Include Account Console version 3 as a theme (#19641)
This commit is contained in:
parent
ca9c6dddc1
commit
a2eb619e0e
27 changed files with 460 additions and 239 deletions
|
@ -44,7 +44,8 @@ public class Profile {
|
|||
AUTHORIZATION("Authorization Service", Type.DEFAULT),
|
||||
|
||||
ACCOUNT_API("Account Management REST API", Type.DEFAULT),
|
||||
ACCOUNT2("New Account Management Console", Type.DEFAULT, Feature.ACCOUNT_API),
|
||||
ACCOUNT2("Account Management Console", Type.DEFAULT, Feature.ACCOUNT_API),
|
||||
ACCOUNT3("New Account Management Console", Type.EXPERIMENTAL, Feature.ACCOUNT_API),
|
||||
|
||||
ADMIN_FINE_GRAINED_AUTHZ("Fine-Grained Admin Permissions", Type.PREVIEW),
|
||||
|
||||
|
|
|
@ -70,12 +70,27 @@ public class ProfileTest {
|
|||
}
|
||||
|
||||
Assert.assertEquals(Profile.ProfileName.DEFAULT, profile.getName());
|
||||
Set<Profile.Feature> disabledFeatutes = new HashSet<>(Arrays.asList(Profile.Feature.FIPS, Profile.Feature.ADMIN_FINE_GRAINED_AUTHZ, Profile.Feature.DYNAMIC_SCOPES, Profile.Feature.DOCKER, Profile.Feature.RECOVERY_CODES, Profile.Feature.SCRIPTS, Profile.Feature.TOKEN_EXCHANGE, Profile.Feature.OPENSHIFT_INTEGRATION, Profile.Feature.MAP_STORAGE, Profile.Feature.DECLARATIVE_USER_PROFILE, Profile.Feature.CLIENT_SECRET_ROTATION, Profile.Feature.UPDATE_EMAIL));
|
||||
Set<Profile.Feature> disabledFeatures = new HashSet<>(Arrays.asList(
|
||||
Profile.Feature.FIPS,
|
||||
Profile.Feature.ACCOUNT3,
|
||||
Profile.Feature.ADMIN_FINE_GRAINED_AUTHZ,
|
||||
Profile.Feature.DYNAMIC_SCOPES,
|
||||
Profile.Feature.DOCKER,
|
||||
Profile.Feature.RECOVERY_CODES,
|
||||
Profile.Feature.SCRIPTS,
|
||||
Profile.Feature.TOKEN_EXCHANGE,
|
||||
Profile.Feature.OPENSHIFT_INTEGRATION,
|
||||
Profile.Feature.MAP_STORAGE,
|
||||
Profile.Feature.DECLARATIVE_USER_PROFILE,
|
||||
Profile.Feature.CLIENT_SECRET_ROTATION,
|
||||
Profile.Feature.UPDATE_EMAIL
|
||||
));
|
||||
|
||||
// KERBEROS can be disabled (i.e. FIPS mode disables SunJGSS provider)
|
||||
if (Profile.Feature.KERBEROS.getType() == Profile.Feature.Type.DISABLED_BY_DEFAULT) {
|
||||
disabledFeatutes.add(Profile.Feature.KERBEROS);
|
||||
disabledFeatures.add(Profile.Feature.KERBEROS);
|
||||
}
|
||||
assertEquals(profile.getDisabledFeatures(), disabledFeatutes);
|
||||
assertEquals(profile.getDisabledFeatures(), disabledFeatures);
|
||||
assertEquals(profile.getPreviewFeatures(), Profile.Feature.ADMIN_FINE_GRAINED_AUTHZ, Profile.Feature.RECOVERY_CODES, Profile.Feature.SCRIPTS, Profile.Feature.TOKEN_EXCHANGE, Profile.Feature.OPENSHIFT_INTEGRATION, Profile.Feature.DECLARATIVE_USER_PROFILE, Profile.Feature.CLIENT_SECRET_ROTATION, Profile.Feature.UPDATE_EMAIL);
|
||||
}
|
||||
|
||||
|
|
|
@ -1,3 +1,11 @@
|
|||
= FIPS 140-2 support
|
||||
|
||||
FIPS 140-2 support in Keycloak, which was preview in the previous release, is now promoted to be officially supported.
|
||||
|
||||
= Experimental new Account Console
|
||||
|
||||
The Account Console Version 3 is now available as an experimental feature in Keycloak. This version supports custom fields created with User Profile. If you are looking to try it out and provide us with some early feedback you can enable it as follows:
|
||||
|
||||
```
|
||||
bin/kc.sh start-dev --features=account3
|
||||
```
|
||||
|
|
|
@ -0,0 +1,10 @@
|
|||
{
|
||||
"themes": [
|
||||
{
|
||||
"name": "keycloak.v3",
|
||||
"types": [
|
||||
"account"
|
||||
]
|
||||
}
|
||||
]
|
||||
}
|
|
@ -0,0 +1,2 @@
|
|||
parent=base
|
||||
deprecatedMode=false
|
115
js/apps/account-ui/pom.xml
Normal file
115
js/apps/account-ui/pom.xml
Normal file
|
@ -0,0 +1,115 @@
|
|||
<?xml version="1.0" encoding="UTF-8"?>
|
||||
<project xmlns="http://maven.apache.org/POM/4.0.0" xmlns:xsi="http://www.w3.org/2001/XMLSchema-instance" xsi:schemaLocation="http://maven.apache.org/POM/4.0.0 http://maven.apache.org/maven-v4_0_0.xsd">
|
||||
<modelVersion>4.0.0</modelVersion>
|
||||
|
||||
<parent>
|
||||
<artifactId>keycloak-js-parent</artifactId>
|
||||
<groupId>org.keycloak</groupId>
|
||||
<version>999.0.0-SNAPSHOT</version>
|
||||
<relativePath>../../pom.xml</relativePath>
|
||||
</parent>
|
||||
|
||||
<artifactId>keycloak-account-ui</artifactId>
|
||||
|
||||
<name>Keycloak Account UI</name>
|
||||
<description>The user inferface to manage an account on the Keycloak server.</description>
|
||||
|
||||
<build>
|
||||
<resources>
|
||||
<resource>
|
||||
<directory>maven-resources</directory>
|
||||
</resource>
|
||||
<resource>
|
||||
<directory>dist</directory>
|
||||
<targetPath>theme/keycloak.v3/account/resources</targetPath>
|
||||
<excludes>
|
||||
<exclude>index.html</exclude>
|
||||
</excludes>
|
||||
</resource>
|
||||
</resources>
|
||||
|
||||
<plugins>
|
||||
<plugin>
|
||||
<groupId>org.apache.maven.plugins</groupId>
|
||||
<artifactId>maven-deploy-plugin</artifactId>
|
||||
<configuration>
|
||||
<skip>true</skip>
|
||||
</configuration>
|
||||
</plugin>
|
||||
<plugin>
|
||||
<groupId>com.github.eirslett</groupId>
|
||||
<artifactId>frontend-maven-plugin</artifactId>
|
||||
<executions>
|
||||
<execution>
|
||||
<id>npm-build</id>
|
||||
<goals>
|
||||
<goal>npm</goal>
|
||||
</goals>
|
||||
<configuration>
|
||||
<arguments>run build --workspace=account-ui</arguments>
|
||||
</configuration>
|
||||
</execution>
|
||||
</executions>
|
||||
<configuration>
|
||||
<workingDirectory>../..</workingDirectory>
|
||||
</configuration>
|
||||
</plugin>
|
||||
<plugin>
|
||||
<groupId>com.google.code.maven-replacer-plugin</groupId>
|
||||
<artifactId>maven-replacer-plugin</artifactId>
|
||||
<executions>
|
||||
<execution>
|
||||
<phase>process-resources</phase>
|
||||
<goals>
|
||||
<goal>replace</goal>
|
||||
</goals>
|
||||
</execution>
|
||||
</executions>
|
||||
<configuration>
|
||||
<file>dist/index.html</file>
|
||||
<outputFile>target/classes/theme/keycloak.v3/account/index.ftl</outputFile>
|
||||
<regex>false</regex>
|
||||
<replacements>
|
||||
<replacement>
|
||||
<token>src="./</token>
|
||||
<value>src="${resourceUrl}/</value>
|
||||
</replacement>
|
||||
<replacement>
|
||||
<token>href="./</token>
|
||||
<value>href="${resourceUrl}/</value>
|
||||
</replacement>
|
||||
<replacement>
|
||||
<token><![CDATA[</body>]]></token>
|
||||
<value xml:space="preserve">
|
||||
<![CDATA[
|
||||
<script id="environment" type="application/json">
|
||||
{
|
||||
"loginRealm": "${loginRealm!"master"}",
|
||||
"authServerUrl": "${authUrl}",
|
||||
"resourceUrl": "${resourceUrl}",
|
||||
"isRunningAsTheme": true
|
||||
}
|
||||
</script>
|
||||
</body>
|
||||
]]>
|
||||
</value>
|
||||
</replacement>
|
||||
<replacement>
|
||||
<token><![CDATA[</head>]]></token>
|
||||
<value xml:space="preserve">
|
||||
<![CDATA[
|
||||
<#if properties.styles?has_content>
|
||||
<#list properties.styles?split(' ') as style>
|
||||
<link href="${resourceUrl}/${style}" rel="stylesheet"/>
|
||||
</#list>
|
||||
</#if>
|
||||
</head>
|
||||
]]>
|
||||
</value>
|
||||
</replacement>
|
||||
</replacements>
|
||||
</configuration>
|
||||
</plugin>
|
||||
</plugins>
|
||||
</build>
|
||||
</project>
|
|
@ -17,4 +17,33 @@ const defaultEnvironment: Environment = {
|
|||
isRunningAsTheme: false,
|
||||
};
|
||||
|
||||
export { defaultEnvironment as environment };
|
||||
// Merge the default and injected environment variables together.
|
||||
const environment: Environment = {
|
||||
...defaultEnvironment,
|
||||
...getInjectedEnvironment(),
|
||||
};
|
||||
|
||||
export { environment };
|
||||
|
||||
/**
|
||||
* Extracts the environment variables that are passed if the application is running as a Keycloak theme.
|
||||
* These variables are injected by Keycloak into the `index.ftl` as a script tag, the contents of which can be parsed as JSON.
|
||||
*/
|
||||
function getInjectedEnvironment(): Record<string, string | number | boolean> {
|
||||
const element = document.getElementById("environment");
|
||||
|
||||
// If the element cannot be found, return an empty record.
|
||||
if (!element?.textContent) {
|
||||
return {};
|
||||
}
|
||||
|
||||
// Attempt to parse the contents as JSON and return its value.
|
||||
try {
|
||||
return JSON.parse(element.textContent);
|
||||
} catch (error) {
|
||||
console.error("Unable to parse environment variables.");
|
||||
}
|
||||
|
||||
// Otherwise, return an empty record.
|
||||
return {};
|
||||
}
|
||||
|
|
|
@ -3,7 +3,7 @@ import "@patternfly/patternfly/patternfly-addons.css";
|
|||
|
||||
import { StrictMode } from "react";
|
||||
import { createRoot } from "react-dom/client";
|
||||
import { createBrowserRouter, RouterProvider } from "react-router-dom";
|
||||
import { createHashRouter, RouterProvider } from "react-router-dom";
|
||||
|
||||
import { i18n } from "./i18n";
|
||||
import { keycloak } from "./keycloak";
|
||||
|
@ -18,7 +18,7 @@ await Promise.all([
|
|||
i18n.init(),
|
||||
]);
|
||||
|
||||
const router = createBrowserRouter(routes);
|
||||
const router = createHashRouter(routes);
|
||||
const container = document.getElementById("app");
|
||||
const root = createRoot(container!);
|
||||
|
||||
|
|
|
@ -8,7 +8,7 @@ import {
|
|||
TextVariants,
|
||||
} from "@patternfly/react-core";
|
||||
import { useTranslation } from "react-i18next";
|
||||
import { useRouteError } from "react-router-dom";
|
||||
import { isRouteErrorResponse, useRouteError } from "react-router-dom";
|
||||
|
||||
export const ErrorPage = () => {
|
||||
const { t } = useTranslation();
|
||||
|
@ -44,11 +44,15 @@ export const ErrorPage = () => {
|
|||
);
|
||||
};
|
||||
|
||||
function getErrorMessage(error: unknown) {
|
||||
function getErrorMessage(error: unknown): string | null {
|
||||
if (typeof error === "string") {
|
||||
return error;
|
||||
}
|
||||
|
||||
if (isRouteErrorResponse(error)) {
|
||||
return error.error ? getErrorMessage(error.error) : null;
|
||||
}
|
||||
|
||||
if (error instanceof Error) {
|
||||
return error.message;
|
||||
}
|
||||
|
|
|
@ -16,6 +16,7 @@
|
|||
<description>Parent of all JavaScript related code, sets up Node.js and NPM and installs dependencies for all projects in the workspace.</description>
|
||||
|
||||
<modules>
|
||||
<module>apps/account-ui</module>
|
||||
<module>apps/admin-ui</module>
|
||||
<module>libs/keycloak-admin-client</module>
|
||||
<module>libs/keycloak-js</module>
|
||||
|
|
7
pom.xml
7
pom.xml
|
@ -224,7 +224,7 @@
|
|||
<server.output.dir.version>${project.version}</server.output.dir.version>
|
||||
|
||||
<!-- Frontend -->
|
||||
<node.version>v18.14.2</node.version>
|
||||
<node.version>v18.15.0</node.version>
|
||||
</properties>
|
||||
|
||||
<url>http://keycloak.org</url>
|
||||
|
@ -1469,6 +1469,11 @@
|
|||
<artifactId>keycloak-junit5</artifactId>
|
||||
<version>${project.version}</version>
|
||||
</dependency>
|
||||
<dependency>
|
||||
<groupId>org.keycloak</groupId>
|
||||
<artifactId>keycloak-account-ui</artifactId>
|
||||
<version>${project.version}</version>
|
||||
</dependency>
|
||||
<dependency>
|
||||
<groupId>org.keycloak</groupId>
|
||||
<artifactId>keycloak-admin-ui</artifactId>
|
||||
|
|
|
@ -348,6 +348,16 @@
|
|||
</exclusion>
|
||||
</exclusions>
|
||||
</dependency>
|
||||
<dependency>
|
||||
<groupId>org.keycloak</groupId>
|
||||
<artifactId>keycloak-account-ui</artifactId>
|
||||
<exclusions>
|
||||
<exclusion>
|
||||
<groupId>*</groupId>
|
||||
<artifactId>*</artifactId>
|
||||
</exclusion>
|
||||
</exclusions>
|
||||
</dependency>
|
||||
<dependency>
|
||||
<groupId>org.keycloak</groupId>
|
||||
<artifactId>keycloak-admin-ui</artifactId>
|
||||
|
|
|
@ -1,116 +1,118 @@
|
|||
Creates a new and optimized server image.
|
||||
|
||||
Usage:
|
||||
|
||||
kc.sh build [OPTIONS]
|
||||
|
||||
Creates a new and optimized server image based on the configuration options
|
||||
passed to this command. Once created, the configuration will be persisted and
|
||||
read during startup without having to pass them over again.
|
||||
|
||||
Consider running this command before running the server in production for an
|
||||
optimal runtime.
|
||||
|
||||
Options:
|
||||
|
||||
-h, --help This help message.
|
||||
--help-all This same help message but with additional options.
|
||||
|
||||
Cache:
|
||||
|
||||
--cache <type> Defines the cache mechanism for high-availability. By default, a 'ispn' cache
|
||||
is used to create a cluster between multiple server nodes. A 'local' cache
|
||||
disables clustering and is intended for development and testing purposes.
|
||||
Possible values are: ispn, local. Default: ispn.
|
||||
--cache-config-file <file>
|
||||
Defines the file from which cache configuration should be loaded from. The
|
||||
configuration file is relative to the 'conf/' directory.
|
||||
--cache-stack <stack>
|
||||
Define the default stack to use for cluster communication and node discovery.
|
||||
This option only takes effect if 'cache' is set to 'ispn'. Default: udp.
|
||||
Possible values are: tcp, udp, kubernetes, ec2, azure, google.
|
||||
|
||||
Database:
|
||||
|
||||
--db <vendor> The database vendor. Possible values are: dev-file, dev-mem, mariadb, mssql,
|
||||
mysql, oracle, postgres. Default: dev-file.
|
||||
|
||||
Transaction:
|
||||
|
||||
--transaction-xa-enabled <true|false>
|
||||
If set to false, Keycloak uses a non-XA datasource in case the database does
|
||||
not support XA transactions. Default: true.
|
||||
|
||||
Feature:
|
||||
|
||||
--features <feature> Enables a set of one or more features. Possible values are: account-api,
|
||||
account2, admin-api, admin-fine-grained-authz, admin2, authorization, ciba,
|
||||
client-policies, client-secret-rotation, declarative-user-profile, docker,
|
||||
dynamic-scopes, fips, impersonation, js-adapter, kerberos, map-storage,
|
||||
openshift-integration, par, preview, recovery-codes, scripts,
|
||||
step-up-authentication, token-exchange, update-email, web-authn.
|
||||
--features-disabled <feature>
|
||||
Disables a set of one or more features. Possible values are: account-api,
|
||||
account2, admin-api, admin-fine-grained-authz, admin2, authorization, ciba,
|
||||
client-policies, client-secret-rotation, declarative-user-profile, docker,
|
||||
dynamic-scopes, fips, impersonation, js-adapter, kerberos, map-storage,
|
||||
openshift-integration, par, preview, recovery-codes, scripts,
|
||||
step-up-authentication, token-exchange, update-email, web-authn.
|
||||
|
||||
HTTP/TLS:
|
||||
|
||||
--http-relative-path <path>
|
||||
Set the path relative to '/' for serving resources. The path must start with a
|
||||
'/'. Default: /.
|
||||
|
||||
Health:
|
||||
|
||||
--health-enabled <true|false>
|
||||
If the server should expose health check endpoints. If enabled, health checks
|
||||
are available at the '/health', '/health/ready' and '/health/live'
|
||||
endpoints. Default: false.
|
||||
|
||||
Metrics:
|
||||
|
||||
--metrics-enabled <true|false>
|
||||
If the server should expose metrics. If enabled, metrics are available at the
|
||||
'/metrics' endpoint. Default: false.
|
||||
|
||||
Vault:
|
||||
|
||||
--vault <provider> Enables a vault provider. Possible values are: file.
|
||||
|
||||
Security:
|
||||
|
||||
--fips-mode <mode> Sets the FIPS mode. If 'non-strict' is set, FIPS is enabled but on
|
||||
non-approved mode. For full FIPS compliance, set 'strict' to run on approved
|
||||
mode. This option defaults to 'disabled' when 'fips' feature is disabled,
|
||||
which is by default. This option defaults to 'non-strict' when 'fips'
|
||||
feature is enabled. Possible values are: non-strict, strict. Default:
|
||||
disabled.
|
||||
|
||||
Examples:
|
||||
|
||||
Change the database vendor:
|
||||
|
||||
$ kc.sh build --db=postgres
|
||||
|
||||
Enable a feature:
|
||||
|
||||
$ kc.sh build --features=<feature_name>
|
||||
|
||||
Or alternatively, enable all tech preview features:
|
||||
|
||||
$ kc.sh build --features=preview
|
||||
|
||||
Enable health endpoints:
|
||||
|
||||
$ kc.sh build --health-enabled=true
|
||||
|
||||
Enable metrics endpoints:
|
||||
|
||||
$ kc.sh build --metrics-enabled=true
|
||||
|
||||
Change the relative path:
|
||||
|
||||
$ kc.sh build --http-relative-path=/auth
|
||||
Creates a new and optimized server image.
|
||||
|
||||
Usage:
|
||||
|
||||
kc.sh build [OPTIONS]
|
||||
|
||||
Creates a new and optimized server image based on the configuration options
|
||||
passed to this command. Once created, the configuration will be persisted and
|
||||
read during startup without having to pass them over again.
|
||||
|
||||
Consider running this command before running the server in production for an
|
||||
optimal runtime.
|
||||
|
||||
Options:
|
||||
|
||||
-h, --help This help message.
|
||||
--help-all This same help message but with additional options.
|
||||
|
||||
Cache:
|
||||
|
||||
--cache <type> Defines the cache mechanism for high-availability. By default, a 'ispn' cache
|
||||
is used to create a cluster between multiple server nodes. A 'local' cache
|
||||
disables clustering and is intended for development and testing purposes.
|
||||
Possible values are: ispn, local. Default: ispn.
|
||||
--cache-config-file <file>
|
||||
Defines the file from which cache configuration should be loaded from. The
|
||||
configuration file is relative to the 'conf/' directory.
|
||||
--cache-stack <stack>
|
||||
Define the default stack to use for cluster communication and node discovery.
|
||||
This option only takes effect if 'cache' is set to 'ispn'. Default: udp.
|
||||
Possible values are: tcp, udp, kubernetes, ec2, azure, google.
|
||||
|
||||
Database:
|
||||
|
||||
--db <vendor> The database vendor. Possible values are: dev-file, dev-mem, mariadb, mssql,
|
||||
mysql, oracle, postgres. Default: dev-file.
|
||||
|
||||
Transaction:
|
||||
|
||||
--transaction-xa-enabled <true|false>
|
||||
If set to false, Keycloak uses a non-XA datasource in case the database does
|
||||
not support XA transactions. Default: true.
|
||||
|
||||
Feature:
|
||||
|
||||
--features <feature> Enables a set of one or more features. Possible values are: account-api,
|
||||
account2, account3, admin-api, admin-fine-grained-authz, admin2,
|
||||
authorization, ciba, client-policies, client-secret-rotation,
|
||||
declarative-user-profile, docker, dynamic-scopes, fips, impersonation,
|
||||
js-adapter, kerberos, map-storage, openshift-integration, par, preview,
|
||||
recovery-codes, scripts, step-up-authentication, token-exchange,
|
||||
update-email, web-authn.
|
||||
--features-disabled <feature>
|
||||
Disables a set of one or more features. Possible values are: account-api,
|
||||
account2, account3, admin-api, admin-fine-grained-authz, admin2,
|
||||
authorization, ciba, client-policies, client-secret-rotation,
|
||||
declarative-user-profile, docker, dynamic-scopes, fips, impersonation,
|
||||
js-adapter, kerberos, map-storage, openshift-integration, par, preview,
|
||||
recovery-codes, scripts, step-up-authentication, token-exchange,
|
||||
update-email, web-authn.
|
||||
|
||||
HTTP/TLS:
|
||||
|
||||
--http-relative-path <path>
|
||||
Set the path relative to '/' for serving resources. The path must start with a
|
||||
'/'. Default: /.
|
||||
|
||||
Health:
|
||||
|
||||
--health-enabled <true|false>
|
||||
If the server should expose health check endpoints. If enabled, health checks
|
||||
are available at the '/health', '/health/ready' and '/health/live'
|
||||
endpoints. Default: false.
|
||||
|
||||
Metrics:
|
||||
|
||||
--metrics-enabled <true|false>
|
||||
If the server should expose metrics. If enabled, metrics are available at the
|
||||
'/metrics' endpoint. Default: false.
|
||||
|
||||
Vault:
|
||||
|
||||
--vault <provider> Enables a vault provider. Possible values are: file.
|
||||
|
||||
Security:
|
||||
|
||||
--fips-mode <mode> Sets the FIPS mode. If 'non-strict' is set, FIPS is enabled but on
|
||||
non-approved mode. For full FIPS compliance, set 'strict' to run on approved
|
||||
mode. This option defaults to 'disabled' when 'fips' feature is disabled,
|
||||
which is by default. This option defaults to 'non-strict' when 'fips'
|
||||
feature is enabled. Possible values are: non-strict, strict. Default:
|
||||
disabled.
|
||||
|
||||
Examples:
|
||||
|
||||
Change the database vendor:
|
||||
|
||||
$ kc.sh build --db=postgres
|
||||
|
||||
Enable a feature:
|
||||
|
||||
$ kc.sh build --features=<feature_name>
|
||||
|
||||
Or alternatively, enable all tech preview features:
|
||||
|
||||
$ kc.sh build --features=preview
|
||||
|
||||
Enable health endpoints:
|
||||
|
||||
$ kc.sh build --health-enabled=true
|
||||
|
||||
Enable metrics endpoints:
|
||||
|
||||
$ kc.sh build --metrics-enabled=true
|
||||
|
||||
Change the relative path:
|
||||
|
||||
$ kc.sh build --http-relative-path=/auth
|
||||
|
|
|
@ -44,18 +44,20 @@ Transaction:
|
|||
Feature:
|
||||
|
||||
--features <feature> Enables a set of one or more features. Possible values are: account-api,
|
||||
account2, admin-api, admin-fine-grained-authz, admin2, authorization, ciba,
|
||||
client-policies, client-secret-rotation, declarative-user-profile, docker,
|
||||
dynamic-scopes, fips, impersonation, js-adapter, kerberos, map-storage,
|
||||
openshift-integration, par, preview, recovery-codes, scripts,
|
||||
step-up-authentication, token-exchange, update-email, web-authn.
|
||||
account2, account3, admin-api, admin-fine-grained-authz, admin2,
|
||||
authorization, ciba, client-policies, client-secret-rotation,
|
||||
declarative-user-profile, docker, dynamic-scopes, fips, impersonation,
|
||||
js-adapter, kerberos, map-storage, openshift-integration, par, preview,
|
||||
recovery-codes, scripts, step-up-authentication, token-exchange,
|
||||
update-email, web-authn.
|
||||
--features-disabled <feature>
|
||||
Disables a set of one or more features. Possible values are: account-api,
|
||||
account2, admin-api, admin-fine-grained-authz, admin2, authorization, ciba,
|
||||
client-policies, client-secret-rotation, declarative-user-profile, docker,
|
||||
dynamic-scopes, fips, impersonation, js-adapter, kerberos, map-storage,
|
||||
openshift-integration, par, preview, recovery-codes, scripts,
|
||||
step-up-authentication, token-exchange, update-email, web-authn.
|
||||
account2, account3, admin-api, admin-fine-grained-authz, admin2,
|
||||
authorization, ciba, client-policies, client-secret-rotation,
|
||||
declarative-user-profile, docker, dynamic-scopes, fips, impersonation,
|
||||
js-adapter, kerberos, map-storage, openshift-integration, par, preview,
|
||||
recovery-codes, scripts, step-up-authentication, token-exchange,
|
||||
update-email, web-authn.
|
||||
|
||||
HTTP/TLS:
|
||||
|
||||
|
|
|
@ -69,18 +69,20 @@ Transaction:
|
|||
Feature:
|
||||
|
||||
--features <feature> Enables a set of one or more features. Possible values are: account-api,
|
||||
account2, admin-api, admin-fine-grained-authz, admin2, authorization, ciba,
|
||||
client-policies, client-secret-rotation, declarative-user-profile, docker,
|
||||
dynamic-scopes, fips, impersonation, js-adapter, kerberos, map-storage,
|
||||
openshift-integration, par, preview, recovery-codes, scripts,
|
||||
step-up-authentication, token-exchange, update-email, web-authn.
|
||||
account2, account3, admin-api, admin-fine-grained-authz, admin2,
|
||||
authorization, ciba, client-policies, client-secret-rotation,
|
||||
declarative-user-profile, docker, dynamic-scopes, fips, impersonation,
|
||||
js-adapter, kerberos, map-storage, openshift-integration, par, preview,
|
||||
recovery-codes, scripts, step-up-authentication, token-exchange,
|
||||
update-email, web-authn.
|
||||
--features-disabled <feature>
|
||||
Disables a set of one or more features. Possible values are: account-api,
|
||||
account2, admin-api, admin-fine-grained-authz, admin2, authorization, ciba,
|
||||
client-policies, client-secret-rotation, declarative-user-profile, docker,
|
||||
dynamic-scopes, fips, impersonation, js-adapter, kerberos, map-storage,
|
||||
openshift-integration, par, preview, recovery-codes, scripts,
|
||||
step-up-authentication, token-exchange, update-email, web-authn.
|
||||
account2, account3, admin-api, admin-fine-grained-authz, admin2,
|
||||
authorization, ciba, client-policies, client-secret-rotation,
|
||||
declarative-user-profile, docker, dynamic-scopes, fips, impersonation,
|
||||
js-adapter, kerberos, map-storage, openshift-integration, par, preview,
|
||||
recovery-codes, scripts, step-up-authentication, token-exchange,
|
||||
update-email, web-authn.
|
||||
|
||||
Hostname:
|
||||
|
||||
|
|
|
@ -32,6 +32,8 @@ Database:
|
|||
|
||||
--db <vendor> The database vendor. Possible values are: dev-file, dev-mem, mariadb, mssql,
|
||||
mysql, oracle, postgres. Default: dev-file.
|
||||
--db-driver <driver> The fully qualified class name of the JDBC driver. If not set, a default
|
||||
driver is set accordingly to the chosen database.
|
||||
--db-password <password>
|
||||
The password of the database user.
|
||||
--db-pool-initial-size <size>
|
||||
|
@ -67,18 +69,20 @@ Transaction:
|
|||
Feature:
|
||||
|
||||
--features <feature> Enables a set of one or more features. Possible values are: account-api,
|
||||
account2, admin-api, admin-fine-grained-authz, admin2, authorization, ciba,
|
||||
client-policies, client-secret-rotation, declarative-user-profile, docker,
|
||||
dynamic-scopes, fips, impersonation, js-adapter, kerberos, map-storage,
|
||||
openshift-integration, par, preview, recovery-codes, scripts,
|
||||
step-up-authentication, token-exchange, update-email, web-authn.
|
||||
account2, account3, admin-api, admin-fine-grained-authz, admin2,
|
||||
authorization, ciba, client-policies, client-secret-rotation,
|
||||
declarative-user-profile, docker, dynamic-scopes, fips, impersonation,
|
||||
js-adapter, kerberos, map-storage, openshift-integration, par, preview,
|
||||
recovery-codes, scripts, step-up-authentication, token-exchange,
|
||||
update-email, web-authn.
|
||||
--features-disabled <feature>
|
||||
Disables a set of one or more features. Possible values are: account-api,
|
||||
account2, admin-api, admin-fine-grained-authz, admin2, authorization, ciba,
|
||||
client-policies, client-secret-rotation, declarative-user-profile, docker,
|
||||
dynamic-scopes, fips, impersonation, js-adapter, kerberos, map-storage,
|
||||
openshift-integration, par, preview, recovery-codes, scripts,
|
||||
step-up-authentication, token-exchange, update-email, web-authn.
|
||||
account2, account3, admin-api, admin-fine-grained-authz, admin2,
|
||||
authorization, ciba, client-policies, client-secret-rotation,
|
||||
declarative-user-profile, docker, dynamic-scopes, fips, impersonation,
|
||||
js-adapter, kerberos, map-storage, openshift-integration, par, preview,
|
||||
recovery-codes, scripts, step-up-authentication, token-exchange,
|
||||
update-email, web-authn.
|
||||
|
||||
Hostname:
|
||||
|
||||
|
@ -232,4 +236,4 @@ Security:
|
|||
Do NOT start the server using this command when deploying to production.
|
||||
|
||||
Use 'kc.bat start-dev --help-all' to list all available options, including
|
||||
build options.
|
||||
build options.
|
|
@ -132,18 +132,20 @@ Transaction:
|
|||
Feature:
|
||||
|
||||
--features <feature> Enables a set of one or more features. Possible values are: account-api,
|
||||
account2, admin-api, admin-fine-grained-authz, admin2, authorization, ciba,
|
||||
client-policies, client-secret-rotation, declarative-user-profile, docker,
|
||||
dynamic-scopes, fips, impersonation, js-adapter, kerberos, map-storage,
|
||||
openshift-integration, par, preview, recovery-codes, scripts,
|
||||
step-up-authentication, token-exchange, update-email, web-authn.
|
||||
account2, account3, admin-api, admin-fine-grained-authz, admin2,
|
||||
authorization, ciba, client-policies, client-secret-rotation,
|
||||
declarative-user-profile, docker, dynamic-scopes, fips, impersonation,
|
||||
js-adapter, kerberos, map-storage, openshift-integration, par, preview,
|
||||
recovery-codes, scripts, step-up-authentication, token-exchange,
|
||||
update-email, web-authn.
|
||||
--features-disabled <feature>
|
||||
Disables a set of one or more features. Possible values are: account-api,
|
||||
account2, admin-api, admin-fine-grained-authz, admin2, authorization, ciba,
|
||||
client-policies, client-secret-rotation, declarative-user-profile, docker,
|
||||
dynamic-scopes, fips, impersonation, js-adapter, kerberos, map-storage,
|
||||
openshift-integration, par, preview, recovery-codes, scripts,
|
||||
step-up-authentication, token-exchange, update-email, web-authn.
|
||||
account2, account3, admin-api, admin-fine-grained-authz, admin2,
|
||||
authorization, ciba, client-policies, client-secret-rotation,
|
||||
declarative-user-profile, docker, dynamic-scopes, fips, impersonation,
|
||||
js-adapter, kerberos, map-storage, openshift-integration, par, preview,
|
||||
recovery-codes, scripts, step-up-authentication, token-exchange,
|
||||
update-email, web-authn.
|
||||
|
||||
Hostname:
|
||||
|
||||
|
|
|
@ -95,6 +95,8 @@ Database:
|
|||
|
||||
--db <vendor> The database vendor. Possible values are: dev-file, dev-mem, mariadb, mssql,
|
||||
mysql, oracle, postgres. Default: dev-file.
|
||||
--db-driver <driver> The fully qualified class name of the JDBC driver. If not set, a default
|
||||
driver is set accordingly to the chosen database.
|
||||
--db-password <password>
|
||||
The password of the database user.
|
||||
--db-pool-initial-size <size>
|
||||
|
@ -130,18 +132,20 @@ Transaction:
|
|||
Feature:
|
||||
|
||||
--features <feature> Enables a set of one or more features. Possible values are: account-api,
|
||||
account2, admin-api, admin-fine-grained-authz, admin2, authorization, ciba,
|
||||
client-policies, client-secret-rotation, declarative-user-profile, docker,
|
||||
dynamic-scopes, fips, impersonation, js-adapter, kerberos, map-storage,
|
||||
openshift-integration, par, preview, recovery-codes, scripts,
|
||||
step-up-authentication, token-exchange, update-email, web-authn.
|
||||
account2, account3, admin-api, admin-fine-grained-authz, admin2,
|
||||
authorization, ciba, client-policies, client-secret-rotation,
|
||||
declarative-user-profile, docker, dynamic-scopes, fips, impersonation,
|
||||
js-adapter, kerberos, map-storage, openshift-integration, par, preview,
|
||||
recovery-codes, scripts, step-up-authentication, token-exchange,
|
||||
update-email, web-authn.
|
||||
--features-disabled <feature>
|
||||
Disables a set of one or more features. Possible values are: account-api,
|
||||
account2, admin-api, admin-fine-grained-authz, admin2, authorization, ciba,
|
||||
client-policies, client-secret-rotation, declarative-user-profile, docker,
|
||||
dynamic-scopes, fips, impersonation, js-adapter, kerberos, map-storage,
|
||||
openshift-integration, par, preview, recovery-codes, scripts,
|
||||
step-up-authentication, token-exchange, update-email, web-authn.
|
||||
account2, account3, admin-api, admin-fine-grained-authz, admin2,
|
||||
authorization, ciba, client-policies, client-secret-rotation,
|
||||
declarative-user-profile, docker, dynamic-scopes, fips, impersonation,
|
||||
js-adapter, kerberos, map-storage, openshift-integration, par, preview,
|
||||
recovery-codes, scripts, step-up-authentication, token-exchange,
|
||||
update-email, web-authn.
|
||||
|
||||
Hostname:
|
||||
|
||||
|
@ -295,4 +299,4 @@ Security:
|
|||
Do NOT start the server using this command when deploying to production.
|
||||
|
||||
Use 'kc.bat start-dev --help-all' to list all available options, including
|
||||
build options.
|
||||
build options.
|
|
@ -75,18 +75,20 @@ Transaction:
|
|||
Feature:
|
||||
|
||||
--features <feature> Enables a set of one or more features. Possible values are: account-api,
|
||||
account2, admin-api, admin-fine-grained-authz, admin2, authorization, ciba,
|
||||
client-policies, client-secret-rotation, declarative-user-profile, docker,
|
||||
dynamic-scopes, fips, impersonation, js-adapter, kerberos, map-storage,
|
||||
openshift-integration, par, preview, recovery-codes, scripts,
|
||||
step-up-authentication, token-exchange, update-email, web-authn.
|
||||
account2, account3, admin-api, admin-fine-grained-authz, admin2,
|
||||
authorization, ciba, client-policies, client-secret-rotation,
|
||||
declarative-user-profile, docker, dynamic-scopes, fips, impersonation,
|
||||
js-adapter, kerberos, map-storage, openshift-integration, par, preview,
|
||||
recovery-codes, scripts, step-up-authentication, token-exchange,
|
||||
update-email, web-authn.
|
||||
--features-disabled <feature>
|
||||
Disables a set of one or more features. Possible values are: account-api,
|
||||
account2, admin-api, admin-fine-grained-authz, admin2, authorization, ciba,
|
||||
client-policies, client-secret-rotation, declarative-user-profile, docker,
|
||||
dynamic-scopes, fips, impersonation, js-adapter, kerberos, map-storage,
|
||||
openshift-integration, par, preview, recovery-codes, scripts,
|
||||
step-up-authentication, token-exchange, update-email, web-authn.
|
||||
account2, account3, admin-api, admin-fine-grained-authz, admin2,
|
||||
authorization, ciba, client-policies, client-secret-rotation,
|
||||
declarative-user-profile, docker, dynamic-scopes, fips, impersonation,
|
||||
js-adapter, kerberos, map-storage, openshift-integration, par, preview,
|
||||
recovery-codes, scripts, step-up-authentication, token-exchange,
|
||||
update-email, web-authn.
|
||||
|
||||
Hostname:
|
||||
|
||||
|
|
|
@ -38,6 +38,8 @@ Database:
|
|||
|
||||
--db <vendor> The database vendor. Possible values are: dev-file, dev-mem, mariadb, mssql,
|
||||
mysql, oracle, postgres. Default: dev-file.
|
||||
--db-driver <driver> The fully qualified class name of the JDBC driver. If not set, a default
|
||||
driver is set accordingly to the chosen database.
|
||||
--db-password <password>
|
||||
The password of the database user.
|
||||
--db-pool-initial-size <size>
|
||||
|
@ -73,18 +75,20 @@ Transaction:
|
|||
Feature:
|
||||
|
||||
--features <feature> Enables a set of one or more features. Possible values are: account-api,
|
||||
account2, admin-api, admin-fine-grained-authz, admin2, authorization, ciba,
|
||||
client-policies, client-secret-rotation, declarative-user-profile, docker,
|
||||
dynamic-scopes, fips, impersonation, js-adapter, kerberos, map-storage,
|
||||
openshift-integration, par, preview, recovery-codes, scripts,
|
||||
step-up-authentication, token-exchange, update-email, web-authn.
|
||||
account2, account3, admin-api, admin-fine-grained-authz, admin2,
|
||||
authorization, ciba, client-policies, client-secret-rotation,
|
||||
declarative-user-profile, docker, dynamic-scopes, fips, impersonation,
|
||||
js-adapter, kerberos, map-storage, openshift-integration, par, preview,
|
||||
recovery-codes, scripts, step-up-authentication, token-exchange,
|
||||
update-email, web-authn.
|
||||
--features-disabled <feature>
|
||||
Disables a set of one or more features. Possible values are: account-api,
|
||||
account2, admin-api, admin-fine-grained-authz, admin2, authorization, ciba,
|
||||
client-policies, client-secret-rotation, declarative-user-profile, docker,
|
||||
dynamic-scopes, fips, impersonation, js-adapter, kerberos, map-storage,
|
||||
openshift-integration, par, preview, recovery-codes, scripts,
|
||||
step-up-authentication, token-exchange, update-email, web-authn.
|
||||
account2, account3, admin-api, admin-fine-grained-authz, admin2,
|
||||
authorization, ciba, client-policies, client-secret-rotation,
|
||||
declarative-user-profile, docker, dynamic-scopes, fips, impersonation,
|
||||
js-adapter, kerberos, map-storage, openshift-integration, par, preview,
|
||||
recovery-codes, scripts, step-up-authentication, token-exchange,
|
||||
update-email, web-authn.
|
||||
|
||||
Hostname:
|
||||
|
||||
|
@ -242,4 +246,4 @@ By default, this command tries to update the server configuration by running a
|
|||
$ kc.bat start '--optimized'
|
||||
|
||||
By doing that, the server should start faster based on any previous
|
||||
configuration you have set when manually running the 'build' command.
|
||||
configuration you have set when manually running the 'build' command.
|
|
@ -138,18 +138,20 @@ Transaction:
|
|||
Feature:
|
||||
|
||||
--features <feature> Enables a set of one or more features. Possible values are: account-api,
|
||||
account2, admin-api, admin-fine-grained-authz, admin2, authorization, ciba,
|
||||
client-policies, client-secret-rotation, declarative-user-profile, docker,
|
||||
dynamic-scopes, fips, impersonation, js-adapter, kerberos, map-storage,
|
||||
openshift-integration, par, preview, recovery-codes, scripts,
|
||||
step-up-authentication, token-exchange, update-email, web-authn.
|
||||
account2, account3, admin-api, admin-fine-grained-authz, admin2,
|
||||
authorization, ciba, client-policies, client-secret-rotation,
|
||||
declarative-user-profile, docker, dynamic-scopes, fips, impersonation,
|
||||
js-adapter, kerberos, map-storage, openshift-integration, par, preview,
|
||||
recovery-codes, scripts, step-up-authentication, token-exchange,
|
||||
update-email, web-authn.
|
||||
--features-disabled <feature>
|
||||
Disables a set of one or more features. Possible values are: account-api,
|
||||
account2, admin-api, admin-fine-grained-authz, admin2, authorization, ciba,
|
||||
client-policies, client-secret-rotation, declarative-user-profile, docker,
|
||||
dynamic-scopes, fips, impersonation, js-adapter, kerberos, map-storage,
|
||||
openshift-integration, par, preview, recovery-codes, scripts,
|
||||
step-up-authentication, token-exchange, update-email, web-authn.
|
||||
account2, account3, admin-api, admin-fine-grained-authz, admin2,
|
||||
authorization, ciba, client-policies, client-secret-rotation,
|
||||
declarative-user-profile, docker, dynamic-scopes, fips, impersonation,
|
||||
js-adapter, kerberos, map-storage, openshift-integration, par, preview,
|
||||
recovery-codes, scripts, step-up-authentication, token-exchange,
|
||||
update-email, web-authn.
|
||||
|
||||
Hostname:
|
||||
|
||||
|
|
|
@ -101,6 +101,8 @@ Database:
|
|||
|
||||
--db <vendor> The database vendor. Possible values are: dev-file, dev-mem, mariadb, mssql,
|
||||
mysql, oracle, postgres. Default: dev-file.
|
||||
--db-driver <driver> The fully qualified class name of the JDBC driver. If not set, a default
|
||||
driver is set accordingly to the chosen database.
|
||||
--db-password <password>
|
||||
The password of the database user.
|
||||
--db-pool-initial-size <size>
|
||||
|
@ -136,18 +138,20 @@ Transaction:
|
|||
Feature:
|
||||
|
||||
--features <feature> Enables a set of one or more features. Possible values are: account-api,
|
||||
account2, admin-api, admin-fine-grained-authz, admin2, authorization, ciba,
|
||||
client-policies, client-secret-rotation, declarative-user-profile, docker,
|
||||
dynamic-scopes, fips, impersonation, js-adapter, kerberos, map-storage,
|
||||
openshift-integration, par, preview, recovery-codes, scripts,
|
||||
step-up-authentication, token-exchange, update-email, web-authn.
|
||||
account2, account3, admin-api, admin-fine-grained-authz, admin2,
|
||||
authorization, ciba, client-policies, client-secret-rotation,
|
||||
declarative-user-profile, docker, dynamic-scopes, fips, impersonation,
|
||||
js-adapter, kerberos, map-storage, openshift-integration, par, preview,
|
||||
recovery-codes, scripts, step-up-authentication, token-exchange,
|
||||
update-email, web-authn.
|
||||
--features-disabled <feature>
|
||||
Disables a set of one or more features. Possible values are: account-api,
|
||||
account2, admin-api, admin-fine-grained-authz, admin2, authorization, ciba,
|
||||
client-policies, client-secret-rotation, declarative-user-profile, docker,
|
||||
dynamic-scopes, fips, impersonation, js-adapter, kerberos, map-storage,
|
||||
openshift-integration, par, preview, recovery-codes, scripts,
|
||||
step-up-authentication, token-exchange, update-email, web-authn.
|
||||
account2, account3, admin-api, admin-fine-grained-authz, admin2,
|
||||
authorization, ciba, client-policies, client-secret-rotation,
|
||||
declarative-user-profile, docker, dynamic-scopes, fips, impersonation,
|
||||
js-adapter, kerberos, map-storage, openshift-integration, par, preview,
|
||||
recovery-codes, scripts, step-up-authentication, token-exchange,
|
||||
update-email, web-authn.
|
||||
|
||||
Hostname:
|
||||
|
||||
|
@ -305,4 +309,4 @@ By default, this command tries to update the server configuration by running a
|
|||
$ kc.bat start '--optimized'
|
||||
|
||||
By doing that, the server should start faster based on any previous
|
||||
configuration you have set when manually running the 'build' command.
|
||||
configuration you have set when manually running the 'build' command.
|
|
@ -28,6 +28,7 @@ public interface ThemeSelectorProvider extends Provider {
|
|||
|
||||
String DEFAULT = "keycloak";
|
||||
String DEFAULT_V2 = "keycloak.v2";
|
||||
String DEFAULT_V3 = "keycloak.v3";
|
||||
|
||||
/**
|
||||
* Return the theme name to use for the specified type
|
||||
|
@ -43,6 +44,10 @@ public interface ThemeSelectorProvider extends Provider {
|
|||
return name;
|
||||
}
|
||||
|
||||
if ((type == Theme.Type.ACCOUNT) && Profile.isFeatureEnabled(Profile.Feature.ACCOUNT3)) {
|
||||
return DEFAULT_V3;
|
||||
}
|
||||
|
||||
if ((type == Theme.Type.ACCOUNT) && Profile.isFeatureEnabled(Profile.Feature.ACCOUNT2)) {
|
||||
return DEFAULT_V2;
|
||||
}
|
||||
|
|
|
@ -211,6 +211,13 @@ public class ServerInfoAdminResource {
|
|||
filteredNames.remove("keycloak.v2");
|
||||
filteredNames.remove("rh-sso.v2");
|
||||
}
|
||||
|
||||
boolean filterAccountV3 = (type == Theme.Type.ACCOUNT) &&
|
||||
!Profile.isFeatureEnabled(Profile.Feature.ACCOUNT3);
|
||||
|
||||
if (filterAccountV3) {
|
||||
filteredNames.remove("keycloak.v3");
|
||||
}
|
||||
|
||||
return filteredNames;
|
||||
}
|
||||
|
|
|
@ -315,8 +315,4 @@ public class DefaultThemeManager implements ThemeManager {
|
|||
return providers;
|
||||
}
|
||||
|
||||
private static boolean isAccount2Enabled() {
|
||||
return Profile.isFeatureEnabled(Profile.Feature.ACCOUNT2);
|
||||
}
|
||||
|
||||
}
|
||||
|
|
|
@ -205,11 +205,6 @@
|
|||
<artifactId>undertow-embedded</artifactId>
|
||||
<version>${undertow-embedded.version}</version>
|
||||
</dependency>
|
||||
<dependency>
|
||||
<groupId>org.keycloak</groupId>
|
||||
<artifactId>keycloak-admin-ui</artifactId>
|
||||
<version>${project.version}</version>
|
||||
</dependency>
|
||||
<dependency>
|
||||
<groupId>org.keycloak</groupId>
|
||||
<artifactId>keycloak-rest-admin-ui-ext</artifactId>
|
||||
|
|
|
@ -48,16 +48,6 @@
|
|||
<artifactId>keycloak-dependencies-server-all</artifactId>
|
||||
<type>pom</type>
|
||||
</dependency>
|
||||
<dependency>
|
||||
<groupId>org.keycloak</groupId>
|
||||
<artifactId>keycloak-admin-ui</artifactId>
|
||||
<exclusions>
|
||||
<exclusion>
|
||||
<groupId>*</groupId>
|
||||
<artifactId>*</artifactId>
|
||||
</exclusion>
|
||||
</exclusions>
|
||||
</dependency>
|
||||
<dependency>
|
||||
<groupId>org.keycloak</groupId>
|
||||
<artifactId>keycloak-rest-admin-ui-ext</artifactId>
|
||||
|
|
Loading…
Reference in a new issue