Include Account Console version 3 as a theme (#19641)

common/src/main/java/org/keycloak/common/Profile.java

@@ -44,7 +44,8 @@ public class Profile {
         AUTHORIZATION("Authorization Service", Type.DEFAULT),
 
         ACCOUNT_API("Account Management REST API", Type.DEFAULT),
-        ACCOUNT2("New Account Management Console", Type.DEFAULT, Feature.ACCOUNT_API),
+        ACCOUNT2("Account Management Console", Type.DEFAULT, Feature.ACCOUNT_API),
+        ACCOUNT3("New Account Management Console", Type.EXPERIMENTAL, Feature.ACCOUNT_API),
 
         ADMIN_FINE_GRAINED_AUTHZ("Fine-Grained Admin Permissions", Type.PREVIEW),
 

common/src/test/java/org/keycloak/common/ProfileTest.java

@@ -70,12 +70,27 @@ public class ProfileTest {
         }
 
         Assert.assertEquals(Profile.ProfileName.DEFAULT, profile.getName());
-        Set<Profile.Feature> disabledFeatutes = new HashSet<>(Arrays.asList(Profile.Feature.FIPS, Profile.Feature.ADMIN_FINE_GRAINED_AUTHZ, Profile.Feature.DYNAMIC_SCOPES, Profile.Feature.DOCKER, Profile.Feature.RECOVERY_CODES, Profile.Feature.SCRIPTS, Profile.Feature.TOKEN_EXCHANGE, Profile.Feature.OPENSHIFT_INTEGRATION, Profile.Feature.MAP_STORAGE, Profile.Feature.DECLARATIVE_USER_PROFILE, Profile.Feature.CLIENT_SECRET_ROTATION, Profile.Feature.UPDATE_EMAIL));
+        Set<Profile.Feature> disabledFeatures = new HashSet<>(Arrays.asList(
+            Profile.Feature.FIPS,
+            Profile.Feature.ACCOUNT3,
+            Profile.Feature.ADMIN_FINE_GRAINED_AUTHZ,
+            Profile.Feature.DYNAMIC_SCOPES,
+            Profile.Feature.DOCKER,
+            Profile.Feature.RECOVERY_CODES,
+            Profile.Feature.SCRIPTS,
+            Profile.Feature.TOKEN_EXCHANGE,
+            Profile.Feature.OPENSHIFT_INTEGRATION,
+            Profile.Feature.MAP_STORAGE,
+            Profile.Feature.DECLARATIVE_USER_PROFILE,
+            Profile.Feature.CLIENT_SECRET_ROTATION,
+            Profile.Feature.UPDATE_EMAIL
+        ));
+
         // KERBEROS can be disabled (i.e. FIPS mode disables SunJGSS provider)
         if (Profile.Feature.KERBEROS.getType() == Profile.Feature.Type.DISABLED_BY_DEFAULT) {
-            disabledFeatutes.add(Profile.Feature.KERBEROS);
+            disabledFeatures.add(Profile.Feature.KERBEROS);
         }
-        assertEquals(profile.getDisabledFeatures(), disabledFeatutes);
+        assertEquals(profile.getDisabledFeatures(), disabledFeatures);
         assertEquals(profile.getPreviewFeatures(), Profile.Feature.ADMIN_FINE_GRAINED_AUTHZ, Profile.Feature.RECOVERY_CODES, Profile.Feature.SCRIPTS, Profile.Feature.TOKEN_EXCHANGE, Profile.Feature.OPENSHIFT_INTEGRATION, Profile.Feature.DECLARATIVE_USER_PROFILE, Profile.Feature.CLIENT_SECRET_ROTATION, Profile.Feature.UPDATE_EMAIL);
     }
 

docs/documentation/release_notes/topics/21_1_0.adoc

@@ -1,3 +1,11 @@
 = FIPS 140-2 support
 
 FIPS 140-2 support in Keycloak, which was preview in the previous release, is now promoted to be officially supported.
+
+= Experimental new Account Console 
+
+The Account Console Version 3 is now available as an experimental feature in Keycloak. This version supports custom fields created with User Profile. If you are looking to try it out and provide us with some early feedback you can enable it as follows:
+
+```
+bin/kc.sh start-dev --features=account3
+```

js/apps/account-ui/maven-resources/META-INF/keycloak-themes.json

@@ -0,0 +1,10 @@
+{
+  "themes": [
+    {
+      "name": "keycloak.v3",
+      "types": [
+        "account"
+      ]
+    }
+  ]
+}

js/apps/account-ui/maven-resources/theme/keycloak.v3/account/theme.properties

@@ -0,0 +1,2 @@
+parent=base
+deprecatedMode=false

js/apps/account-ui/pom.xml

@@ -0,0 +1,115 @@
+<?xml version="1.0" encoding="UTF-8"?>
+<project xmlns="http://maven.apache.org/POM/4.0.0" xmlns:xsi="http://www.w3.org/2001/XMLSchema-instance" xsi:schemaLocation="http://maven.apache.org/POM/4.0.0 http://maven.apache.org/maven-v4_0_0.xsd">
+    <modelVersion>4.0.0</modelVersion>
+
+    <parent>
+        <artifactId>keycloak-js-parent</artifactId>
+        <groupId>org.keycloak</groupId>
+        <version>999.0.0-SNAPSHOT</version>
+        <relativePath>../../pom.xml</relativePath>
+    </parent>
+
+    <artifactId>keycloak-account-ui</artifactId>
+
+    <name>Keycloak Account UI</name>
+    <description>The user inferface to manage an account on the Keycloak server.</description>
+
+    <build>
+        <resources>
+            <resource>
+                <directory>maven-resources</directory>
+            </resource>
+            <resource>
+                <directory>dist</directory>
+                <targetPath>theme/keycloak.v3/account/resources</targetPath>
+                <excludes>
+                    <exclude>index.html</exclude>
+                </excludes>
+            </resource>
+        </resources>
+
+        <plugins>
+            <plugin>
+                <groupId>org.apache.maven.plugins</groupId>
+                <artifactId>maven-deploy-plugin</artifactId>
+                <configuration>
+                    <skip>true</skip>
+                </configuration>
+            </plugin>
+            <plugin>
+                <groupId>com.github.eirslett</groupId>
+                <artifactId>frontend-maven-plugin</artifactId>
+                <executions>
+                    <execution>
+                        <id>npm-build</id>
+                        <goals>
+                            <goal>npm</goal>
+                        </goals>
+                        <configuration>
+                            <arguments>run build --workspace=account-ui</arguments>
+                        </configuration>
+                    </execution>
+                </executions>
+                <configuration>
+                    <workingDirectory>../..</workingDirectory>
+                </configuration>
+            </plugin>
+            <plugin>
+                <groupId>com.google.code.maven-replacer-plugin</groupId>
+                <artifactId>maven-replacer-plugin</artifactId>
+                <executions>
+                    <execution>
+                        <phase>process-resources</phase>
+                        <goals>
+                            <goal>replace</goal>
+                        </goals>
+                    </execution>
+                </executions>
+                <configuration>
+                    <file>dist/index.html</file>
+                    <outputFile>target/classes/theme/keycloak.v3/account/index.ftl</outputFile>
+                    <regex>false</regex>
+                    <replacements>
+                        <replacement>
+                            <token>src="./</token>
+                            <value>src="${resourceUrl}/</value>
+                        </replacement>
+                        <replacement>
+                            <token>href="./</token>
+                            <value>href="${resourceUrl}/</value>
+                        </replacement>
+                        <replacement>
+                            <token><![CDATA[</body>]]></token>
+                            <value xml:space="preserve">
+<![CDATA[
+  <script id="environment" type="application/json">
+    {
+      "loginRealm": "${loginRealm!"master"}",
+      "authServerUrl": "${authUrl}",
+      "resourceUrl": "${resourceUrl}",
+      "isRunningAsTheme": true
+    }
+  </script>
+</body>
+]]>
+</value>
+                        </replacement>
+                        <replacement>
+                            <token><![CDATA[</head>]]></token>
+                            <value xml:space="preserve">
+<![CDATA[
+    <#if properties.styles?has_content>
+      <#list properties.styles?split(' ') as style>
+      <link href="${resourceUrl}/${style}" rel="stylesheet"/>
+      </#list>
+    </#if>
+  </head>
+]]>	
+</value>
+                        </replacement>
+                    </replacements>
+                </configuration>
+            </plugin>
+        </plugins>
+    </build>
+</project>

js/apps/account-ui/src/environment.ts

@@ -17,4 +17,33 @@ const defaultEnvironment: Environment = {
   isRunningAsTheme: false,
 };
 
-export { defaultEnvironment as environment };
+// Merge the default and injected environment variables together.
+const environment: Environment = {
+  ...defaultEnvironment,
+  ...getInjectedEnvironment(),
+};
+
+export { environment };
+
+/**
+ * Extracts the environment variables that are passed if the application is running as a Keycloak theme.
+ * These variables are injected by Keycloak into the `index.ftl` as a script tag, the contents of which can be parsed as JSON.
+ */
+function getInjectedEnvironment(): Record<string, string | number | boolean> {
+  const element = document.getElementById("environment");
+
+  // If the element cannot be found, return an empty record.
+  if (!element?.textContent) {
+    return {};
+  }
+
+  // Attempt to parse the contents as JSON and return its value.
+  try {
+    return JSON.parse(element.textContent);
+  } catch (error) {
+    console.error("Unable to parse environment variables.");
+  }
+
+  // Otherwise, return an empty record.
+  return {};
+}

js/apps/account-ui/src/main.tsx

@@ -3,7 +3,7 @@ import "@patternfly/patternfly/patternfly-addons.css";
 
 import { StrictMode } from "react";
 import { createRoot } from "react-dom/client";
-import { createBrowserRouter, RouterProvider } from "react-router-dom";
+import { createHashRouter, RouterProvider } from "react-router-dom";
 
 import { i18n } from "./i18n";
 import { keycloak } from "./keycloak";
@@ -18,7 +18,7 @@ await Promise.all([
   i18n.init(),
 ]);
 
-const router = createBrowserRouter(routes);
+const router = createHashRouter(routes);
 const container = document.getElementById("app");
 const root = createRoot(container!);
 

js/apps/account-ui/src/root/ErrorPage.tsx

@@ -8,7 +8,7 @@ import {
   TextVariants,
 } from "@patternfly/react-core";
 import { useTranslation } from "react-i18next";
-import { useRouteError } from "react-router-dom";
+import { isRouteErrorResponse, useRouteError } from "react-router-dom";
 
 export const ErrorPage = () => {
   const { t } = useTranslation();
@@ -44,11 +44,15 @@ export const ErrorPage = () => {
   );
 };
 
-function getErrorMessage(error: unknown) {
+function getErrorMessage(error: unknown): string | null {
   if (typeof error === "string") {
     return error;
   }
 
+  if (isRouteErrorResponse(error)) {
+    return error.error ? getErrorMessage(error.error) : null;
+  }
+
   if (error instanceof Error) {
     return error.message;
   }

js/pom.xml

@@ -16,6 +16,7 @@
     <description>Parent of all JavaScript related code, sets up Node.js and NPM and installs dependencies for all projects in the workspace.</description>
 
     <modules>
+        <module>apps/account-ui</module>
         <module>apps/admin-ui</module>
         <module>libs/keycloak-admin-client</module>
         <module>libs/keycloak-js</module>

pom.xml

@@ -224,7 +224,7 @@
         <server.output.dir.version>${project.version}</server.output.dir.version>
 
         <!-- Frontend -->
-        <node.version>v18.14.2</node.version>
+        <node.version>v18.15.0</node.version>
     </properties>
 
     <url>http://keycloak.org</url>
@@ -1469,6 +1469,11 @@
                 <artifactId>keycloak-junit5</artifactId>
                 <version>${project.version}</version>
             </dependency>
+            <dependency>
+                <groupId>org.keycloak</groupId>
+                <artifactId>keycloak-account-ui</artifactId>
+                <version>${project.version}</version>
+            </dependency>
             <dependency>
                 <groupId>org.keycloak</groupId>
                 <artifactId>keycloak-admin-ui</artifactId>

quarkus/runtime/pom.xml

@@ -348,6 +348,16 @@
                 </exclusion>
             </exclusions>
         </dependency>
+        <dependency>
+            <groupId>org.keycloak</groupId>
+            <artifactId>keycloak-account-ui</artifactId>
+            <exclusions>
+                <exclusion>
+                    <groupId>*</groupId>
+                    <artifactId>*</artifactId>
+                </exclusion>
+            </exclusions>
+        </dependency>
         <dependency>
             <groupId>org.keycloak</groupId>
             <artifactId>keycloak-admin-ui</artifactId>

quarkus/tests/integration/src/test/resources/org/keycloak/it/cli/dist/approvals/cli/help/HelpCommandDistTest.testBuildHelp.unix.approved.txt

@@ -44,18 +44,20 @@ Transaction:
 Feature:
 
 --features <feature> Enables a set of one or more features. Possible values are: account-api,
-                       account2, admin-api, admin-fine-grained-authz, admin2, authorization, ciba,
+                       account2, account3, admin-api, admin-fine-grained-authz, admin2,
-                       client-policies, client-secret-rotation, declarative-user-profile, docker,
+                       authorization, ciba, client-policies, client-secret-rotation,
-                       dynamic-scopes, fips, impersonation, js-adapter, kerberos, map-storage,
+                       declarative-user-profile, docker, dynamic-scopes, fips, impersonation,
-                       openshift-integration, par, preview, recovery-codes, scripts,
+                       js-adapter, kerberos, map-storage, openshift-integration, par, preview,
-                       step-up-authentication, token-exchange, update-email, web-authn.
+                       recovery-codes, scripts, step-up-authentication, token-exchange,
+                       update-email, web-authn.
 --features-disabled <feature>
                      Disables a set of one or more features. Possible values are: account-api,
-                       account2, admin-api, admin-fine-grained-authz, admin2, authorization, ciba,
+                       account2, account3, admin-api, admin-fine-grained-authz, admin2,
-                       client-policies, client-secret-rotation, declarative-user-profile, docker,
+                       authorization, ciba, client-policies, client-secret-rotation,
-                       dynamic-scopes, fips, impersonation, js-adapter, kerberos, map-storage,
+                       declarative-user-profile, docker, dynamic-scopes, fips, impersonation,
-                       openshift-integration, par, preview, recovery-codes, scripts,
+                       js-adapter, kerberos, map-storage, openshift-integration, par, preview,
-                       step-up-authentication, token-exchange, update-email, web-authn.
+                       recovery-codes, scripts, step-up-authentication, token-exchange,
+                       update-email, web-authn.
 
 HTTP/TLS:
 

quarkus/tests/integration/src/test/resources/org/keycloak/it/cli/dist/approvals/cli/help/HelpCommandDistTest.testBuildHelp.windows.approved.txt

@@ -44,18 +44,20 @@ Transaction:
 Feature:
 
 --features <feature> Enables a set of one or more features. Possible values are: account-api,
-                       account2, admin-api, admin-fine-grained-authz, admin2, authorization, ciba,
+                       account2, account3, admin-api, admin-fine-grained-authz, admin2,
-                       client-policies, client-secret-rotation, declarative-user-profile, docker,
+                       authorization, ciba, client-policies, client-secret-rotation,
-                       dynamic-scopes, fips, impersonation, js-adapter, kerberos, map-storage,
+                       declarative-user-profile, docker, dynamic-scopes, fips, impersonation,
-                       openshift-integration, par, preview, recovery-codes, scripts,
+                       js-adapter, kerberos, map-storage, openshift-integration, par, preview,
-                       step-up-authentication, token-exchange, update-email, web-authn.
+                       recovery-codes, scripts, step-up-authentication, token-exchange,
+                       update-email, web-authn.
 --features-disabled <feature>
                      Disables a set of one or more features. Possible values are: account-api,
-                       account2, admin-api, admin-fine-grained-authz, admin2, authorization, ciba,
+                       account2, account3, admin-api, admin-fine-grained-authz, admin2,
-                       client-policies, client-secret-rotation, declarative-user-profile, docker,
+                       authorization, ciba, client-policies, client-secret-rotation,
-                       dynamic-scopes, fips, impersonation, js-adapter, kerberos, map-storage,
+                       declarative-user-profile, docker, dynamic-scopes, fips, impersonation,
-                       openshift-integration, par, preview, recovery-codes, scripts,
+                       js-adapter, kerberos, map-storage, openshift-integration, par, preview,
-                       step-up-authentication, token-exchange, update-email, web-authn.
+                       recovery-codes, scripts, step-up-authentication, token-exchange,
+                       update-email, web-authn.
 
 HTTP/TLS:
 

quarkus/tests/integration/src/test/resources/org/keycloak/it/cli/dist/approvals/cli/help/HelpCommandDistTest.testStartDevHelp.unix.approved.txt

@@ -69,18 +69,20 @@ Transaction:
 Feature:
 
 --features <feature> Enables a set of one or more features. Possible values are: account-api,
-                       account2, admin-api, admin-fine-grained-authz, admin2, authorization, ciba,
+                       account2, account3, admin-api, admin-fine-grained-authz, admin2,
-                       client-policies, client-secret-rotation, declarative-user-profile, docker,
+                       authorization, ciba, client-policies, client-secret-rotation,
-                       dynamic-scopes, fips, impersonation, js-adapter, kerberos, map-storage,
+                       declarative-user-profile, docker, dynamic-scopes, fips, impersonation,
-                       openshift-integration, par, preview, recovery-codes, scripts,
+                       js-adapter, kerberos, map-storage, openshift-integration, par, preview,
-                       step-up-authentication, token-exchange, update-email, web-authn.
+                       recovery-codes, scripts, step-up-authentication, token-exchange,
+                       update-email, web-authn.
 --features-disabled <feature>
                      Disables a set of one or more features. Possible values are: account-api,
-                       account2, admin-api, admin-fine-grained-authz, admin2, authorization, ciba,
+                       account2, account3, admin-api, admin-fine-grained-authz, admin2,
-                       client-policies, client-secret-rotation, declarative-user-profile, docker,
+                       authorization, ciba, client-policies, client-secret-rotation,
-                       dynamic-scopes, fips, impersonation, js-adapter, kerberos, map-storage,
+                       declarative-user-profile, docker, dynamic-scopes, fips, impersonation,
-                       openshift-integration, par, preview, recovery-codes, scripts,
+                       js-adapter, kerberos, map-storage, openshift-integration, par, preview,
-                       step-up-authentication, token-exchange, update-email, web-authn.
+                       recovery-codes, scripts, step-up-authentication, token-exchange,
+                       update-email, web-authn.
 
 Hostname:
 

quarkus/tests/integration/src/test/resources/org/keycloak/it/cli/dist/approvals/cli/help/HelpCommandDistTest.testStartDevHelp.windows.approved.txt

@@ -32,6 +32,8 @@ Database:
 
 --db <vendor>        The database vendor. Possible values are: dev-file, dev-mem, mariadb, mssql,
                        mysql, oracle, postgres. Default: dev-file.
+--db-driver <driver> The fully qualified class name of the JDBC driver. If not set, a default
+                       driver is set accordingly to the chosen database.
 --db-password <password>
                      The password of the database user.
 --db-pool-initial-size <size>
@@ -67,18 +69,20 @@ Transaction:
 Feature:
 
 --features <feature> Enables a set of one or more features. Possible values are: account-api,
-                       account2, admin-api, admin-fine-grained-authz, admin2, authorization, ciba,
+                       account2, account3, admin-api, admin-fine-grained-authz, admin2,
-                       client-policies, client-secret-rotation, declarative-user-profile, docker,
+                       authorization, ciba, client-policies, client-secret-rotation,
-                       dynamic-scopes, fips, impersonation, js-adapter, kerberos, map-storage,
+                       declarative-user-profile, docker, dynamic-scopes, fips, impersonation,
-                       openshift-integration, par, preview, recovery-codes, scripts,
+                       js-adapter, kerberos, map-storage, openshift-integration, par, preview,
-                       step-up-authentication, token-exchange, update-email, web-authn.
+                       recovery-codes, scripts, step-up-authentication, token-exchange,
+                       update-email, web-authn.
 --features-disabled <feature>
                      Disables a set of one or more features. Possible values are: account-api,
-                       account2, admin-api, admin-fine-grained-authz, admin2, authorization, ciba,
+                       account2, account3, admin-api, admin-fine-grained-authz, admin2,
-                       client-policies, client-secret-rotation, declarative-user-profile, docker,
+                       authorization, ciba, client-policies, client-secret-rotation,
-                       dynamic-scopes, fips, impersonation, js-adapter, kerberos, map-storage,
+                       declarative-user-profile, docker, dynamic-scopes, fips, impersonation,
-                       openshift-integration, par, preview, recovery-codes, scripts,
+                       js-adapter, kerberos, map-storage, openshift-integration, par, preview,
-                       step-up-authentication, token-exchange, update-email, web-authn.
+                       recovery-codes, scripts, step-up-authentication, token-exchange,
+                       update-email, web-authn.
 
 Hostname:
 

quarkus/tests/integration/src/test/resources/org/keycloak/it/cli/dist/approvals/cli/help/HelpCommandDistTest.testStartDevHelpAll.unix.approved.txt

@@ -132,18 +132,20 @@ Transaction:
 Feature:
 
 --features <feature> Enables a set of one or more features. Possible values are: account-api,
-                       account2, admin-api, admin-fine-grained-authz, admin2, authorization, ciba,
+                       account2, account3, admin-api, admin-fine-grained-authz, admin2,
-                       client-policies, client-secret-rotation, declarative-user-profile, docker,
+                       authorization, ciba, client-policies, client-secret-rotation,
-                       dynamic-scopes, fips, impersonation, js-adapter, kerberos, map-storage,
+                       declarative-user-profile, docker, dynamic-scopes, fips, impersonation,
-                       openshift-integration, par, preview, recovery-codes, scripts,
+                       js-adapter, kerberos, map-storage, openshift-integration, par, preview,
-                       step-up-authentication, token-exchange, update-email, web-authn.
+                       recovery-codes, scripts, step-up-authentication, token-exchange,
+                       update-email, web-authn.
 --features-disabled <feature>
                      Disables a set of one or more features. Possible values are: account-api,
-                       account2, admin-api, admin-fine-grained-authz, admin2, authorization, ciba,
+                       account2, account3, admin-api, admin-fine-grained-authz, admin2,
-                       client-policies, client-secret-rotation, declarative-user-profile, docker,
+                       authorization, ciba, client-policies, client-secret-rotation,
-                       dynamic-scopes, fips, impersonation, js-adapter, kerberos, map-storage,
+                       declarative-user-profile, docker, dynamic-scopes, fips, impersonation,
-                       openshift-integration, par, preview, recovery-codes, scripts,
+                       js-adapter, kerberos, map-storage, openshift-integration, par, preview,
-                       step-up-authentication, token-exchange, update-email, web-authn.
+                       recovery-codes, scripts, step-up-authentication, token-exchange,
+                       update-email, web-authn.
 
 Hostname:
 

quarkus/tests/integration/src/test/resources/org/keycloak/it/cli/dist/approvals/cli/help/HelpCommandDistTest.testStartDevHelpAll.windows.approved.txt

@@ -95,6 +95,8 @@ Database:
 
 --db <vendor>        The database vendor. Possible values are: dev-file, dev-mem, mariadb, mssql,
                        mysql, oracle, postgres. Default: dev-file.
+--db-driver <driver> The fully qualified class name of the JDBC driver. If not set, a default
+                       driver is set accordingly to the chosen database.
 --db-password <password>
                      The password of the database user.
 --db-pool-initial-size <size>
@@ -130,18 +132,20 @@ Transaction:
 Feature:
 
 --features <feature> Enables a set of one or more features. Possible values are: account-api,
-                       account2, admin-api, admin-fine-grained-authz, admin2, authorization, ciba,
+                       account2, account3, admin-api, admin-fine-grained-authz, admin2,
-                       client-policies, client-secret-rotation, declarative-user-profile, docker,
+                       authorization, ciba, client-policies, client-secret-rotation,
-                       dynamic-scopes, fips, impersonation, js-adapter, kerberos, map-storage,
+                       declarative-user-profile, docker, dynamic-scopes, fips, impersonation,
-                       openshift-integration, par, preview, recovery-codes, scripts,
+                       js-adapter, kerberos, map-storage, openshift-integration, par, preview,
-                       step-up-authentication, token-exchange, update-email, web-authn.
+                       recovery-codes, scripts, step-up-authentication, token-exchange,
+                       update-email, web-authn.
 --features-disabled <feature>
                      Disables a set of one or more features. Possible values are: account-api,
-                       account2, admin-api, admin-fine-grained-authz, admin2, authorization, ciba,
+                       account2, account3, admin-api, admin-fine-grained-authz, admin2,
-                       client-policies, client-secret-rotation, declarative-user-profile, docker,
+                       authorization, ciba, client-policies, client-secret-rotation,
-                       dynamic-scopes, fips, impersonation, js-adapter, kerberos, map-storage,
+                       declarative-user-profile, docker, dynamic-scopes, fips, impersonation,
-                       openshift-integration, par, preview, recovery-codes, scripts,
+                       js-adapter, kerberos, map-storage, openshift-integration, par, preview,
-                       step-up-authentication, token-exchange, update-email, web-authn.
+                       recovery-codes, scripts, step-up-authentication, token-exchange,
+                       update-email, web-authn.
 
 Hostname:
 

quarkus/tests/integration/src/test/resources/org/keycloak/it/cli/dist/approvals/cli/help/HelpCommandDistTest.testStartHelp.unix.approved.txt

@@ -75,18 +75,20 @@ Transaction:
 Feature:
 
 --features <feature> Enables a set of one or more features. Possible values are: account-api,
-                       account2, admin-api, admin-fine-grained-authz, admin2, authorization, ciba,
+                       account2, account3, admin-api, admin-fine-grained-authz, admin2,
-                       client-policies, client-secret-rotation, declarative-user-profile, docker,
+                       authorization, ciba, client-policies, client-secret-rotation,
-                       dynamic-scopes, fips, impersonation, js-adapter, kerberos, map-storage,
+                       declarative-user-profile, docker, dynamic-scopes, fips, impersonation,
-                       openshift-integration, par, preview, recovery-codes, scripts,
+                       js-adapter, kerberos, map-storage, openshift-integration, par, preview,
-                       step-up-authentication, token-exchange, update-email, web-authn.
+                       recovery-codes, scripts, step-up-authentication, token-exchange,
+                       update-email, web-authn.
 --features-disabled <feature>
                      Disables a set of one or more features. Possible values are: account-api,
-                       account2, admin-api, admin-fine-grained-authz, admin2, authorization, ciba,
+                       account2, account3, admin-api, admin-fine-grained-authz, admin2,
-                       client-policies, client-secret-rotation, declarative-user-profile, docker,
+                       authorization, ciba, client-policies, client-secret-rotation,
-                       dynamic-scopes, fips, impersonation, js-adapter, kerberos, map-storage,
+                       declarative-user-profile, docker, dynamic-scopes, fips, impersonation,
-                       openshift-integration, par, preview, recovery-codes, scripts,
+                       js-adapter, kerberos, map-storage, openshift-integration, par, preview,
-                       step-up-authentication, token-exchange, update-email, web-authn.
+                       recovery-codes, scripts, step-up-authentication, token-exchange,
+                       update-email, web-authn.
 
 Hostname:
 

quarkus/tests/integration/src/test/resources/org/keycloak/it/cli/dist/approvals/cli/help/HelpCommandDistTest.testStartHelp.windows.approved.txt

@@ -38,6 +38,8 @@ Database:
 
 --db <vendor>        The database vendor. Possible values are: dev-file, dev-mem, mariadb, mssql,
                        mysql, oracle, postgres. Default: dev-file.
+--db-driver <driver> The fully qualified class name of the JDBC driver. If not set, a default
+                       driver is set accordingly to the chosen database.
 --db-password <password>
                      The password of the database user.
 --db-pool-initial-size <size>
@@ -73,18 +75,20 @@ Transaction:
 Feature:
 
 --features <feature> Enables a set of one or more features. Possible values are: account-api,
-                       account2, admin-api, admin-fine-grained-authz, admin2, authorization, ciba,
+                       account2, account3, admin-api, admin-fine-grained-authz, admin2,
-                       client-policies, client-secret-rotation, declarative-user-profile, docker,
+                       authorization, ciba, client-policies, client-secret-rotation,
-                       dynamic-scopes, fips, impersonation, js-adapter, kerberos, map-storage,
+                       declarative-user-profile, docker, dynamic-scopes, fips, impersonation,
-                       openshift-integration, par, preview, recovery-codes, scripts,
+                       js-adapter, kerberos, map-storage, openshift-integration, par, preview,
-                       step-up-authentication, token-exchange, update-email, web-authn.
+                       recovery-codes, scripts, step-up-authentication, token-exchange,
+                       update-email, web-authn.
 --features-disabled <feature>
                      Disables a set of one or more features. Possible values are: account-api,
-                       account2, admin-api, admin-fine-grained-authz, admin2, authorization, ciba,
+                       account2, account3, admin-api, admin-fine-grained-authz, admin2,
-                       client-policies, client-secret-rotation, declarative-user-profile, docker,
+                       authorization, ciba, client-policies, client-secret-rotation,
-                       dynamic-scopes, fips, impersonation, js-adapter, kerberos, map-storage,
+                       declarative-user-profile, docker, dynamic-scopes, fips, impersonation,
-                       openshift-integration, par, preview, recovery-codes, scripts,
+                       js-adapter, kerberos, map-storage, openshift-integration, par, preview,
-                       step-up-authentication, token-exchange, update-email, web-authn.
+                       recovery-codes, scripts, step-up-authentication, token-exchange,
+                       update-email, web-authn.
 
 Hostname:
 

quarkus/tests/integration/src/test/resources/org/keycloak/it/cli/dist/approvals/cli/help/HelpCommandDistTest.testStartHelpAll.unix.approved.txt

@@ -138,18 +138,20 @@ Transaction:
 Feature:
 
 --features <feature> Enables a set of one or more features. Possible values are: account-api,
-                       account2, admin-api, admin-fine-grained-authz, admin2, authorization, ciba,
+                       account2, account3, admin-api, admin-fine-grained-authz, admin2,
-                       client-policies, client-secret-rotation, declarative-user-profile, docker,
+                       authorization, ciba, client-policies, client-secret-rotation,
-                       dynamic-scopes, fips, impersonation, js-adapter, kerberos, map-storage,
+                       declarative-user-profile, docker, dynamic-scopes, fips, impersonation,
-                       openshift-integration, par, preview, recovery-codes, scripts,
+                       js-adapter, kerberos, map-storage, openshift-integration, par, preview,
-                       step-up-authentication, token-exchange, update-email, web-authn.
+                       recovery-codes, scripts, step-up-authentication, token-exchange,
+                       update-email, web-authn.
 --features-disabled <feature>
                      Disables a set of one or more features. Possible values are: account-api,
-                       account2, admin-api, admin-fine-grained-authz, admin2, authorization, ciba,
+                       account2, account3, admin-api, admin-fine-grained-authz, admin2,
-                       client-policies, client-secret-rotation, declarative-user-profile, docker,
+                       authorization, ciba, client-policies, client-secret-rotation,
-                       dynamic-scopes, fips, impersonation, js-adapter, kerberos, map-storage,
+                       declarative-user-profile, docker, dynamic-scopes, fips, impersonation,
-                       openshift-integration, par, preview, recovery-codes, scripts,
+                       js-adapter, kerberos, map-storage, openshift-integration, par, preview,
-                       step-up-authentication, token-exchange, update-email, web-authn.
+                       recovery-codes, scripts, step-up-authentication, token-exchange,
+                       update-email, web-authn.
 
 Hostname:
 

quarkus/tests/integration/src/test/resources/org/keycloak/it/cli/dist/approvals/cli/help/HelpCommandDistTest.testStartHelpAll.windows.approved.txt

@@ -101,6 +101,8 @@ Database:
 
 --db <vendor>        The database vendor. Possible values are: dev-file, dev-mem, mariadb, mssql,
                        mysql, oracle, postgres. Default: dev-file.
+--db-driver <driver> The fully qualified class name of the JDBC driver. If not set, a default
+                       driver is set accordingly to the chosen database.
 --db-password <password>
                      The password of the database user.
 --db-pool-initial-size <size>
@@ -136,18 +138,20 @@ Transaction:
 Feature:
 
 --features <feature> Enables a set of one or more features. Possible values are: account-api,
-                       account2, admin-api, admin-fine-grained-authz, admin2, authorization, ciba,
+                       account2, account3, admin-api, admin-fine-grained-authz, admin2,
-                       client-policies, client-secret-rotation, declarative-user-profile, docker,
+                       authorization, ciba, client-policies, client-secret-rotation,
-                       dynamic-scopes, fips, impersonation, js-adapter, kerberos, map-storage,
+                       declarative-user-profile, docker, dynamic-scopes, fips, impersonation,
-                       openshift-integration, par, preview, recovery-codes, scripts,
+                       js-adapter, kerberos, map-storage, openshift-integration, par, preview,
-                       step-up-authentication, token-exchange, update-email, web-authn.
+                       recovery-codes, scripts, step-up-authentication, token-exchange,
+                       update-email, web-authn.
 --features-disabled <feature>
                      Disables a set of one or more features. Possible values are: account-api,
-                       account2, admin-api, admin-fine-grained-authz, admin2, authorization, ciba,
+                       account2, account3, admin-api, admin-fine-grained-authz, admin2,
-                       client-policies, client-secret-rotation, declarative-user-profile, docker,
+                       authorization, ciba, client-policies, client-secret-rotation,
-                       dynamic-scopes, fips, impersonation, js-adapter, kerberos, map-storage,
+                       declarative-user-profile, docker, dynamic-scopes, fips, impersonation,
-                       openshift-integration, par, preview, recovery-codes, scripts,
+                       js-adapter, kerberos, map-storage, openshift-integration, par, preview,
-                       step-up-authentication, token-exchange, update-email, web-authn.
+                       recovery-codes, scripts, step-up-authentication, token-exchange,
+                       update-email, web-authn.
 
 Hostname:
 

server-spi/src/main/java/org/keycloak/theme/ThemeSelectorProvider.java

@@ -28,6 +28,7 @@ public interface ThemeSelectorProvider extends Provider {
 
     String DEFAULT = "keycloak";
     String DEFAULT_V2 = "keycloak.v2";
+    String DEFAULT_V3 = "keycloak.v3";
 
     /**
      * Return the theme name to use for the specified type
@@ -43,6 +44,10 @@ public interface ThemeSelectorProvider extends Provider {
             return name;
         }
 
+        if ((type == Theme.Type.ACCOUNT) && Profile.isFeatureEnabled(Profile.Feature.ACCOUNT3)) {
+            return DEFAULT_V3;
+        }
+
         if ((type == Theme.Type.ACCOUNT) && Profile.isFeatureEnabled(Profile.Feature.ACCOUNT2)) {
             return DEFAULT_V2;
         }

services/src/main/java/org/keycloak/services/resources/admin/info/ServerInfoAdminResource.java

@@ -212,6 +212,13 @@ public class ServerInfoAdminResource {
             filteredNames.remove("rh-sso.v2");
         }
 
+        boolean filterAccountV3 = (type == Theme.Type.ACCOUNT) && 
+            !Profile.isFeatureEnabled(Profile.Feature.ACCOUNT3);
+
+        if (filterAccountV3) {
+            filteredNames.remove("keycloak.v3");
+        }
+        
         return filteredNames;
     }
 

services/src/main/java/org/keycloak/theme/DefaultThemeManager.java

@@ -315,8 +315,4 @@ public class DefaultThemeManager implements ThemeManager {
         return providers;
     }
 
-    private static boolean isAccount2Enabled() {
-        return Profile.isFeatureEnabled(Profile.Feature.ACCOUNT2);
-    }
-
 }

testsuite/integration-arquillian/pom.xml

@@ -205,11 +205,6 @@
                 <artifactId>undertow-embedded</artifactId>
                 <version>${undertow-embedded.version}</version>
             </dependency>
-            <dependency>
-                <groupId>org.keycloak</groupId>
-                <artifactId>keycloak-admin-ui</artifactId>
-                <version>${project.version}</version>
-            </dependency>
             <dependency>
                 <groupId>org.keycloak</groupId>
                 <artifactId>keycloak-rest-admin-ui-ext</artifactId>

testsuite/utils/pom.xml

@@ -48,16 +48,6 @@
             <artifactId>keycloak-dependencies-server-all</artifactId>
             <type>pom</type>
         </dependency>
-        <dependency>
-            <groupId>org.keycloak</groupId>
-            <artifactId>keycloak-admin-ui</artifactId>
-            <exclusions>
-                <exclusion>
-                    <groupId>*</groupId>
-                    <artifactId>*</artifactId>
-                </exclusion>
-            </exclusions>
-        </dependency>
         <dependency>
             <groupId>org.keycloak</groupId>
             <artifactId>keycloak-rest-admin-ui-ext</artifactId>