Update 18_0_0.adoc
This commit is contained in:
Stian Thorgersen
GitHub
parent
153293a910
commit
a4bb712ab9
1 changed files with 17 additions and 19 deletions
|
|
@ -1,6 +1,4 @@
|
|||
= Highlights
|
||||
|
||||
== New Operator preview
|
||||
= New Operator preview
|
||||
|
||||
With this release, we're introducing a brand new {project_operator} as a preview. Apart from being rewritten from
|
||||
scratch, the main user-facing change from the legacy Operator is the used {project_name} distribution – the new Operator
|
||||
|
|
@ -10,20 +8,20 @@ For details, incl. installation and migration instructions, see the https://www.
|
|||
The link:{operatorRepo_link}[legacy Operator] will receive updates until Keycloak 20 when the {project_name} WildFly
|
||||
distribution reaches EOL.
|
||||
|
||||
=== OperatorHub versioning scheme
|
||||
== OperatorHub versioning scheme
|
||||
To avoid version conflicts with the legacy Operator, the 18.0.0 version of the new Operator is released as version
|
||||
`20.0.0-alpha.1` on OperatorHub. The legacy Operator versioning scheme remains the same, i.e. it is released as 18.0.0.
|
||||
|
||||
The same pattern will apply for future {project_name} 18 and 19 releases, until version 20 where the legacy Operator
|
||||
reaches EOL.
|
||||
|
||||
== New Admin Console preview
|
||||
= New Admin Console preview
|
||||
|
||||
The new Admin Console is now graduated to preview, with the plan for it to become the default admin console in Keycloak 19.
|
||||
|
||||
If you find any issues with the new console, or have some suggestions for improvements, please let us know through https://github.com/keycloak/keycloak/discussions/categories/new-admin-console[GitHub Discussions].
|
||||
|
||||
== Step-up authentication
|
||||
= Step-up authentication
|
||||
|
||||
{project_name} now supports Step-up authentication. This feature was added in Keycloak 17, and was further polished in this version.
|
||||
|
||||
|
|
@ -31,17 +29,17 @@ For more details, see link:{adminguide_link}#_step-up-flow[{adminguide_name}].
|
|||
|
||||
Thanks to https://github.com/CorneliaLahnsteiner[Cornelia Lahnsteiner] and https://github.com/romge[Georg Romstorfer] for the contribution.
|
||||
|
||||
== Client secret rotation
|
||||
= Client secret rotation
|
||||
|
||||
{project_name} now supports Client Secret Rotation through customer policies. This feature is now available as a preview feature and allows that confidential clients can be provided with realm policies allowing the use up to two secrets simultaneously.
|
||||
|
||||
For more details, see link:{adminguide_link}#_secret_rotation[{adminguide_name}].
|
||||
|
||||
== Recovery Codes
|
||||
= Recovery Codes
|
||||
|
||||
Recovery Codes as another way to do two-factor authentication is now available as a preview feature.
|
||||
|
||||
== OpenID Connect Logout Improvements
|
||||
= OpenID Connect Logout Improvements
|
||||
|
||||
Some fixes and improvements were made to make sure that {project_name} is now fully compliant with all the OpenID Connect logout specifications:
|
||||
|
||||
|
|
@ -52,7 +50,7 @@ Some fixes and improvements were made to make sure that {project_name} is now fu
|
|||
|
||||
For more details, see link:{adminguide_link}#_oidc-logout[{adminguide_name}].
|
||||
|
||||
== WebAuthn improvements
|
||||
= WebAuthn improvements
|
||||
|
||||
{project_name} now supports WebAuthn id-less authentication. This feature allows that WebAuthn Security Key will identify the user during authentication as long as the
|
||||
security key supports Resident Keys. For more details, see link:{adminguide_link}#_webauthn_loginless[{adminguide_name}].
|
||||
|
|
@ -60,7 +58,7 @@ Thanks to https://github.com/vanrar68[Joaquim Fellmann] for the contribution.
|
|||
|
||||
There are more WebAuthn improvements and fixes in addition to that.
|
||||
|
||||
== The deprecated `upload-script` feature was removed
|
||||
= The deprecated `upload-script` feature was removed
|
||||
|
||||
The `upload-script` feature has been marked as deprecated for a very long time. In this release, it was completely removed, and it is no longer supported.
|
||||
|
||||
|
|
@ -73,27 +71,27 @@ If you are using any of these capabilities:
|
|||
You should consider reading this https://www.keycloak.org/docs/latest/server_development/#_script_providers[documentation] in order to understand how to still rely
|
||||
on these capabilities but deploying your scripts to the server rather than managing them through the management interfaces.
|
||||
|
||||
== Session limits
|
||||
= Session limits
|
||||
|
||||
{project_name} now supports limits on the number of sessions a user can have. Limits can be placed at the realm level or at the client level.
|
||||
|
||||
For more details, see link:{adminguide_link}#_user_session_limits[{adminguide_name}].
|
||||
Thanks to https://github.com/mfdewit[Mauro de Wit] for the contribution.
|
||||
|
||||
== SAML ECP Profile is disabled by default
|
||||
= SAML ECP Profile is disabled by default
|
||||
|
||||
To mitigate the risk of abusing SAML ECP Profile, {project_name} now blocks
|
||||
this flow for all SAML clients that do not allow it explicitly. The profile
|
||||
can be enabled using _Allow ECP Flow_ flag within client configuration,
|
||||
see link:{adminguide_link}#_client-saml-configuration[{adminguide_name}].
|
||||
|
||||
== Quarkus distribution
|
||||
= Quarkus distribution
|
||||
|
||||
=== Import realms at startup
|
||||
== Import realms at startup
|
||||
|
||||
The {project_name} Quarkus distribution now supports importing your realms directly at start-up. For more information, check the corresponding https://www.keycloak.org/server/importExport[guide].
|
||||
|
||||
=== JSON and File Logging improvements
|
||||
== JSON and File Logging improvements
|
||||
|
||||
The {project_name} Quarkus distribution now initially supports logging to a File and logging structured data using JSON.
|
||||
|
||||
|
|
@ -105,14 +103,14 @@ The {project_name} Quarkus distribution now supports expanding values in keycloa
|
|||
|
||||
For more information, check the corresponding https://www.keycloak.org/server/configuration[guide].
|
||||
|
||||
=== New Option db-url-port
|
||||
== New Option db-url-port
|
||||
|
||||
You can now change the port of your jdbc connection string explicitly by setting the new `db-url-port` configuration option. As for the other convenience options, this option will be overridden by the value of a full `db-url`, if set.
|
||||
|
||||
=== Split metrics-enabled option into health-enabled and metrics-enabled
|
||||
== Split metrics-enabled option into health-enabled and metrics-enabled
|
||||
The `metrics-enabled` option now only enables the metrics for {project_name}. To enable the readiness and liveness probe, there's the new build option `health-enabled`. This allows more fine-grained usage of these options.
|
||||
|
||||
== Other improvements
|
||||
= Other improvements
|
||||
|
||||
* Account console alignments with latest PatternFly release.
|
||||
* Support for encrypted User Info endpoint response. Thanks to https://github.com/giacomoa[Giacomo Altiero]
|
||||
|
|
|
|||
Loading…
Reference in a new issue