replacer-plugin</artifactId>
<executions>
<execution>
<phase>process-resources</phase>
<goals>
<goal>replace</goal>
</goals>
</execution>
</executions>
<configuration>
<file>dist/index.html</file>
<outputFile>target/classes/theme/keycloak.v3/account/index.ftl</outputFile>
<regex>false</regex>
<replacements>
<replacement>
<token>src="./</token>
<value>src="${resourceUrl}/</value>
</replacement>
<replacement>
<token>href="./</token>
<value>href="${resourceUrl}/</value>
</replacement>
<replacement>
<token><![CDATA[</body>]]></token>
<value xml:space="preserve">
<![CDATA[
<script id="environment" type="application/json">
{
"loginRealm": "${loginRealm!"master"}",
"authServerUrl": "${authUrl}",
"resourceUrl": "${resourceUrl}",
"isRunningAsTheme": true
}
</script>
</body>
]]>
</value>
</replacement>
<replacement>
<token><![CDATA[</head>]]></token>
<value xml:space="preserve">
<![CDATA[
<#if properties.styles?has_content>
<#list properties.styles?split(' ') as style>
<link href="${resourceUrl}/${style}" rel="stylesheet"/>
</#list>
</#if>
</head>
]]>
</value>
</replacement>
</replacements>
</configuration>
</plugin>
</plugins>
</build>
</project>

31
js/apps/account-ui/src/environment.ts
View file

@ -17,4 +17,33 @@ const defaultEnvironment: Environment = {
isRunningAsTheme: false,
};
export { defaultEnvironment as environment };
// Merge the default and injected environment variables together.
const environment: Environment = {
...defaultEnvironment,
...getInjectedEnvironment(),
};
export { environment };
/**
* Extracts the environment variables that are passed if the application is running as a Keycloak theme.
* These variables are injected by Keycloak into the `index.ftl` as a script tag, the contents of which can be parsed as JSON.
*/
function getInjectedEnvironment(): Record<string, string | number | boolean> {
const element = document.getElementById("environment");
// If the element cannot be found, return an empty record.
if (!element?.textContent) {
return {};
}
// Attempt to parse the contents as JSON and return its value.
try {
return JSON.parse(element.textContent);
} catch (error) {
console.error("Unable to parse environment variables.");
}
// Otherwise, return an empty record.
return {};
}

4
js/apps/account-ui/src/main.tsx
View file

@ -3,7 +3,7 @@ import "@patternfly/patternfly/patternfly-addons.css";
import { StrictMode } from "react";
import { createRoot } from "react-dom/client";
import { createBrowserRouter, RouterProvider } from "react-router-dom";
import { createHashRouter, RouterProvider } from "react-router-dom";
import { i18n } from "./i18n";
import { keycloak } from "./keycloak";
@ -18,7 +18,7 @@ await Promise.all([
i18n.init(),
]);
const router = createBrowserRouter(routes);
const router = createHashRouter(routes);
const container = document.getElementById("app");
const root = createRoot(container!);

8
js/apps/account-ui/src/root/ErrorPage.tsx
View file

@ -8,7 +8,7 @@ import {
TextVariants,
} from "@patternfly/react-core";
import { useTranslation } from "react-i18next";
import { useRouteError } from "react-router-dom";
import { isRouteErrorResponse, useRouteError } from "react-router-dom";
export const ErrorPage = () => {
const { t } = useTranslation();
@ -44,11 +44,15 @@ export const ErrorPage = () => {
);
};
function getErrorMessage(error: unknown) {
function getErrorMessage(error: unknown): string | null {
if (typeof error === "string") {
return error;
}
if (isRouteErrorResponse(error)) {
return error.error ? getErrorMessage(error.error) : null;
}
if (error instanceof Error) {
return error.message;
}

1
js/pom.xml
View file

@ -16,6 +16,7 @@
<description>Parent of all JavaScript related code, sets up Node.js and NPM and installs dependencies for all projects in the workspace.</description>
<modules>
<module>apps/account-ui</module>
<module>apps/admin-ui</module>
<module>libs/keycloak-admin-client</module>
<module>libs/keycloak-js</module>

7
pom.xml
View file

@ -224,7 +224,7 @@
<server.output.dir.version>${project.version}</server.output.dir.version>
<!-- Frontend -->
<node.version>v18.14.2</node.version>
<node.version>v18.15.0</node.version>
</properties>
<url>http://keycloak.org</url>
@ -1469,6 +1469,11 @@
<artifactId>keycloak-junit5</artifactId>
<version>${project.version}</version>
</dependency>
<dependency>
<groupId>org.keycloak</groupId>
<artifactId>keycloak-account-ui</artifactId>
<version>${project.version}</version>
</dependency>
<dependency>
<groupId>org.keycloak</groupId>
<artifactId>keycloak-admin-ui</artifactId>

10
quarkus/runtime/pom.xml
View file

@ -348,6 +348,16 @@
</exclusion>
</exclusions>
</dependency>
<dependency>
<groupId>org.keycloak</groupId>
<artifactId>keycloak-account-ui</artifactId>
<exclusions>
<exclusion>
<groupId>*</groupId>
<artifactId>*</artifactId>
</exclusion>
</exclusions>
</dependency>
<dependency>
<groupId>org.keycloak</groupId>
<artifactId>keycloak-admin-ui</artifactId>

234
quarkus/tests/integration/src/test/resources/org/keycloak/it/cli/dist/approvals/cli/help/HelpCommandDistTest.testBuildHelp.unix.approved.txt vendored
View file

@ -1,116 +1,118 @@
Creates a new and optimized server image.
Usage:
kc.sh build [OPTIONS]
Creates a new and optimized server image based on the configuration options
passed to this command. Once created, the configuration will be persisted and
read during startup without having to pass them over again.
Consider running this command before running the server in production for an
optimal runtime.
Options:
-h, --help This help message.
--help-all This same help message but with additional options.
Cache:
--cache <type> Defines the cache mechanism for high-availability. By default, a 'ispn' cache
is used to create a cluster between multiple server nodes. A 'local' cache
disables clustering and is intended for development and testing purposes.
Possible values are: ispn, local. Default: ispn.
--cache-config-file <file>
Defines the file from which cache configuration should be loaded from. The
configuration file is relative to the 'conf/' directory.
--cache-stack <stack>
Define the default stack to use for cluster communication and node discovery.
This option only takes effect if 'cache' is set to 'ispn'. Default: udp.
Possible values are: tcp, udp, kubernetes, ec2, azure, google.
Database:
--db <vendor> The database vendor. Possible values are: dev-file, dev-mem, mariadb, mssql,
mysql, oracle, postgres. Default: dev-file.
Transaction:
--transaction-xa-enabled <true|false>
If set to false, Keycloak uses a non-XA datasource in case the database does
not support XA transactions. Default: true.
Feature:
--features <feature> Enables a set of one or more features. Possible values are: account-api,
account2, admin-api, admin-fine-grained-authz, admin2, authorization, ciba,
client-policies, client-secret-rotation, declarative-user-profile, docker,
dynamic-scopes, fips, impersonation, js-adapter, kerberos, map-storage,
openshift-integration, par, preview, recovery-codes, scripts,
step-up-authentication, token-exchange, update-email, web-authn.
--features-disabled <feature>
Disables a set of one or more features. Possible values are: account-api,
account2, admin-api, admin-fine-grained-authz, admin2, authorization, ciba,
client-policies, client-secret-rotation, declarative-user-profile, docker,
dynamic-scopes, fips, impersonation, js-adapter, kerberos, map-storage,
openshift-integration, par, preview, recovery-codes, scripts,
step-up-authentication, token-exchange, update-email, web-authn.
HTTP/TLS:
--http-relative-path <path>
Set the path relative to '/' for serving resources. The path must start with a
'/'. Default: /.
Health:
--health-enabled <true|false>
If the server should expose health check endpoints. If enabled, health checks
are available at the '/health', '/health/ready' and '/health/live'
endpoints. Default: false.
Metrics:
--metrics-enabled <true|false>
If the server should expose metrics. If enabled, metrics are available at the
'/metrics' endpoint. Default: false.
Vault:
--vault <provider> Enables a vault provider. Possible values are: file.
Security:
--fips-mode <mode> Sets the FIPS mode. If 'non-strict' is set, FIPS is enabled but on
non-approved mode. For full FIPS compliance, set 'strict' to run on approved
mode. This option defaults to 'disabled' when 'fips' feature is disabled,
which is by default. This option defaults to 'non-strict' when 'fips'
feature is enabled. Possible values are: non-strict, strict. Default:
disabled.
Examples:
Change the database vendor:
$ kc.sh build --db=postgres
Enable a feature:
$ kc.sh build --features=<feature_name>
Or alternatively, enable all tech preview features:
$ kc.sh build --features=preview
Enable health endpoints:
$ kc.sh build --health-enabled=true
Enable metrics endpoints:
$ kc.sh build --metrics-enabled=true
Change the relative path:
$ kc.sh build --http-relative-path=/auth
Creates a new and optimized server image.
Usage:
kc.sh build [OPTIONS]
Creates a new and optimized server image based on the configuration options
passed to this command. Once created, the configuration will be persisted and
read during startup without having to pass them over again.
Consider running this command before running the server in production for an
optimal runtime.
Options:
-h, --help This help message.
--help-all This same help message but with additional options.
Cache:
--cache <type> Defines the cache mechanism for high-availability. By default, a 'ispn' cache
is used to create a cluster between multiple server nodes. A 'local' cache
disables clustering and is intended for development and testing purposes.
Possible values are: ispn, local. Default: ispn.
--cache-config-file <file>
Defines the file from which cache configuration should be loaded from. The
configuration file is relative to the 'conf/' directory.
--cache-stack <stack>
Define the default stack to use for cluster communication and node discovery.
This option only takes effect if 'cache' is set to 'ispn'. Default: udp.
Possible values are: tcp, udp, kubernetes, ec2, azure, google.
Database:
--db <vendor> The database vendor. Possible values are: dev-file, dev-mem, mariadb, mssql,
mysql, oracle, postgres. Default: dev-file.
Transaction:
--transaction-xa-enabled <true|false>
If set to false, Keycloak uses a non-XA datasource in case the database does
not support XA transactions. Default: true.
Feature:
--features <feature> Enables a set of one or more features. Possible values are: account-api,
account2, account3, admin-api, admin-fine-grained-authz, admin2,
authorization, ciba, client-policies, client-secret-rotation,
declarative-user-profile, docker, dynamic-scopes, fips, impersonation,
js-adapter, kerberos, map-storage, openshift-integration, par, preview,
recovery-codes, scripts, step-up-authentication, token-exchange,
update-email, web-authn.
--features-disabled <feature>
Disables a set of one or more features. Possible values are: account-api,
account2, account3, admin-api, admin-fine-grained-authz, admin2,
authorization, ciba, client-policies, client-secret-rotation,
declarative-user-profile, docker, dynamic-scopes, fips, impersonation,
js-adapter, kerberos, map-storage, openshift-integration, par, preview,
recovery-codes, scripts, step-up-authentication, token-exchange,
update-email, web-authn.
HTTP/TLS:
--http-relative-path <path>
Set the path relative to '/' for serving resources. The path must start with a
'/'. Default: /.
Health:
--health-enabled <true|false>
If the server should expose health check endpoints. If enabled, health checks
are available at the '/health', '/health/ready' and '/health/live'
endpoints. Default: false.
Metrics:
--metrics-enabled <true|false>
If the server should expose metrics. If enabled, metrics are available at the
'/metrics' endpoint. Default: false.
Vault:
--vault <provider> Enables a vault provider. Possible values are: file.
Security:
--fips-mode <mode> Sets the FIPS mode. If 'non-strict' is set, FIPS is enabled but on
non-approved mode. For full FIPS compliance, set 'strict' to run on approved
mode. This option defaults to 'disabled' when 'fips' feature is disabled,
which is by default. This option defaults to 'non-strict' when 'fips'
feature is enabled. Possible values are: non-strict, strict. Default:
disabled.
Examples:
Change the database vendor:
$ kc.sh build --db=postgres
Enable a feature:
$ kc.sh build --features=<feature_name>
Or alternatively, enable all tech preview features:
$ kc.sh build --features=preview
Enable health endpoints:
$ kc.sh build --health-enabled=true
Enable metrics endpoints:
$ kc.sh build --metrics-enabled=true
Change the relative path:
$ kc.sh build --http-relative-path=/auth

22
quarkus/tests/integration/src/test/resources/org/keycloak/it/cli/dist/approvals/cli/help/HelpCommandDistTest.testBuildHelp.windows.approved.txt vendored
View file

@ -44,18 +44,20 @@ Transaction:
Feature:
--features <feature> Enables a set of one or more features. Possible values are: account-api,
account2, admin-api, admin-fine-grained-authz, admin2, authorization, ciba,
client-policies, client-secret-rotation, declarative-user-profile, docker,
dynamic-scopes, fips, impersonation, js-adapter, kerberos, map-storage,
openshift-integration, par, preview, recovery-codes, scripts,
step-up-authentication, token-exchange, update-email, web-authn.
account2, account3, admin-api, admin-fine-grained-authz, admin2,
authorization, ciba, client-policies, client-secret-rotation,
declarative-user-profile, docker, dynamic-scopes, fips, impersonation,
js-adapter, kerberos, map-storage, openshift-integration, par, preview,
recovery-codes, scripts, step-up-authentication, token-exchange,
update-email, web-authn.
--features-disabled <feature>
Disables a set of one or more features. Possible values are: account-api,
account2, admin-api, admin-fine-grained-authz, admin2, authorization, ciba,
client-policies, client-secret-rotation, declarative-user-profile, docker,
dynamic-scopes, fips, impersonation, js-adapter, kerberos, map-storage,
openshift-integration, par, preview, recovery-codes, scripts,
step-up-authentication, token-exchange, update-email, web-authn.
account2, account3, admin-api, admin-fine-grained-authz, admin2,
authorization, ciba, client-policies, client-secret-rotation,
declarative-user-profile, docker, dynamic-scopes, fips, impersonation,
js-adapter, kerberos, map-storage, openshift-integration, par, preview,
recovery-codes, scripts, step-up-authentication, token-exchange,
update-email, web-authn.
HTTP/TLS:

22
quarkus/tests/integration/src/test/resources/org/keycloak/it/cli/dist/approvals/cli/help/HelpCommandDistTest.testStartDevHelp.unix.approved.txt vendored
View file

@ -69,18 +69,20 @@ Transaction:
Feature:
--features <feature> Enables a set of one or more features. Possible values are: account-api,
account2, admin-api, admin-fine-grained-authz, admin2, authorization, ciba,
client-policies, client-secret-rotation, declarative-user-profile, docker,
dynamic-scopes, fips, impersonation, js-adapter, kerberos, map-storage,
openshift-integration, par, preview, recovery-codes, scripts,
step-up-authentication, token-exchange, update-email, web-authn.
account2, account3, admin-api, admin-fine-grained-authz, admin2,
authorization, ciba, client-policies, client-secret-rotation,
declarative-user-profile, docker, dynamic-scopes, fips, impersonation,
js-adapter, kerberos, map-storage, openshift-integration, par, preview,
recovery-codes, scripts, step-up-authentication, token-exchange,
update-email, web-authn.
--features-disabled <feature>
Disables a set of one or more features. Possible values are: account-api,
account2, admin-api, admin-fine-grained-authz, admin2, authorization, ciba,
client-policies, client-secret-rotation, declarative-user-profile, docker,
dynamic-scopes, fips, impersonation, js-adapter, kerberos, map-storage,
openshift-integration, par, preview, recovery-codes, scripts,
step-up-authentication, token-exchange, update-email, web-authn.
account2, account3, admin-api, admin-fine-grained-authz, admin2,
authorization, ciba, client-policies, client-secret-rotation,
declarative-user-profile, docker, dynamic-scopes, fips, impersonation,
js-adapter, kerberos, map-storage, openshift-integration, par, preview,
recovery-codes, scripts, step-up-authentication, token-exchange,
update-email, web-authn.
Hostname:

26
quarkus/tests/integration/src/test/resources/org/keycloak/it/cli/dist/approvals/cli/help/HelpCommandDistTest.testStartDevHelp.windows.approved.txt vendored
View file

@ -32,6 +32,8 @@ Database:
--db <vendor> The database vendor. Possible values are: dev-file, dev-mem, mariadb, mssql,
mysql, oracle, postgres. Default: dev-file.
--db-driver <driver> The fully qualified class name of the JDBC driver. If not set, a default
driver is set accordingly to the chosen database.
--db-password <password>
The password of the database user.
--db-pool-initial-size <size>
@ -67,18 +69,20 @@ Transaction:
Feature:
--features <feature> Enables a set of one or more features. Possible values are: account-api,
account2, admin-api, admin-fine-grained-authz, admin2, authorization, ciba,
client-policies, client-secret-rotation, declarative-user-profile, docker,
dynamic-scopes, fips, impersonation, js-adapter, kerberos, map-storage,
openshift-integration, par, preview, recovery-codes, scripts,
step-up-authentication, token-exchange, update-email, web-authn.
account2, account3, admin-api, admin-fine-grained-authz, admin2,
authorization, ciba, client-policies, client-secret-rotation,
declarative-user-profile, docker, dynamic-scopes, fips, impersonation,
js-adapter, kerberos, map-storage, openshift-integration, par, preview,
recovery-codes, scripts, step-up-authentication, token-exchange,
update-email, web-authn.
--features-disabled <feature>
Disables a set of one or more features. Possible values are: account-api,
account2, admin-api, admin-fine-grained-authz, admin2, authorization, ciba,
client-policies, client-secret-rotation, declarative-user-profile, docker,
dynamic-scopes, fips, impersonation, js-adapter, kerberos, map-storage,
openshift-integration, par, preview, recovery-codes, scripts,
step-up-authentication, token-exchange, update-email, web-authn.
account2, account3, admin-api, admin-fine-grained-authz, admin2,
authorization, ciba, client-policies, client-secret-rotation,
declarative-user-profile, docker, dynamic-scopes, fips, impersonation,
js-adapter, kerberos, map-storage, openshift-integration, par, preview,
recovery-codes, scripts, step-up-authentication, token-exchange,
update-email, web-authn.
Hostname:
@ -232,4 +236,4 @@ Security:
Do NOT start the server using this command when deploying to production.
Use 'kc.bat start-dev --help-all' to list all available options, including
build options.
build options.

22
quarkus/tests/integration/src/test/resources/org/keycloak/it/cli/dist/approvals/cli/help/HelpCommandDistTest.testStartDevHelpAll.unix.approved.txt vendored
View file

@ -132,18 +132,20 @@ Transaction:
Feature:
--features <feature> Enables a set of one or more features. Possible values are: account-api,
account2, admin-api, admin-fine-grained-authz, admin2, authorization, ciba,
client-policies, client-secret-rotation, declarative-user-profile, docker,
dynamic-scopes, fips, impersonation, js-adapter, kerberos, map-storage,
openshift-integration, par, preview, recovery-codes, scripts,
step-up-authentication, token-exchange, update-email, web-authn.
account2, account3, admin-api, admin-fine-grained-authz, admin2,
authorization, ciba, client-policies, client-secret-rotation,
declarative-user-profile, docker, dynamic-scopes, fips, impersonation,
js-adapter, kerberos, map-storage, openshift-integration, par, preview,
recovery-codes, scripts, step-up-authentication, token-exchange,
update-email, web-authn.
--features-disabled <feature>
Disables a set of one or more features. Possible values are: account-api,
account2, admin-api, admin-fine-grained-authz, admin2, authorization, ciba,
client-policies, client-secret-rotation, declarative-user-profile, docker,
dynamic-scopes, fips, impersonation, js-adapter, kerberos, map-storage,
openshift-integration, par, preview, recovery-codes, scripts,
step-up-authentication, token-exchange, update-email, web-authn.
account2, account3, admin-api, admin-fine-grained-authz, admin2,
authorization, ciba, client-policies, client-secret-rotation,
declarative-user-profile, docker, dynamic-scopes, fips, impersonation,
js-adapter, kerberos, map-storage, openshift-integration, par, preview,
recovery-codes, scripts, step-up-authentication, token-exchange,
update-email, web-authn.
Hostname:

26
quarkus/tests/integration/src/test/resources/org/keycloak/it/cli/dist/approvals/cli/help/HelpCommandDistTest.testStartDevHelpAll.windows.approved.txt vendored
View file

@ -95,6 +95,8 @@ Database:
--db <vendor> The database vendor. Possible values are: dev-file, dev-mem, mariadb, mssql,
mysql, oracle, postgres. Default: dev-file.
--db-driver <driver> The fully qualified class name of the JDBC driver. If not set, a default
driver is set accordingly to the chosen database.
--db-password <password>
The password of the database user.
--db-pool-initial-size <size>
@ -130,18 +132,20 @@ Transaction:
Feature:
--features <feature> Enables a set of one or more features. Possible values are: account-api,
account2, admin-api, admin-fine-grained-authz, admin2, authorization, ciba,
client-policies, client-secret-rotation, declarative-user-profile, docker,
dynamic-scopes, fips, impersonation, js-adapter, kerberos, map-storage,
openshift-integration, par, preview, recovery-codes, scripts,
step-up-authentication, token-exchange, update-email, web-authn.
account2, account3, admin-api, admin-fine-grained-authz, admin2,
authorization, ciba, client-policies, client-secret-rotation,
declarative-user-profile, docker, dynamic-scopes, fips, impersonation,
js-adapter, kerberos, map-storage, openshift-integration, par, preview,
recovery-codes, scripts, step-up-authentication, token-exchange,
update-email, web-authn.
--features-disabled <feature>
Disables a set of one or more features. Possible values are: account-api,
account2, admin-api, admin-fine-grained-authz, admin2, authorization, ciba,
client-policies, client-secret-rotation, declarative-user-profile, docker,
dynamic-scopes, fips, impersonation, js-adapter, kerberos, map-storage,
openshift-integration, par, preview, recovery-codes, scripts,
step-up-authentication, token-exchange, update-email, web-authn.
account2, account3, admin-api, admin-fine-grained-authz, admin2,
authorization, ciba, client-policies, client-secret-rotation,
declarative-user-profile, docker, dynamic-scopes, fips, impersonation,
js-adapter, kerberos, map-storage, openshift-integration, par, preview,
recovery-codes, scripts, step-up-authentication, token-exchange,
update-email, web-authn.
Hostname:
@ -295,4 +299,4 @@ Security:
Do NOT start the server using this command when deploying to production.
Use 'kc.bat start-dev --help-all' to list all available options, including
build options.
build options.

22
quarkus/tests/integration/src/test/resources/org/keycloak/it/cli/dist/approvals/cli/help/HelpCommandDistTest.testStartHelp.unix.approved.txt vendored
View file

@ -75,18 +75,20 @@ Transaction:
Feature:
--features <feature> Enables a set of one or more features. Possible values are: account-api,
account2, admin-api, admin-fine-grained-authz, admin2, authorization, ciba,
client-policies, client-secret-rotation, declarative-user-profile, docker,
dynamic-scopes, fips, impersonation, js-adapter, kerberos, map-storage,
openshift-integration, par, preview, recovery-codes, scripts,
step-up-authentication, token-exchange, update-email, web-authn.
account2, account3, admin-api, admin-fine-grained-authz, admin2,
authorization, ciba, client-policies, client-secret-rotation,
declarative-user-profile, docker, dynamic-scopes, fips, impersonation,
js-adapter, kerberos, map-storage, openshift-integration, par, preview,
recovery-codes, scripts, step-up-authentication, token-exchange,
update-email, web-authn.
--features-disabled <feature>
Disables a set of one or more features. Possible values are: account-api,
account2, admin-api, admin-fine-grained-authz, admin2, authorization, ciba,
client-policies, client-secret-rotation, declarative-user-profile, docker,
dynamic-scopes, fips, impersonation, js-adapter, kerberos, map-storage,
openshift-integration, par, preview, recovery-codes, scripts,
step-up-authentication, token-exchange, update-email, web-authn.
account2, account3, admin-api, admin-fine-grained-authz, admin2,
authorization, ciba, client-policies, client-secret-rotation,
declarative-user-profile, docker, dynamic-scopes, fips, impersonation,
js-adapter, kerberos, map-storage, openshift-integration, par, preview,
recovery-codes, scripts, step-up-authentication, token-exchange,
update-email, web-authn.
Hostname:

26
quarkus/tests/integration/src/test/resources/org/keycloak/it/cli/dist/approvals/cli/help/HelpCommandDistTest.testStartHelp.windows.approved.txt vendored
View file

@ -38,6 +38,8 @@ Database:
--db <vendor> The database vendor. Possible values are: dev-file, dev-mem, mariadb, mssql,
mysql, oracle, postgres. Default: dev-file.
--db-driver <driver> The fully qualified class name of the JDBC driver. If not set, a default
driver is set accordingly to the chosen database.
--db-password <password>
The password of the database user.
--db-pool-initial-size <size>
@ -73,18 +75,20 @@ Transaction:
Feature:
--features <feature> Enables a set of one or more features. Possible values are: account-api,
account2, admin-api, admin-fine-grained-authz, admin2, authorization, ciba,
client-policies, client-secret-rotation, declarative-user-profile, docker,
dynamic-scopes, fips, impersonation, js-adapter, kerberos, map-storage,
openshift-integration, par, preview, recovery-codes, scripts,
step-up-authentication, token-exchange, update-email, web-authn.
account2, account3, admin-api, admin-fine-grained-authz, admin2,
authorization, ciba, client-policies, client-secret-rotation,
declarative-user-profile, docker, dynamic-scopes, fips, impersonation,
js-adapter, kerberos, map-storage, openshift-integration, par, preview,
recovery-codes, scripts, step-up-authentication, token-exchange,
update-email, web-authn.
--features-disabled <feature>
Disables a set of one or more features. Possible values are: account-api,
account2, admin-api, admin-fine-grained-authz, admin2, authorization, ciba,
client-policies, client-secret-rotation, declarative-user-profile, docker,
dynamic-scopes, fips, impersonation, js-adapter, kerberos, map-storage,
openshift-integration, par, preview, recovery-codes, scripts,
step-up-authentication, token-exchange, update-email, web-authn.
account2, account3, admin-api, admin-fine-grained-authz, admin2,
authorization, ciba, client-policies, client-secret-rotation,
declarative-user-profile, docker, dynamic-scopes, fips, impersonation,
js-adapter, kerberos, map-storage, openshift-integration, par, preview,
recovery-codes, scripts, step-up-authentication, token-exchange,
update-email, web-authn.
Hostname:
@ -242,4 +246,4 @@ By default, this command tries to update the server configuration by running a
$ kc.bat start '--optimized'
By doing that, the server should start faster based on any previous
configuration you have set when manually running the 'build' command.
configuration you have set when manually running the 'build' command.

22
quarkus/tests/integration/src/test/resources/org/keycloak/it/cli/dist/approvals/cli/help/HelpCommandDistTest.testStartHelpAll.unix.approved.txt vendored
View file

@ -138,18 +138,20 @@ Transaction:
Feature:
--features <feature> Enables a set of one or more features. Possible values are: account-api,
account2, admin-api, admin-fine-grained-authz, admin2, authorization, ciba,
client-policies, client-secret-rotation, declarative-user-profile, docker,
dynamic-scopes, fips, impersonation, js-adapter, kerberos, map-storage,
openshift-integration, par, preview, recovery-codes, scripts,
step-up-authentication, token-exchange, update-email, web-authn.
account2, account3, admin-api, admin-fine-grained-authz, admin2,
authorization, ciba, client-policies, client-secret-rotation,
declarative-user-profile, docker, dynamic-scopes, fips, impersonation,
js-adapter, kerberos, map-storage, openshift-integration, par, preview,
recovery-codes, scripts, step-up-authentication, token-exchange,
update-email, web-authn.
--features-disabled <feature>
Disables a set of one or more features. Possible values are: account-api,
account2, admin-api, admin-fine-grained-authz, admin2, authorization, ciba,
client-policies, client-secret-rotation, declarative-user-profile, docker,
dynamic-scopes, fips, impersonation, js-adapter, kerberos, map-storage,
openshift-integration, par, preview, recovery-codes, scripts,
step-up-authentication, token-exchange, update-email, web-authn.
account2, account3, admin-api, admin-fine-grained-authz, admin2,
authorization, ciba, client-policies, client-secret-rotation,
declarative-user-profile, docker, dynamic-scopes, fips, impersonation,
js-adapter, kerberos, map-storage, openshift-integration, par, preview,
recovery-codes, scripts, step-up-authentication, token-exchange,
update-email, web-authn.
Hostname:

26
quarkus/tests/integration/src/test/resources/org/keycloak/it/cli/dist/approvals/cli/help/HelpCommandDistTest.testStartHelpAll.windows.approved.txt vendored
View file

@ -101,6 +101,8 @@ Database:
--db <vendor> The database vendor. Possible values are: dev-file, dev-mem, mariadb, mssql,
mysql, oracle, postgres. Default: dev-file.
--db-driver <driver> The fully qualified class name of the JDBC driver. If not set, a default
driver is set accordingly to the chosen database.
--db-password <password>
The password of the database user.
--db-pool-initial-size <size>
@ -136,18 +138,20 @@ Transaction:
Feature:
--features <feature> Enables a set of one or more features. Possible values are: account-api,
account2, admin-api, admin-fine-grained-authz, admin2, authorization, ciba,
client-policies, client-secret-rotation, declarative-user-profile, docker,
dynamic-scopes, fips, impersonation, js-adapter, kerberos, map-storage,
openshift-integration, par, preview, recovery-codes, scripts,
step-up-authentication, token-exchange, update-email, web-authn.
account2, account3, admin-api, admin-fine-grained-authz, admin2,
authorization, ciba, client-policies, client-secret-rotation,
declarative-user-profile, docker, dynamic-scopes, fips, impersonation,
js-adapter, kerberos, map-storage, openshift-integration, par, preview,
recovery-codes, scripts, step-up-authentication, token-exchange,
update-email, web-authn.
--features-disabled <feature>
Disables a set of one or more features. Possible values are: account-api,
account2, admin-api, admin-fine-grained-authz, admin2, authorization, ciba,
client-policies, client-secret-rotation, declarative-user-profile, docker,
dynamic-scopes, fips, impersonation, js-adapter, kerberos, map-storage,
openshift-integration, par, preview, recovery-codes, scripts,
step-up-authentication, token-exchange, update-email, web-authn.
account2, account3, admin-api, admin-fine-grained-authz, admin2,
authorization, ciba, client-policies, client-secret-rotation,
declarative-user-profile, docker, dynamic-scopes, fips, impersonation,
js-adapter, kerberos, map-storage, openshift-integration, par, preview,
recovery-codes, scripts, step-up-authentication, token-exchange,
update-email, web-authn.
Hostname:
@ -305,4 +309,4 @@ By default, this command tries to update the server configuration by running a
$ kc.bat start '--optimized'
By doing that, the server should start faster based on any previous
configuration you have set when manually running the 'build' command.
configuration you have set when manually running the 'build' command.

5
server-spi/src/main/java/org/keycloak/theme/ThemeSelectorProvider.java
View file

@ -28,6 +28,7 @@ public interface ThemeSelectorProvider extends Provider {
String DEFAULT = "keycloak";
String DEFAULT_V2 = "keycloak.v2";
String DEFAULT_V3 = "keycloak.v3";
/**
* Return the theme name to use for the specified type
@ -43,6 +44,10 @@ public interface ThemeSelectorProvider extends Provider {
return name;
}
if ((type == Theme.Type.ACCOUNT) && Profile.isFeatureEnabled(Profile.Feature.ACCOUNT3)) {
return DEFAULT_V3;
}
if ((type == Theme.Type.ACCOUNT) && Profile.isFeatureEnabled(Profile.Feature.ACCOUNT2)) {
return DEFAULT_V2;
}

7
services/src/main/java/org/keycloak/services/resources/admin/info/ServerInfoAdminResource.java
View file

@ -211,6 +211,13 @@ public class ServerInfoAdminResource {
filteredNames.remove("keycloak.v2");
filteredNames.remove("rh-sso.v2");
}
boolean filterAccountV3 = (type == Theme.Type.ACCOUNT) &&
!Profile.isFeatureEnabled(Profile.Feature.ACCOUNT3);
if (filterAccountV3) {
filteredNames.remove("keycloak.v3");
}
return filteredNames;
}

4
services/src/main/java/org/keycloak/theme/DefaultThemeManager.java
View file

@ -315,8 +315,4 @@ public class DefaultThemeManager implements ThemeManager {
return providers;
}
private static boolean isAccount2Enabled() {
return Profile.isFeatureEnabled(Profile.Feature.ACCOUNT2);
}
}

5
testsuite/integration-arquillian/pom.xml
View file

@ -205,11 +205,6 @@
<artifactId>undertow-embedded</artifactId>
<version>${undertow-embedded.version}</version>
</dependency>
<dependency>
<groupId>org.keycloak</groupId>
<artifactId>keycloak-admin-ui</artifactId>
<version>${project.version}</version>
</dependency>
<dependency>
<groupId>org.keycloak</groupId>
<artifactId>keycloak-rest-admin-ui-ext</artifactId>

10
testsuite/utils/pom.xml
View file

@ -48,16 +48,6 @@
<artifactId>keycloak-dependencies-server-all</artifactId>
<type>pom</type>
</dependency>
<dependency>
<groupId>org.keycloak</groupId>
<artifactId>keycloak-admin-ui</artifactId>
<exclusions>
<exclusion>
<groupId>*</groupId>
<artifactId>*</artifactId>
</exclusion>
</exclusions>
</dependency>
<dependency>
<groupId>org.keycloak</groupId>
<artifactId>keycloak-rest-admin-ui-ext</artifactId>