libre.sh/keycloak-scim
3
0
Fork 0
Code Issues 15 Pull requests Releases Packages Activity Actions

Add new version of Welcome theme based on PatternFly 5 (#23008)

Browse source
This commit is contained in:
Jon Koops 2023-09-14 14:24:17 +02:00 committed by GitHub
parent 86c0e338d9
commit bcab75a7ef
No known key found for this signature in database
GPG key ID: 4AEE18F83AFDEB23
38 changed files with 2949 additions and 1817 deletions
Show stats Download patch file Download diff file Expand all files Collapse all files

11
.github/dependabot.yml vendored
View file

@ -22,6 +22,17 @@ updates:
labels:
- area/dependencies
- team/ui
- package-ecosystem: npm
directory: /themes/src/main/resources/theme/keycloak.v2/welcome
schedule:
interval: daily
time: "00:00"
timezone: Etc/GMT
open-pull-requests-limit: 999
rebase-strategy: disabled
labels:
- area/dependencies
- team/ui
- package-ecosystem: npm
directory: js
open-pull-requests-limit: 999

2
.github/workflows/js-ci.yml vendored
View file

@ -49,7 +49,7 @@ jobs:
- name: Build Keycloak
run: |
./mvnw clean install --batch-mode --errors -DskipTests -DskipTestsuite -DskipExamples -DskipAccount2 -DskipCommon -Pdistribution
./mvnw clean install --batch-mode --errors -DskipTests -DskipTestsuite -DskipExamples -DskipAccount2 -DskipWelcome2 -DskipCommon -Pdistribution
mv ./quarkus/dist/target/keycloak-999.0.0-SNAPSHOT.tar.gz ./keycloak-999.0.0-SNAPSHOT.tar.gz
- name: Upload Keycloak dist

2
common/src/main/java/org/keycloak/common/Profile.java
View file

@ -63,6 +63,8 @@ public class Profile {
WEB_AUTHN("W3C Web Authentication (WebAuthn)", Type.DEFAULT),
LEGACY_WELCOME("Disables the new 'welcome' theme, and restores the legacy version.", Type.DEPRECATED),
CLIENT_POLICIES("Client configuration policies", Type.DEFAULT),
CIBA("OpenID Connect Client Initiated Backchannel Authentication (CIBA)", Type.DEFAULT),

1
common/src/test/java/org/keycloak/common/ProfileTest.java
View file

@ -80,6 +80,7 @@ public class ProfileTest {
Profile.Feature.RECOVERY_CODES,
Profile.Feature.SCRIPTS,
Profile.Feature.TOKEN_EXCHANGE,
Profile.Feature.LEGACY_WELCOME,
Profile.Feature.MAP_STORAGE,
Profile.Feature.DECLARATIVE_USER_PROFILE,
Profile.Feature.CLIENT_SECRET_ROTATION,

3
quarkus/tests/integration/src/test/java/org/keycloak/it/cli/dist/HostnameDistTest.java vendored
View file

@ -24,6 +24,7 @@ import org.junit.jupiter.api.BeforeAll;
import org.junit.jupiter.api.Test;
import org.keycloak.it.junit5.extension.DistributionTest;
import org.keycloak.it.junit5.extension.RawDistOnly;
import org.keycloak.it.junit5.extension.WithEnvVars;
import org.keycloak.protocol.oidc.representations.OIDCConfigurationRepresentation;
import org.keycloak.quarkus.runtime.services.resources.DebugHostnameSettingsResource;
@ -107,6 +108,7 @@ public class HostnameDistTest {
}
@Test
@WithEnvVars({ "KEYCLOAK_ADMIN", "admin", "KEYCLOAK_ADMIN_PASSWORD", "admin" })
@Launch({ "start", "--hostname=mykeycloak.org", "--hostname-port=8543" })
public void testWelcomePageAdminUrl() {
Assert.assertTrue(when().get("http://mykeycloak.org:8080").asString().contains("http://mykeycloak.org:8080/admin/"));
@ -172,6 +174,7 @@ public class HostnameDistTest {
}
@Test
@WithEnvVars({ "KEYCLOAK_ADMIN", "admin", "KEYCLOAK_ADMIN_PASSWORD", "admin" })
@Launch({ "start", "--proxy=edge", "--hostname=mykeycloak.org", "--hostname-admin-url=http://mykeycloakadmin.org:1234" })
public void testAdminUrl() {
Assert.assertTrue(when().get("https://mykeycloak.org:8443").asString().contains("http://mykeycloakadmin.org:1234/admin/"));

2
quarkus/tests/integration/src/test/java/org/keycloak/it/cli/dist/ProxyDistTest.java vendored
View file

@ -26,6 +26,7 @@ import org.junit.jupiter.api.BeforeAll;
import org.junit.jupiter.api.Test;
import org.keycloak.it.junit5.extension.DistributionTest;
import org.keycloak.it.junit5.extension.RawDistOnly;
import org.keycloak.it.junit5.extension.WithEnvVars;
import org.keycloak.protocol.oidc.representations.OIDCConfigurationRepresentation;
import io.quarkus.test.junit.main.Launch;
@ -56,6 +57,7 @@ public class ProxyDistTest {
}
@Test
@WithEnvVars({ "KEYCLOAK_ADMIN", "admin", "KEYCLOAK_ADMIN_PASSWORD", "admin" })
@Launch({ "start-dev", "--hostname=mykeycloak.org", "--proxy=edge" })
public void testForwardedHeadersWithEdge() {
given().header("Forwarded", "for=12.34.56.78;host=test:1234;proto=https, for=23.45.67.89").when().get("http://mykeycloak.org:8080").then().body(containsString("https://test:1234/admin"));

8
quarkus/tests/integration/src/test/resources/org/keycloak/it/cli/dist/approvals/cli/help/HelpCommandDistTest.testBuildHelp.unix.approved.txt vendored
View file

@ -48,16 +48,16 @@ Feature:
account2, account3, admin-api, admin-fine-grained-authz, admin2,
authorization, ciba, client-policies, client-secret-rotation,
declarative-user-profile, docker, dpop, dynamic-scopes, fips, impersonation,
js-adapter, kerberos, linkedin-oauth, map-storage, par, preview,
recovery-codes, scripts, step-up-authentication, token-exchange,
js-adapter, kerberos, legacy-welcome, linkedin-oauth, map-storage, par,
preview, recovery-codes, scripts, step-up-authentication, token-exchange,
update-email, web-authn.
--features-disabled <feature>
Disables a set of one or more features. Possible values are: account-api,
account2, account3, admin-api, admin-fine-grained-authz, admin2,
authorization, ciba, client-policies, client-secret-rotation,
declarative-user-profile, docker, dpop, dynamic-scopes, fips, impersonation,
js-adapter, kerberos, linkedin-oauth, map-storage, par, preview,
recovery-codes, scripts, step-up-authentication, token-exchange,
js-adapter, kerberos, legacy-welcome, linkedin-oauth, map-storage, par,
preview, recovery-codes, scripts, step-up-authentication, token-exchange,
update-email, web-authn.
HTTP/TLS:

10
quarkus/tests/integration/src/test/resources/org/keycloak/it/cli/dist/approvals/cli/help/HelpCommandDistTest.testBuildHelp.windows.approved.txt vendored
View file

@ -48,16 +48,16 @@ Feature:
account2, account3, admin-api, admin-fine-grained-authz, admin2,
authorization, ciba, client-policies, client-secret-rotation,
declarative-user-profile, docker, dpop, dynamic-scopes, fips, impersonation,
js-adapter, kerberos, linkedin-oauth, map-storage, par, preview,
recovery-codes, scripts, step-up-authentication, token-exchange,
js-adapter, kerberos, legacy-welcome, linkedin-oauth, map-storage, par,
preview, recovery-codes, scripts, step-up-authentication, token-exchange,
update-email, web-authn.
--features-disabled <feature>
Disables a set of one or more features. Possible values are: account-api,
account2, account3, admin-api, admin-fine-grained-authz, admin2,
authorization, ciba, client-policies, client-secret-rotation,
declarative-user-profile, docker, dpop, dynamic-scopes, fips, impersonation,
js-adapter, kerberos, linkedin-oauth, map-storage, par, preview,
recovery-codes, scripts, step-up-authentication, token-exchange,
js-adapter, kerberos, legacy-welcome, linkedin-oauth, map-storage, par,
preview, recovery-codes, scripts, step-up-authentication, token-exchange,
update-email, web-authn.
HTTP/TLS:
@ -81,7 +81,7 @@ Metrics:
Vault:
--vault <provider> Enables a vault provider. Possible values are: file.
--vault <provider> Enables a vault provider. Possible values are: file, keystore.
Security:

2
quarkus/tests/integration/src/test/resources/org/keycloak/it/cli/dist/approvals/cli/help/HelpCommandDistTest.testDefaultToHelp.windows.approved.txt vendored
View file

@ -7,8 +7,6 @@ Usage:
kc.bat [OPTIONS] [COMMAND]
Use this command-line tool to manage your Keycloak cluster.
Make sure the command is available on your "PATH" or prefix it with "./" (e.g.:
"./kc.bat") to execute from the current folder.
Options:

8
quarkus/tests/integration/src/test/resources/org/keycloak/it/cli/dist/approvals/cli/help/HelpCommandDistTest.testExportHelp.unix.approved.txt vendored
View file

@ -59,16 +59,16 @@ Feature:
account2, account3, admin-api, admin-fine-grained-authz, admin2,
authorization, ciba, client-policies, client-secret-rotation,
declarative-user-profile, docker, dpop, dynamic-scopes, fips, impersonation,
js-adapter, kerberos, linkedin-oauth, map-storage, par, preview,
recovery-codes, scripts, step-up-authentication, token-exchange,
js-adapter, kerberos, legacy-welcome, linkedin-oauth, map-storage, par,
preview, recovery-codes, scripts, step-up-authentication, token-exchange,
update-email, web-authn.
--features-disabled <feature>
Disables a set of one or more features. Possible values are: account-api,
account2, account3, admin-api, admin-fine-grained-authz, admin2,
authorization, ciba, client-policies, client-secret-rotation,
declarative-user-profile, docker, dpop, dynamic-scopes, fips, impersonation,
js-adapter, kerberos, linkedin-oauth, map-storage, par, preview,
recovery-codes, scripts, step-up-authentication, token-exchange,
js-adapter, kerberos, legacy-welcome, linkedin-oauth, map-storage, par,
preview, recovery-codes, scripts, step-up-authentication, token-exchange,
update-email, web-authn.
Config:

145
quarkus/tests/integration/src/test/resources/org/keycloak/it/cli/dist/approvals/cli/help/HelpCommandDistTest.testExportHelp.windows.approved.txt vendored Normal file
View file

@ -0,0 +1,145 @@
Export data from realms to a file or directory.
Usage:
kc.bat export [OPTIONS]
Export data from realms to a file or directory.
Options:
-h, --help This help message.
--help-all This same help message but with additional options.
--optimized Use this option to achieve an optimal startup time if you have previously
built a server image using the 'build' command.
Database:
--db <vendor> The database vendor. Possible values are: dev-file, dev-mem, mariadb, mssql,
mysql, oracle, postgres. Default: dev-file.
--db-driver <driver> The fully qualified class name of the JDBC driver. If not set, a default
driver is set accordingly to the chosen database.
--db-password <password>
The password of the database user.
--db-pool-initial-size <size>
The initial size of the connection pool.
--db-pool-max-size <size>
The maximum size of the connection pool. Default: 100.
--db-pool-min-size <size>
The minimal size of the connection pool.
--db-schema <schema> The database schema to be used.
--db-url <jdbc-url> The full database JDBC URL. If not provided, a default URL is set based on the
selected database vendor. For instance, if using 'postgres', the default
JDBC URL would be 'jdbc:postgresql://localhost/keycloak'.
--db-url-database <dbname>
Sets the database name of the default JDBC URL of the chosen vendor. If the
`db-url` option is set, this option is ignored.
--db-url-host <hostname>
Sets the hostname of the default JDBC URL of the chosen vendor. If the
`db-url` option is set, this option is ignored.
--db-url-port <port> Sets the port of the default JDBC URL of the chosen vendor. If the `db-url`
option is set, this option is ignored.
--db-url-properties <properties>
Sets the properties of the default JDBC URL of the chosen vendor. Make sure to
set the properties accordingly to the format expected by the database
vendor, as well as appending the right character at the beginning of this
property value. If the `db-url` option is set, this option is ignored.
--db-username <username>
The username of the database user.
Transaction:
--transaction-xa-enabled <true|false>
If set to false, Keycloak uses a non-XA datasource in case the database does
not support XA transactions. Default: true.
Feature:
--features <feature> Enables a set of one or more features. Possible values are: account-api,
account2, account3, admin-api, admin-fine-grained-authz, admin2,
authorization, ciba, client-policies, client-secret-rotation,
declarative-user-profile, docker, dpop, dynamic-scopes, fips, impersonation,
js-adapter, kerberos, legacy-welcome, linkedin-oauth, map-storage, par,
preview, recovery-codes, scripts, step-up-authentication, token-exchange,
update-email, web-authn.
--features-disabled <feature>
Disables a set of one or more features. Possible values are: account-api,
account2, account3, admin-api, admin-fine-grained-authz, admin2,
authorization, ciba, client-policies, client-secret-rotation,
declarative-user-profile, docker, dpop, dynamic-scopes, fips, impersonation,
js-adapter, kerberos, legacy-welcome, linkedin-oauth, map-storage, par,
preview, recovery-codes, scripts, step-up-authentication, token-exchange,
update-email, web-authn.
Config:
--config-keystore <config-keystore>
Specifies a path to the KeyStore Configuration Source.
--config-keystore-password <config-keystore-password>
Specifies a password to the KeyStore Configuration Source.
--config-keystore-type <config-keystore-type>
Specifies a type of the KeyStore Configuration Source. Default: PKCS12.
Logging:
--log <handler> Enable one or more log handlers in a comma-separated list. Possible values
are: console, file, gelf. Default: console.
--log-console-color <true|false>
Enable or disable colors when logging to console. Default: false.
--log-console-format <format>
The format of unstructured console log entries. If the format has spaces in
it, escape the value using "<format>". Default: %d{yyyy-MM-dd HH:mm:ss,SSS} %
-5p [%c] (%t) %s%e%n.
--log-console-output <output>
Set the log output to JSON or default (plain) unstructured logging. Possible
values are: default, json. Default: default.
--log-file <file> Set the log file path and filename. Default: data\log\keycloak.log.
--log-file-format <format>
Set a format specific to file log entries. Default: %d{yyyy-MM-dd HH:mm:ss,
SSS} %-5p [%c] (%t) %s%e%n.
--log-file-output <output>
Set the log output to JSON or default (plain) unstructured logging. Possible
values are: default, json. Default: default.
--log-gelf-facility <name>
The facility (name of the process) that sends the message. Default: keycloak.
--log-gelf-host <hostname>
Hostname of the Logstash or Graylog Host. By default UDP is used, prefix the
host with 'tcp:' to switch to TCP. Example: 'tcp:localhost' Default:
localhost.
--log-gelf-include-location <true|false>
Include source code location. Default: true.
--log-gelf-include-message-parameters <true|false>
Include message parameters from the log event. Default: true.
--log-gelf-include-stack-trace <true|false>
If set to true, occuring stack traces are included in the 'StackTrace' field
in the GELF output. Default: true.
--log-gelf-level <level>
The log level specifying which message levels will be logged by the GELF
logger. Message levels lower than this value will be discarded. Default:
INFO.
--log-gelf-max-message-size <size>
Maximum message size (in bytes). If the message size is exceeded, GELF will
submit the message in multiple chunks. Default: 8192.
--log-gelf-port <port>
The port the Logstash or Graylog Host is called on. Default: 12201.
--log-gelf-timestamp-format <pattern>
Set the format for the GELF timestamp field. Uses Java SimpleDateFormat
pattern. Default: yyyy-MM-dd HH:mm:ss,SSS.
--log-level <category:level>
The log level of the root category or a comma-separated list of individual
categories and their levels. For the root category, you don't need to
specify a category. Default: info.
Export:
--dir <dir> Set the path to a directory where files will be created with the exported data.
--file <file> Set the path to a file that will be created with the exported data. To export
more than 500 users, export to a directory with different files instead.
--realm <realm> Set the name of the realm to export. If not set, all realms are going to be
exported.
--users <strategy> Set how users should be exported. Possible values are: skip, realm_file,
same_file, different_files. Default: different_files.
--users-per-file <number>
Set the number of users per file. It is used only if 'users' is set to
'different_files'. Increasing this number leads to exponentially increasing
export times. Default: 50.

8
quarkus/tests/integration/src/test/resources/org/keycloak/it/cli/dist/approvals/cli/help/HelpCommandDistTest.testExportHelpAll.unix.approved.txt vendored
View file

@ -122,16 +122,16 @@ Feature:
account2, account3, admin-api, admin-fine-grained-authz, admin2,
authorization, ciba, client-policies, client-secret-rotation,
declarative-user-profile, docker, dpop, dynamic-scopes, fips, impersonation,
js-adapter, kerberos, linkedin-oauth, map-storage, par, preview,
recovery-codes, scripts, step-up-authentication, token-exchange,
js-adapter, kerberos, legacy-welcome, linkedin-oauth, map-storage, par,
preview, recovery-codes, scripts, step-up-authentication, token-exchange,
update-email, web-authn.
--features-disabled <feature>
Disables a set of one or more features. Possible values are: account-api,
account2, account3, admin-api, admin-fine-grained-authz, admin2,
authorization, ciba, client-policies, client-secret-rotation,
declarative-user-profile, docker, dpop, dynamic-scopes, fips, impersonation,
js-adapter, kerberos, linkedin-oauth, map-storage, par, preview,
recovery-codes, scripts, step-up-authentication, token-exchange,
js-adapter, kerberos, legacy-welcome, linkedin-oauth, map-storage, par,
preview, recovery-codes, scripts, step-up-authentication, token-exchange,
update-email, web-authn.
Config:

208
quarkus/tests/integration/src/test/resources/org/keycloak/it/cli/dist/approvals/cli/help/HelpCommandDistTest.testExportHelpAll.windows.approved.txt vendored Normal file
View file

@ -0,0 +1,208 @@
Export data from realms to a file or directory.
Usage:
kc.bat export [OPTIONS]
Export data from realms to a file or directory.
Options:
-h, --help This help message.
--help-all This same help message but with additional options.
--optimized Use this option to achieve an optimal startup time if you have previously
built a server image using the 'build' command.
Storage (Experimental):
--storage <type> Experimental: Sets the default storage mechanism for all areas. Possible
values are: jpa, chm, hotrod, file.
--storage-area-auth-session <type>
Experimental: Sets a storage mechanism for authentication sessions. Possible
values are: jpa, chm, hotrod, file.
--storage-area-authorization <type>
Experimental: Sets a storage mechanism for authorizations. Possible values
are: jpa, chm, hotrod, file.
--storage-area-client <type>
Experimental: Sets a storage mechanism for clients. Possible values are: jpa,
chm, hotrod, file.
--storage-area-client-scope <type>
Experimental: Sets a storage mechanism for client scopes. Possible values are:
jpa, chm, hotrod, file.
--storage-area-event-admin <type>
Experimental: Sets a storage mechanism for admin events. Possible values are:
jpa, chm, hotrod, file.
--storage-area-event-auth <type>
Experimental: Sets a storage mechanism for authentication and authorization
events. Possible values are: jpa, chm, hotrod, file.
--storage-area-group <type>
Experimental: Sets a storage mechanism for groups. Possible values are: jpa,
chm, hotrod, file.
--storage-area-login-failure <type>
Experimental: Sets a storage mechanism for login failures. Possible values
are: jpa, chm, hotrod, file.
--storage-area-realm <type>
Experimental: Sets a storage mechanism for realms. Possible values are: jpa,
chm, hotrod, file.
--storage-area-role <type>
Experimental: Sets a storage mechanism for roles. Possible values are: jpa,
chm, hotrod, file.
--storage-area-single-use-object <type>
Experimental: Sets a storage mechanism for single use objects. Possible values
are: jpa, chm, hotrod.
--storage-area-user <type>
Experimental: Sets a storage mechanism for users. Possible values are: jpa,
chm, hotrod, file.
--storage-area-user-session <type>
Experimental: Sets a storage mechanism for user and client sessions. Possible
values are: jpa, chm, hotrod, file.
--storage-deployment-state-version-seed <type>
Experimental: Secret that serves as a seed to mask the version number of
Keycloak in URLs. Need to be identical across all servers in the cluster.
Will default to a random number generated when starting the server which is
secure but will lead to problems when a loadbalancer without sticky sessions
is used or nodes are restarted.
--storage-file-dir <dir>
Experimental: Root directory for file map store.
--storage-hotrod-host <host>
Experimental: Sets the host of the Infinispan server.
--storage-hotrod-password <password>
Experimental: Sets the password of the Infinispan user.
--storage-hotrod-port <port>
Experimental: Sets the port of the Infinispan server.
--storage-hotrod-username <username>
Experimental: Sets the username of the Infinispan user.
--storage-jpa-db <type>
Experimental: The database vendor for jpa map storage. Possible values are:
postgres, cockroach. Default: postgres.
Database:
--db <vendor> The database vendor. Possible values are: dev-file, dev-mem, mariadb, mssql,
mysql, oracle, postgres. Default: dev-file.
--db-driver <driver> The fully qualified class name of the JDBC driver. If not set, a default
driver is set accordingly to the chosen database.
--db-password <password>
The password of the database user.
--db-pool-initial-size <size>
The initial size of the connection pool.
--db-pool-max-size <size>
The maximum size of the connection pool. Default: 100.
--db-pool-min-size <size>
The minimal size of the connection pool.
--db-schema <schema> The database schema to be used.
--db-url <jdbc-url> The full database JDBC URL. If not provided, a default URL is set based on the
selected database vendor. For instance, if using 'postgres', the default
JDBC URL would be 'jdbc:postgresql://localhost/keycloak'.
--db-url-database <dbname>
Sets the database name of the default JDBC URL of the chosen vendor. If the
`db-url` option is set, this option is ignored.
--db-url-host <hostname>
Sets the hostname of the default JDBC URL of the chosen vendor. If the
`db-url` option is set, this option is ignored.
--db-url-port <port> Sets the port of the default JDBC URL of the chosen vendor. If the `db-url`
option is set, this option is ignored.
--db-url-properties <properties>
Sets the properties of the default JDBC URL of the chosen vendor. Make sure to
set the properties accordingly to the format expected by the database
vendor, as well as appending the right character at the beginning of this
property value. If the `db-url` option is set, this option is ignored.
--db-username <username>
The username of the database user.
Transaction:
--transaction-xa-enabled <true|false>
If set to false, Keycloak uses a non-XA datasource in case the database does
not support XA transactions. Default: true.
Feature:
--features <feature> Enables a set of one or more features. Possible values are: account-api,
account2, account3, admin-api, admin-fine-grained-authz, admin2,
authorization, ciba, client-policies, client-secret-rotation,
declarative-user-profile, docker, dpop, dynamic-scopes, fips, impersonation,
js-adapter, kerberos, legacy-welcome, linkedin-oauth, map-storage, par,
preview, recovery-codes, scripts, step-up-authentication, token-exchange,
update-email, web-authn.
--features-disabled <feature>
Disables a set of one or more features. Possible values are: account-api,
account2, account3, admin-api, admin-fine-grained-authz, admin2,
authorization, ciba, client-policies, client-secret-rotation,
declarative-user-profile, docker, dpop, dynamic-scopes, fips, impersonation,
js-adapter, kerberos, legacy-welcome, linkedin-oauth, map-storage, par,
preview, recovery-codes, scripts, step-up-authentication, token-exchange,
update-email, web-authn.
Config:
--config-keystore <config-keystore>
Specifies a path to the KeyStore Configuration Source.
--config-keystore-password <config-keystore-password>
Specifies a password to the KeyStore Configuration Source.
--config-keystore-type <config-keystore-type>
Specifies a type of the KeyStore Configuration Source. Default: PKCS12.
Logging:
--log <handler> Enable one or more log handlers in a comma-separated list. Possible values
are: console, file, gelf. Default: console.
--log-console-color <true|false>
Enable or disable colors when logging to console. Default: false.
--log-console-format <format>
The format of unstructured console log entries. If the format has spaces in
it, escape the value using "<format>". Default: %d{yyyy-MM-dd HH:mm:ss,SSS} %
-5p [%c] (%t) %s%e%n.
--log-console-output <output>
Set the log output to JSON or default (plain) unstructured logging. Possible
values are: default, json. Default: default.
--log-file <file> Set the log file path and filename. Default: data\log\keycloak.log.
--log-file-format <format>
Set a format specific to file log entries. Default: %d{yyyy-MM-dd HH:mm:ss,
SSS} %-5p [%c] (%t) %s%e%n.
--log-file-output <output>
Set the log output to JSON or default (plain) unstructured logging. Possible
values are: default, json. Default: default.
--log-gelf-facility <name>
The facility (name of the process) that sends the message. Default: keycloak.
--log-gelf-host <hostname>
Hostname of the Logstash or Graylog Host. By default UDP is used, prefix the
host with 'tcp:' to switch to TCP. Example: 'tcp:localhost' Default:
localhost.
--log-gelf-include-location <true|false>
Include source code location. Default: true.
--log-gelf-include-message-parameters <true|false>
Include message parameters from the log event. Default: true.
--log-gelf-include-stack-trace <true|false>
If set to true, occuring stack traces are included in the 'StackTrace' field
in the GELF output. Default: true.
--log-gelf-level <level>
The log level specifying which message levels will be logged by the GELF
logger. Message levels lower than this value will be discarded. Default:
INFO.
--log-gelf-max-message-size <size>
Maximum message size (in bytes). If the message size is exceeded, GELF will
submit the message in multiple chunks. Default: 8192.
--log-gelf-port <port>
The port the Logstash or Graylog Host is called on. Default: 12201.
--log-gelf-timestamp-format <pattern>
Set the format for the GELF timestamp field. Uses Java SimpleDateFormat
pattern. Default: yyyy-MM-dd HH:mm:ss,SSS.
--log-level <category:level>
The log level of the root category or a comma-separated list of individual
categories and their levels. For the root category, you don't need to
specify a category. Default: info.
Export:
--dir <dir> Set the path to a directory where files will be created with the exported data.
--file <file> Set the path to a file that will be created with the exported data. To export
more than 500 users, export to a directory with different files instead.
--realm <realm> Set the name of the realm to export. If not set, all realms are going to be
exported.
--users <strategy> Set how users should be exported. Possible values are: skip, realm_file,
same_file, different_files. Default: different_files.
--users-per-file <number>
Set the number of users per file. It is used only if 'users' is set to
'different_files'. Increasing this number leads to exponentially increasing
export times. Default: 50.

2
quarkus/tests/integration/src/test/resources/org/keycloak/it/cli/dist/approvals/cli/help/HelpCommandDistTest.testHelp.windows.approved.txt vendored
View file

@ -7,8 +7,6 @@ Usage:
kc.bat [OPTIONS] [COMMAND]
Use this command-line tool to manage your Keycloak cluster.
Make sure the command is available on your "PATH" or prefix it with "./" (e.g.:
"./kc.bat") to execute from the current folder.
Options:

2
quarkus/tests/integration/src/test/resources/org/keycloak/it/cli/dist/approvals/cli/help/HelpCommandDistTest.testHelpShort.windows.approved.txt vendored
View file

@ -7,8 +7,6 @@ Usage:
kc.bat [OPTIONS] [COMMAND]
Use this command-line tool to manage your Keycloak cluster.
Make sure the command is available on your "PATH" or prefix it with "./" (e.g.:
"./kc.bat") to execute from the current folder.
Options:

8
quarkus/tests/integration/src/test/resources/org/keycloak/it/cli/dist/approvals/cli/help/HelpCommandDistTest.testImportHelp.unix.approved.txt vendored
View file

@ -59,16 +59,16 @@ Feature:
account2, account3, admin-api, admin-fine-grained-authz, admin2,
authorization, ciba, client-policies, client-secret-rotation,
declarative-user-profile, docker, dpop, dynamic-scopes, fips, impersonation,
js-adapter, kerberos, linkedin-oauth, map-storage, par, preview,
recovery-codes, scripts, step-up-authentication, token-exchange,
js-adapter, kerberos, legacy-welcome, linkedin-oauth, map-storage, par,
preview, recovery-codes, scripts, step-up-authentication, token-exchange,
update-email, web-authn.
--features-disabled <feature>
Disables a set of one or more features. Possible values are: account-api,
account2, account3, admin-api, admin-fine-grained-authz, admin2,
authorization, ciba, client-policies, client-secret-rotation,
declarative-user-profile, docker, dpop, dynamic-scopes, fips, impersonation,
js-adapter, kerberos, linkedin-oauth, map-storage, par, preview,
recovery-codes, scripts, step-up-authentication, token-exchange,
js-adapter, kerberos, legacy-welcome, linkedin-oauth, map-storage, par,
preview, recovery-codes, scripts, step-up-authentication, token-exchange,
update-email, web-authn.
Config:

139
quarkus/tests/integration/src/test/resources/org/keycloak/it/cli/dist/approvals/cli/help/HelpCommandDistTest.testImportHelp.windows.approved.txt vendored Normal file
View file

@ -0,0 +1,139 @@
Import data from a directory or a file.
Usage:
kc.bat import [OPTIONS]
Import data from a directory or a file.
Options:
-h, --help This help message.
--help-all This same help message but with additional options.
--optimized Use this option to achieve an optimal startup time if you have previously
built a server image using the 'build' command.
Database:
--db <vendor> The database vendor. Possible values are: dev-file, dev-mem, mariadb, mssql,
mysql, oracle, postgres. Default: dev-file.
--db-driver <driver> The fully qualified class name of the JDBC driver. If not set, a default
driver is set accordingly to the chosen database.
--db-password <password>
The password of the database user.
--db-pool-initial-size <size>
The initial size of the connection pool.
--db-pool-max-size <size>
The maximum size of the connection pool. Default: 100.
--db-pool-min-size <size>
The minimal size of the connection pool.
--db-schema <schema> The database schema to be used.
--db-url <jdbc-url> The full database JDBC URL. If not provided, a default URL is set based on the
selected database vendor. For instance, if using 'postgres', the default
JDBC URL would be 'jdbc:postgresql://localhost/keycloak'.
--db-url-database <dbname>
Sets the database name of the default JDBC URL of the chosen vendor. If the
`db-url` option is set, this option is ignored.
--db-url-host <hostname>
Sets the hostname of the default JDBC URL of the chosen vendor. If the
`db-url` option is set, this option is ignored.
--db-url-port <port> Sets the port of the default JDBC URL of the chosen vendor. If the `db-url`
option is set, this option is ignored.
--db-url-properties <properties>
Sets the properties of the default JDBC URL of the chosen vendor. Make sure to
set the properties accordingly to the format expected by the database
vendor, as well as appending the right character at the beginning of this
property value. If the `db-url` option is set, this option is ignored.
--db-username <username>
The username of the database user.
Transaction:
--transaction-xa-enabled <true|false>
If set to false, Keycloak uses a non-XA datasource in case the database does
not support XA transactions. Default: true.
Feature:
--features <feature> Enables a set of one or more features. Possible values are: account-api,
account2, account3, admin-api, admin-fine-grained-authz, admin2,
authorization, ciba, client-policies, client-secret-rotation,
declarative-user-profile, docker, dpop, dynamic-scopes, fips, impersonation,
js-adapter, kerberos, legacy-welcome, linkedin-oauth, map-storage, par,
preview, recovery-codes, scripts, step-up-authentication, token-exchange,
update-email, web-authn.
--features-disabled <feature>
Disables a set of one or more features. Possible values are: account-api,
account2, account3, admin-api, admin-fine-grained-authz, admin2,
authorization, ciba, client-policies, client-secret-rotation,
declarative-user-profile, docker, dpop, dynamic-scopes, fips, impersonation,
js-adapter, kerberos, legacy-welcome, linkedin-oauth, map-storage, par,
preview, recovery-codes, scripts, step-up-authentication, token-exchange,
update-email, web-authn.
Config:
--config-keystore <config-keystore>
Specifies a path to the KeyStore Configuration Source.
--config-keystore-password <config-keystore-password>
Specifies a password to the KeyStore Configuration Source.
--config-keystore-type <config-keystore-type>
Specifies a type of the KeyStore Configuration Source. Default: PKCS12.
Logging:
--log <handler> Enable one or more log handlers in a comma-separated list. Possible values
are: console, file, gelf. Default: console.
--log-console-color <true|false>
Enable or disable colors when logging to console. Default: false.
--log-console-format <format>
The format of unstructured console log entries. If the format has spaces in
it, escape the value using "<format>". Default: %d{yyyy-MM-dd HH:mm:ss,SSS} %
-5p [%c] (%t) %s%e%n.
--log-console-output <output>
Set the log output to JSON or default (plain) unstructured logging. Possible
values are: default, json. Default: default.
--log-file <file> Set the log file path and filename. Default: data\log\keycloak.log.
--log-file-format <format>
Set a format specific to file log entries. Default: %d{yyyy-MM-dd HH:mm:ss,
SSS} %-5p [%c] (%t) %s%e%n.
--log-file-output <output>
Set the log output to JSON or default (plain) unstructured logging. Possible
values are: default, json. Default: default.
--log-gelf-facility <name>
The facility (name of the process) that sends the message. Default: keycloak.
--log-gelf-host <hostname>
Hostname of the Logstash or Graylog Host. By default UDP is used, prefix the
host with 'tcp:' to switch to TCP. Example: 'tcp:localhost' Default:
localhost.
--log-gelf-include-location <true|false>
Include source code location. Default: true.
--log-gelf-include-message-parameters <true|false>
Include message parameters from the log event. Default: true.
--log-gelf-include-stack-trace <true|false>
If set to true, occuring stack traces are included in the 'StackTrace' field
in the GELF output. Default: true.
--log-gelf-level <level>
The log level specifying which message levels will be logged by the GELF
logger. Message levels lower than this value will be discarded. Default:
INFO.
--log-gelf-max-message-size <size>
Maximum message size (in bytes). If the message size is exceeded, GELF will
submit the message in multiple chunks. Default: 8192.
--log-gelf-port <port>
The port the Logstash or Graylog Host is called on. Default: 12201.
--log-gelf-timestamp-format <pattern>
Set the format for the GELF timestamp field. Uses Java SimpleDateFormat
pattern. Default: yyyy-MM-dd HH:mm:ss,SSS.
--log-level <category:level>
The log level of the root category or a comma-separated list of individual
categories and their levels. For the root category, you don't need to
specify a category. Default: info.
Import:
--dir <dir> Set the path to a directory where files will be read from.
--file <file> Set the path to a file that will be read.
--override <true|false>
Set if existing data should be overwritten. If set to false, data will be
ignored. Default: true.

8
quarkus/tests/integration/src/test/resources/org/keycloak/it/cli/dist/approvals/cli/help/HelpCommandDistTest.testImportHelpAll.unix.approved.txt vendored
View file

@ -122,16 +122,16 @@ Feature:
account2, account3, admin-api, admin-fine-grained-authz, admin2,
authorization, ciba, client-policies, client-secret-rotation,
declarative-user-profile, docker, dpop, dynamic-scopes, fips, impersonation,
js-adapter, kerberos, linkedin-oauth, map-storage, par, preview,
recovery-codes, scripts, step-up-authentication, token-exchange,
js-adapter, kerberos, legacy-welcome, linkedin-oauth, map-storage, par,
preview, recovery-codes, scripts, step-up-authentication, token-exchange,
update-email, web-authn.
--features-disabled <feature>
Disables a set of one or more features. Possible values are: account-api,
account2, account3, admin-api, admin-fine-grained-authz, admin2,
authorization, ciba, client-policies, client-secret-rotation,
declarative-user-profile, docker, dpop, dynamic-scopes, fips, impersonation,
js-adapter, kerberos, linkedin-oauth, map-storage, par, preview,
recovery-codes, scripts, step-up-authentication, token-exchange,
js-adapter, kerberos, legacy-welcome, linkedin-oauth, map-storage, par,
preview, recovery-codes, scripts, step-up-authentication, token-exchange,
update-email, web-authn.
Config:

202
quarkus/tests/integration/src/test/resources/org/keycloak/it/cli/dist/approvals/cli/help/HelpCommandDistTest.testImportHelpAll.windows.approved.txt vendored Normal file
View file

@ -0,0 +1,202 @@
Import data from a directory or a file.
Usage:
kc.bat import [OPTIONS]
Import data from a directory or a file.
Options:
-h, --help This help message.
--help-all This same help message but with additional options.
--optimized Use this option to achieve an optimal startup time if you have previously
built a server image using the 'build' command.
Storage (Experimental):
--storage <type> Experimental: Sets the default storage mechanism for all areas. Possible
values are: jpa, chm, hotrod, file.
--storage-area-auth-session <type>
Experimental: Sets a storage mechanism for authentication sessions. Possible
values are: jpa, chm, hotrod, file.
--storage-area-authorization <type>
Experimental: Sets a storage mechanism for authorizations. Possible values
are: jpa, chm, hotrod, file.
--storage-area-client <type>
Experimental: Sets a storage mechanism for clients. Possible values are: jpa,
chm, hotrod, file.
--storage-area-client-scope <type>
Experimental: Sets a storage mechanism for client scopes. Possible values are:
jpa, chm, hotrod, file.
--storage-area-event-admin <type>
Experimental: Sets a storage mechanism for admin events. Possible values are:
jpa, chm, hotrod, file.
--storage-area-event-auth <type>
Experimental: Sets a storage mechanism for authentication and authorization
events. Possible values are: jpa, chm, hotrod, file.
--storage-area-group <type>
Experimental: Sets a storage mechanism for groups. Possible values are: jpa,
chm, hotrod, file.
--storage-area-login-failure <type>
Experimental: Sets a storage mechanism for login failures. Possible values
are: jpa, chm, hotrod, file.
--storage-area-realm <type>
Experimental: Sets a storage mechanism for realms. Possible values are: jpa,
chm, hotrod, file.
--storage-area-role <type>
Experimental: Sets a storage mechanism for roles. Possible values are: jpa,
chm, hotrod, file.
--storage-area-single-use-object <type>
Experimental: Sets a storage mechanism for single use objects. Possible values
are: jpa, chm, hotrod.
--storage-area-user <type>
Experimental: Sets a storage mechanism for users. Possible values are: jpa,
chm, hotrod, file.
--storage-area-user-session <type>
Experimental: Sets a storage mechanism for user and client sessions. Possible
values are: jpa, chm, hotrod, file.
--storage-deployment-state-version-seed <type>
Experimental: Secret that serves as a seed to mask the version number of
Keycloak in URLs. Need to be identical across all servers in the cluster.
Will default to a random number generated when starting the server which is
secure but will lead to problems when a loadbalancer without sticky sessions
is used or nodes are restarted.
--storage-file-dir <dir>
Experimental: Root directory for file map store.
--storage-hotrod-host <host>
Experimental: Sets the host of the Infinispan server.
--storage-hotrod-password <password>
Experimental: Sets the password of the Infinispan user.
--storage-hotrod-port <port>
Experimental: Sets the port of the Infinispan server.
--storage-hotrod-username <username>
Experimental: Sets the username of the Infinispan user.
--storage-jpa-db <type>
Experimental: The database vendor for jpa map storage. Possible values are:
postgres, cockroach. Default: postgres.
Database:
--db <vendor> The database vendor. Possible values are: dev-file, dev-mem, mariadb, mssql,
mysql, oracle, postgres. Default: dev-file.
--db-driver <driver> The fully qualified class name of the JDBC driver. If not set, a default
driver is set accordingly to the chosen database.
--db-password <password>
The password of the database user.
--db-pool-initial-size <size>
The initial size of the connection pool.
--db-pool-max-size <size>
The maximum size of the connection pool. Default: 100.
--db-pool-min-size <size>
The minimal size of the connection pool.
--db-schema <schema> The database schema to be used.
--db-url <jdbc-url> The full database JDBC URL. If not provided, a default URL is set based on the
selected database vendor. For instance, if using 'postgres', the default
JDBC URL would be 'jdbc:postgresql://localhost/keycloak'.
--db-url-database <dbname>
Sets the database name of the default JDBC URL of the chosen vendor. If the
`db-url` option is set, this option is ignored.
--db-url-host <hostname>
Sets the hostname of the default JDBC URL of the chosen vendor. If the
`db-url` option is set, this option is ignored.
--db-url-port <port> Sets the port of the default JDBC URL of the chosen vendor. If the `db-url`
option is set, this option is ignored.
--db-url-properties <properties>
Sets the properties of the default JDBC URL of the chosen vendor. Make sure to
set the properties accordingly to the format expected by the database
vendor, as well as appending the right character at the beginning of this
property value. If the `db-url` option is set, this option is ignored.
--db-username <username>
The username of the database user.
Transaction:
--transaction-xa-enabled <true|false>
If set to false, Keycloak uses a non-XA datasource in case the database does
not support XA transactions. Default: true.
Feature:
--features <feature> Enables a set of one or more features. Possible values are: account-api,
account2, account3, admin-api, admin-fine-grained-authz, admin2,
authorization, ciba, client-policies, client-secret-rotation,
declarative-user-profile, docker, dpop, dynamic-scopes, fips, impersonation,
js-adapter, kerberos, legacy-welcome, linkedin-oauth, map-storage, par,
preview, recovery-codes, scripts, step-up-authentication, token-exchange,
update-email, web-authn.
--features-disabled <feature>
Disables a set of one or more features. Possible values are: account-api,
account2, account3, admin-api, admin-fine-grained-authz, admin2,
authorization, ciba, client-policies, client-secret-rotation,
declarative-user-profile, docker, dpop, dynamic-scopes, fips, impersonation,
js-adapter, kerberos, legacy-welcome, linkedin-oauth, map-storage, par,
preview, recovery-codes, scripts, step-up-authentication, token-exchange,
update-email, web-authn.
Config:
--config-keystore <config-keystore>
Specifies a path to the KeyStore Configuration Source.
--config-keystore-password <config-keystore-password>
Specifies a password to the KeyStore Configuration Source.
--config-keystore-type <config-keystore-type>
Specifies a type of the KeyStore Configuration Source. Default: PKCS12.
Logging:
--log <handler> Enable one or more log handlers in a comma-separated list. Possible values
are: console, file, gelf. Default: console.
--log-console-color <true|false>
Enable or disable colors when logging to console. Default: false.
--log-console-format <format>
The format of unstructured console log entries. If the format has spaces in
it, escape the value using "<format>". Default: %d{yyyy-MM-dd HH:mm:ss,SSS} %
-5p [%c] (%t) %s%e%n.
--log-console-output <output>
Set the log output to JSON or default (plain) unstructured logging. Possible
values are: default, json. Default: default.
--log-file <file> Set the log file path and filename. Default: data\log\keycloak.log.
--log-file-format <format>
Set a format specific to file log entries. Default: %d{yyyy-MM-dd HH:mm:ss,
SSS} %-5p [%c] (%t) %s%e%n.
--log-file-output <output>
Set the log output to JSON or default (plain) unstructured logging. Possible
values are: default, json. Default: default.
--log-gelf-facility <name>
The facility (name of the process) that sends the message. Default: keycloak.
--log-gelf-host <hostname>
Hostname of the Logstash or Graylog Host. By default UDP is used, prefix the
host with 'tcp:' to switch to TCP. Example: 'tcp:localhost' Default:
localhost.
--log-gelf-include-location <true|false>
Include source code location. Default: true.
--log-gelf-include-message-parameters <true|false>
Include message parameters from the log event. Default: true.
--log-gelf-include-stack-trace <true|false>
If set to true, occuring stack traces are included in the 'StackTrace' field
in the GELF output. Default: true.
--log-gelf-level <level>
The log level specifying which message levels will be logged by the GELF
logger. Message levels lower than this value will be discarded. Default:
INFO.
--log-gelf-max-message-size <size>
Maximum message size (in bytes). If the message size is exceeded, GELF will
submit the message in multiple chunks. Default: 8192.
--log-gelf-port <port>
The port the Logstash or Graylog Host is called on. Default: 12201.
--log-gelf-timestamp-format <pattern>
Set the format for the GELF timestamp field. Uses Java SimpleDateFormat
pattern. Default: yyyy-MM-dd HH:mm:ss,SSS.
--log-level <category:level>
The log level of the root category or a comma-separated list of individual
categories and their levels. For the root category, you don't need to
specify a category. Default: info.
Import:
--dir <dir> Set the path to a directory where files will be read from.
--file <file> Set the path to a file that will be read.
--override <true|false>
Set if existing data should be overwritten. If set to false, data will be
ignored. Default: true.

8
quarkus/tests/integration/src/test/resources/org/keycloak/it/cli/dist/approvals/cli/help/HelpCommandDistTest.testStartDevHelp.unix.approved.txt vendored
View file

@ -75,16 +75,16 @@ Feature:
account2, account3, admin-api, admin-fine-grained-authz, admin2,
authorization, ciba, client-policies, client-secret-rotation,
declarative-user-profile, docker, dpop, dynamic-scopes, fips, impersonation,
js-adapter, kerberos, linkedin-oauth, map-storage, par, preview,
recovery-codes, scripts, step-up-authentication, token-exchange,
js-adapter, kerberos, legacy-welcome, linkedin-oauth, map-storage, par,
preview, recovery-codes, scripts, step-up-authentication, token-exchange,
update-email, web-authn.
--features-disabled <feature>
Disables a set of one or more features. Possible values are: account-api,
account2, account3, admin-api, admin-fine-grained-authz, admin2,
authorization, ciba, client-policies, client-secret-rotation,
declarative-user-profile, docker, dpop, dynamic-scopes, fips, impersonation,
js-adapter, kerberos, linkedin-oauth, map-storage, par, preview,
recovery-codes, scripts, step-up-authentication, token-exchange,
js-adapter, kerberos, legacy-welcome, linkedin-oauth, map-storage, par,
preview, recovery-codes, scripts, step-up-authentication, token-exchange,
update-email, web-authn.
Hostname:

33
quarkus/tests/integration/src/test/resources/org/keycloak/it/cli/dist/approvals/cli/help/HelpCommandDistTest.testStartDevHelp.windows.approved.txt vendored
View file

@ -56,8 +56,10 @@ Database:
--db-url-port <port> Sets the port of the default JDBC URL of the chosen vendor. If the `db-url`
option is set, this option is ignored.
--db-url-properties <properties>
Sets the properties of the default JDBC URL of the chosen vendor. If the
`db-url` option is set, this option is ignored.
Sets the properties of the default JDBC URL of the chosen vendor. Make sure to
set the properties accordingly to the format expected by the database
vendor, as well as appending the right character at the beginning of this
property value. If the `db-url` option is set, this option is ignored.
--db-username <username>
The username of the database user.
@ -73,16 +75,16 @@ Feature:
account2, account3, admin-api, admin-fine-grained-authz, admin2,
authorization, ciba, client-policies, client-secret-rotation,
declarative-user-profile, docker, dpop, dynamic-scopes, fips, impersonation,
js-adapter, kerberos, linkedin-oauth, map-storage, par, preview,
recovery-codes, scripts, step-up-authentication, token-exchange,
js-adapter, kerberos, legacy-welcome, linkedin-oauth, map-storage, par,
preview, recovery-codes, scripts, step-up-authentication, token-exchange,
update-email, web-authn.
--features-disabled <feature>
Disables a set of one or more features. Possible values are: account-api,
account2, account3, admin-api, admin-fine-grained-authz, admin2,
authorization, ciba, client-policies, client-secret-rotation,
declarative-user-profile, docker, dpop, dynamic-scopes, fips, impersonation,
js-adapter, kerberos, linkedin-oauth, map-storage, par, preview,
recovery-codes, scripts, step-up-authentication, token-exchange,
js-adapter, kerberos, legacy-welcome, linkedin-oauth, map-storage, par,
preview, recovery-codes, scripts, step-up-authentication, token-exchange,
update-email, web-authn.
Hostname:
@ -96,6 +98,9 @@ Hostname:
--hostname-admin-url <url>
Set the base URL for accessing the administration console, including scheme,
host, port and path
--hostname-debug <true|false>
Toggle the hostname debug page that is accessible at
/realms/master/hostname-debug Default: false.
--hostname-path <path>
This should be set if proxy uses a different context-path for Keycloak.
--hostname-port <port>
@ -158,6 +163,15 @@ Health:
are available at the '/health', '/health/ready' and '/health/live'
endpoints. Default: false.
Config:
--config-keystore <config-keystore>
Specifies a path to the KeyStore Configuration Source.
--config-keystore-password <config-keystore-password>
Specifies a password to the KeyStore Configuration Source.
--config-keystore-type <config-keystore-type>
Specifies a type of the KeyStore Configuration Source. Default: PKCS12.
Metrics:
--metrics-enabled <true|false>
@ -171,9 +185,12 @@ Proxy:
Vault:
--vault <provider> Enables a vault provider. Possible values are: file.
--vault <provider> Enables a vault provider. Possible values are: file, keystore.
--vault-dir <dir> If set, secrets can be obtained by reading the content of files within the
given directory.
--vault-file <file> Path to the keystore file.
--vault-pass <pass> Password for the vault keystore.
--vault-type <type> Specifies the type of the keystore file. Default: PKCS12.
Logging:
@ -188,7 +205,7 @@ Logging:
--log-console-output <output>
Set the log output to JSON or default (plain) unstructured logging. Possible
values are: default, json. Default: default.
--log-file <file> Set the log file path and filename. Default: data/log/keycloak.log.
--log-file <file> Set the log file path and filename. Default: data\log\keycloak.log.
--log-file-format <format>
Set a format specific to file log entries. Default: %d{yyyy-MM-dd HH:mm:ss,
SSS} %-5p [%c] (%t) %s%e%n.

8
quarkus/tests/integration/src/test/resources/org/keycloak/it/cli/dist/approvals/cli/help/HelpCommandDistTest.testStartDevHelpAll.unix.approved.txt vendored
View file

@ -138,16 +138,16 @@ Feature:
account2, account3, admin-api, admin-fine-grained-authz, admin2,
authorization, ciba, client-policies, client-secret-rotation,
declarative-user-profile, docker, dpop, dynamic-scopes, fips, impersonation,
js-adapter, kerberos, linkedin-oauth, map-storage, par, preview,
recovery-codes, scripts, step-up-authentication, token-exchange,
js-adapter, kerberos, legacy-welcome, linkedin-oauth, map-storage, par,
preview, recovery-codes, scripts, step-up-authentication, token-exchange,
update-email, web-authn.
--features-disabled <feature>
Disables a set of one or more features. Possible values are: account-api,
account2, account3, admin-api, admin-fine-grained-authz, admin2,
authorization, ciba, client-policies, client-secret-rotation,
declarative-user-profile, docker, dpop, dynamic-scopes, fips, impersonation,
js-adapter, kerberos, linkedin-oauth, map-storage, par, preview,
recovery-codes, scripts, step-up-authentication, token-exchange,
js-adapter, kerberos, legacy-welcome, linkedin-oauth, map-storage, par,
preview, recovery-codes, scripts, step-up-authentication, token-exchange,
update-email, web-authn.
Hostname:

33
quarkus/tests/integration/src/test/resources/org/keycloak/it/cli/dist/approvals/cli/help/HelpCommandDistTest.testStartDevHelpAll.windows.approved.txt vendored
View file

@ -119,8 +119,10 @@ Database:
--db-url-port <port> Sets the port of the default JDBC URL of the chosen vendor. If the `db-url`
option is set, this option is ignored.
--db-url-properties <properties>
Sets the properties of the default JDBC URL of the chosen vendor. If the
`db-url` option is set, this option is ignored.
Sets the properties of the default JDBC URL of the chosen vendor. Make sure to
set the properties accordingly to the format expected by the database
vendor, as well as appending the right character at the beginning of this
property value. If the `db-url` option is set, this option is ignored.
--db-username <username>
The username of the database user.
@ -136,16 +138,16 @@ Feature:
account2, account3, admin-api, admin-fine-grained-authz, admin2,
authorization, ciba, client-policies, client-secret-rotation,
declarative-user-profile, docker, dpop, dynamic-scopes, fips, impersonation,
js-adapter, kerberos, linkedin-oauth, map-storage, par, preview,
recovery-codes, scripts, step-up-authentication, token-exchange,
js-adapter, kerberos, legacy-welcome, linkedin-oauth, map-storage, par,
preview, recovery-codes, scripts, step-up-authentication, token-exchange,
update-email, web-authn.
--features-disabled <feature>
Disables a set of one or more features. Possible values are: account-api,
account2, account3, admin-api, admin-fine-grained-authz, admin2,
authorization, ciba, client-policies, client-secret-rotation,
declarative-user-profile, docker, dpop, dynamic-scopes, fips, impersonation,
js-adapter, kerberos, linkedin-oauth, map-storage, par, preview,
recovery-codes, scripts, step-up-authentication, token-exchange,
js-adapter, kerberos, legacy-welcome, linkedin-oauth, map-storage, par,
preview, recovery-codes, scripts, step-up-authentication, token-exchange,
update-email, web-authn.
Hostname:
@ -159,6 +161,9 @@ Hostname:
--hostname-admin-url <url>
Set the base URL for accessing the administration console, including scheme,
host, port and path
--hostname-debug <true|false>
Toggle the hostname debug page that is accessible at
/realms/master/hostname-debug Default: false.
--hostname-path <path>
This should be set if proxy uses a different context-path for Keycloak.
--hostname-port <port>
@ -221,6 +226,15 @@ Health:
are available at the '/health', '/health/ready' and '/health/live'
endpoints. Default: false.
Config:
--config-keystore <config-keystore>
Specifies a path to the KeyStore Configuration Source.
--config-keystore-password <config-keystore-password>
Specifies a password to the KeyStore Configuration Source.
--config-keystore-type <config-keystore-type>
Specifies a type of the KeyStore Configuration Source. Default: PKCS12.
Metrics:
--metrics-enabled <true|false>
@ -234,9 +248,12 @@ Proxy:
Vault:
--vault <provider> Enables a vault provider. Possible values are: file.
--vault <provider> Enables a vault provider. Possible values are: file, keystore.
--vault-dir <dir> If set, secrets can be obtained by reading the content of files within the
given directory.
--vault-file <file> Path to the keystore file.
--vault-pass <pass> Password for the vault keystore.
--vault-type <type> Specifies the type of the keystore file. Default: PKCS12.
Logging:
@ -251,7 +268,7 @@ Logging:
--log-console-output <output>
Set the log output to JSON or default (plain) unstructured logging. Possible
values are: default, json. Default: default.
--log-file <file> Set the log file path and filename. Default: data/log/keycloak.log.
--log-file <file> Set the log file path and filename. Default: data\log\keycloak.log.
--log-file-format <format>
Set a format specific to file log entries. Default: %d{yyyy-MM-dd HH:mm:ss,
SSS} %-5p [%c] (%t) %s%e%n.

8
quarkus/tests/integration/src/test/resources/org/keycloak/it/cli/dist/approvals/cli/help/HelpCommandDistTest.testStartHelp.unix.approved.txt vendored
View file

@ -81,16 +81,16 @@ Feature:
account2, account3, admin-api, admin-fine-grained-authz, admin2,
authorization, ciba, client-policies, client-secret-rotation,
declarative-user-profile, docker, dpop, dynamic-scopes, fips, impersonation,
js-adapter, kerberos, linkedin-oauth, map-storage, par, preview,
recovery-codes, scripts, step-up-authentication, token-exchange,
js-adapter, kerberos, legacy-welcome, linkedin-oauth, map-storage, par,
preview, recovery-codes, scripts, step-up-authentication, token-exchange,
update-email, web-authn.
--features-disabled <feature>
Disables a set of one or more features. Possible values are: account-api,
account2, account3, admin-api, admin-fine-grained-authz, admin2,
authorization, ciba, client-policies, client-secret-rotation,
declarative-user-profile, docker, dpop, dynamic-scopes, fips, impersonation,
js-adapter, kerberos, linkedin-oauth, map-storage, par, preview,
recovery-codes, scripts, step-up-authentication, token-exchange,
js-adapter, kerberos, legacy-welcome, linkedin-oauth, map-storage, par,
preview, recovery-codes, scripts, step-up-authentication, token-exchange,
update-email, web-authn.
Hostname:

33
quarkus/tests/integration/src/test/resources/org/keycloak/it/cli/dist/approvals/cli/help/HelpCommandDistTest.testStartHelp.windows.approved.txt vendored
View file

@ -62,8 +62,10 @@ Database:
--db-url-port <port> Sets the port of the default JDBC URL of the chosen vendor. If the `db-url`
option is set, this option is ignored.
--db-url-properties <properties>
Sets the properties of the default JDBC URL of the chosen vendor. If the
`db-url` option is set, this option is ignored.
Sets the properties of the default JDBC URL of the chosen vendor. Make sure to
set the properties accordingly to the format expected by the database
vendor, as well as appending the right character at the beginning of this
property value. If the `db-url` option is set, this option is ignored.
--db-username <username>
The username of the database user.
@ -79,16 +81,16 @@ Feature:
account2, account3, admin-api, admin-fine-grained-authz, admin2,
authorization, ciba, client-policies, client-secret-rotation,
declarative-user-profile, docker, dpop, dynamic-scopes, fips, impersonation,
js-adapter, kerberos, linkedin-oauth, map-storage, par, preview,
recovery-codes, scripts, step-up-authentication, token-exchange,
js-adapter, kerberos, legacy-welcome, linkedin-oauth, map-storage, par,
preview, recovery-codes, scripts, step-up-authentication, token-exchange,
update-email, web-authn.
--features-disabled <feature>
Disables a set of one or more features. Possible values are: account-api,
account2, account3, admin-api, admin-fine-grained-authz, admin2,
authorization, ciba, client-policies, client-secret-rotation,
declarative-user-profile, docker, dpop, dynamic-scopes, fips, impersonation,
js-adapter, kerberos, linkedin-oauth, map-storage, par, preview,
recovery-codes, scripts, step-up-authentication, token-exchange,
js-adapter, kerberos, legacy-welcome, linkedin-oauth, map-storage, par,
preview, recovery-codes, scripts, step-up-authentication, token-exchange,
update-email, web-authn.
Hostname:
@ -102,6 +104,9 @@ Hostname:
--hostname-admin-url <url>
Set the base URL for accessing the administration console, including scheme,
host, port and path
--hostname-debug <true|false>
Toggle the hostname debug page that is accessible at
/realms/master/hostname-debug Default: false.
--hostname-path <path>
This should be set if proxy uses a different context-path for Keycloak.
--hostname-port <port>
@ -164,6 +169,15 @@ Health:
are available at the '/health', '/health/ready' and '/health/live'
endpoints. Default: false.
Config:
--config-keystore <config-keystore>
Specifies a path to the KeyStore Configuration Source.
--config-keystore-password <config-keystore-password>
Specifies a password to the KeyStore Configuration Source.
--config-keystore-type <config-keystore-type>
Specifies a type of the KeyStore Configuration Source. Default: PKCS12.
Metrics:
--metrics-enabled <true|false>
@ -177,9 +191,12 @@ Proxy:
Vault:
--vault <provider> Enables a vault provider. Possible values are: file.
--vault <provider> Enables a vault provider. Possible values are: file, keystore.
--vault-dir <dir> If set, secrets can be obtained by reading the content of files within the
given directory.
--vault-file <file> Path to the keystore file.
--vault-pass <pass> Password for the vault keystore.
--vault-type <type> Specifies the type of the keystore file. Default: PKCS12.
Logging:
@ -194,7 +211,7 @@ Logging:
--log-console-output <output>
Set the log output to JSON or default (plain) unstructured logging. Possible
values are: default, json. Default: default.
--log-file <file> Set the log file path and filename. Default: data/log/keycloak.log.
--log-file <file> Set the log file path and filename. Default: data\log\keycloak.log.
--log-file-format <format>
Set a format specific to file log entries. Default: %d{yyyy-MM-dd HH:mm:ss,
SSS} %-5p [%c] (%t) %s%e%n.

8
quarkus/tests/integration/src/test/resources/org/keycloak/it/cli/dist/approvals/cli/help/HelpCommandDistTest.testStartHelpAll.unix.approved.txt vendored
View file

@ -144,16 +144,16 @@ Feature:
account2, account3, admin-api, admin-fine-grained-authz, admin2,
authorization, ciba, client-policies, client-secret-rotation,
declarative-user-profile, docker, dpop, dynamic-scopes, fips, impersonation,
js-adapter, kerberos, linkedin-oauth, map-storage, par, preview,
recovery-codes, scripts, step-up-authentication, token-exchange,
js-adapter, kerberos, legacy-welcome, linkedin-oauth, map-storage, par,
preview, recovery-codes, scripts, step-up-authentication, token-exchange,
update-email, web-authn.
--features-disabled <feature>
Disables a set of one or more features. Possible values are: account-api,
account2, account3, admin-api, admin-fine-grained-authz, admin2,
authorization, ciba, client-policies, client-secret-rotation,
declarative-user-profile, docker, dpop, dynamic-scopes, fips, impersonation,
js-adapter, kerberos, linkedin-oauth, map-storage, par, preview,
recovery-codes, scripts, step-up-authentication, token-exchange,
js-adapter, kerberos, legacy-welcome, linkedin-oauth, map-storage, par,
preview, recovery-codes, scripts, step-up-authentication, token-exchange,
update-email, web-authn.
Hostname:

33
quarkus/tests/integration/src/test/resources/org/keycloak/it/cli/dist/approvals/cli/help/HelpCommandDistTest.testStartHelpAll.windows.approved.txt vendored
View file

@ -125,8 +125,10 @@ Database:
--db-url-port <port> Sets the port of the default JDBC URL of the chosen vendor. If the `db-url`
option is set, this option is ignored.
--db-url-properties <properties>
Sets the properties of the default JDBC URL of the chosen vendor. If the
`db-url` option is set, this option is ignored.
Sets the properties of the default JDBC URL of the chosen vendor. Make sure to
set the properties accordingly to the format expected by the database
vendor, as well as appending the right character at the beginning of this
property value. If the `db-url` option is set, this option is ignored.
--db-username <username>
The username of the database user.
@ -142,16 +144,16 @@ Feature:
account2, account3, admin-api, admin-fine-grained-authz, admin2,
authorization, ciba, client-policies, client-secret-rotation,
declarative-user-profile, docker, dpop, dynamic-scopes, fips, impersonation,
js-adapter, kerberos, linkedin-oauth, map-storage, par, preview,
recovery-codes, scripts, step-up-authentication, token-exchange,
js-adapter, kerberos, legacy-welcome, linkedin-oauth, map-storage, par,
preview, recovery-codes, scripts, step-up-authentication, token-exchange,
update-email, web-authn.
--features-disabled <feature>
Disables a set of one or more features. Possible values are: account-api,
account2, account3, admin-api, admin-fine-grained-authz, admin2,
authorization, ciba, client-policies, client-secret-rotation,
declarative-user-profile, docker, dpop, dynamic-scopes, fips, impersonation,
js-adapter, kerberos, linkedin-oauth, map-storage, par, preview,
recovery-codes, scripts, step-up-authentication, token-exchange,
js-adapter, kerberos, legacy-welcome, linkedin-oauth, map-storage, par,
preview, recovery-codes, scripts, step-up-authentication, token-exchange,
update-email, web-authn.
Hostname:
@ -165,6 +167,9 @@ Hostname:
--hostname-admin-url <url>
Set the base URL for accessing the administration console, including scheme,
host, port and path
--hostname-debug <true|false>
Toggle the hostname debug page that is accessible at
/realms/master/hostname-debug Default: false.
--hostname-path <path>
This should be set if proxy uses a different context-path for Keycloak.
--hostname-port <port>
@ -227,6 +232,15 @@ Health:
are available at the '/health', '/health/ready' and '/health/live'
endpoints. Default: false.
Config:
--config-keystore <config-keystore>
Specifies a path to the KeyStore Configuration Source.
--config-keystore-password <config-keystore-password>
Specifies a password to the KeyStore Configuration Source.
--config-keystore-type <config-keystore-type>
Specifies a type of the KeyStore Configuration Source. Default: PKCS12.
Metrics:
--metrics-enabled <true|false>
@ -240,9 +254,12 @@ Proxy:
Vault:
--vault <provider> Enables a vault provider. Possible values are: file.
--vault <provider> Enables a vault provider. Possible values are: file, keystore.
--vault-dir <dir> If set, secrets can be obtained by reading the content of files within the
given directory.
--vault-file <file> Path to the keystore file.
--vault-pass <pass> Password for the vault keystore.
--vault-type <type> Specifies the type of the keystore file. Default: PKCS12.
Logging:
@ -257,7 +274,7 @@ Logging:
--log-console-output <output>
Set the log output to JSON or default (plain) unstructured logging. Possible
values are: default, json. Default: default.
--log-file <file> Set the log file path and filename. Default: data/log/keycloak.log.
--log-file <file> Set the log file path and filename. Default: data\log\keycloak.log.
--log-file-format <format>
Set a format specific to file log entries. Default: %d{yyyy-MM-dd HH:mm:ss,
SSS} %-5p [%c] (%t) %s%e%n.

25
quarkus/tests/integration/src/test/resources/org/keycloak/it/cli/dist/approvals/cli/help/HelpCommandDistTest.testStartOptimizedHelp.windows.approved.txt vendored
View file

@ -22,6 +22,8 @@ Options:
Database:
--db-driver <driver> The fully qualified class name of the JDBC driver. If not set, a default
driver is set accordingly to the chosen database.
--db-password <password>
The password of the database user.
--db-pool-initial-size <size>
@ -43,8 +45,10 @@ Database:
--db-url-port <port> Sets the port of the default JDBC URL of the chosen vendor. If the `db-url`
option is set, this option is ignored.
--db-url-properties <properties>
Sets the properties of the default JDBC URL of the chosen vendor. If the
`db-url` option is set, this option is ignored.
Sets the properties of the default JDBC URL of the chosen vendor. Make sure to
set the properties accordingly to the format expected by the database
vendor, as well as appending the right character at the beginning of this
property value. If the `db-url` option is set, this option is ignored.
--db-username <username>
The username of the database user.
@ -59,6 +63,9 @@ Hostname:
--hostname-admin-url <url>
Set the base URL for accessing the administration console, including scheme,
host, port and path
--hostname-debug <true|false>
Toggle the hostname debug page that is accessible at
/realms/master/hostname-debug Default: false.
--hostname-path <path>
This should be set if proxy uses a different context-path for Keycloak.
--hostname-port <port>
@ -111,6 +118,15 @@ HTTP/TLS:
detected based on the file name. If 'fips-mode' is set to 'strict' and no
value is set, it defaults to 'BCFKS'.
Config:
--config-keystore <config-keystore>
Specifies a path to the KeyStore Configuration Source.
--config-keystore-password <config-keystore-password>
Specifies a password to the KeyStore Configuration Source.
--config-keystore-type <config-keystore-type>
Specifies a type of the KeyStore Configuration Source. Default: PKCS12.
Proxy:
--proxy <mode> The proxy address forwarding mode if the server is behind a reverse proxy.
@ -120,6 +136,9 @@ Vault:
--vault-dir <dir> If set, secrets can be obtained by reading the content of files within the
given directory.
--vault-file <file> Path to the keystore file.
--vault-pass <pass> Password for the vault keystore.
--vault-type <type> Specifies the type of the keystore file. Default: PKCS12.
Logging:
@ -134,7 +153,7 @@ Logging:
--log-console-output <output>
Set the log output to JSON or default (plain) unstructured logging. Possible
values are: default, json. Default: default.
--log-file <file> Set the log file path and filename. Default: data/log/keycloak.log.
--log-file <file> Set the log file path and filename. Default: data\log\keycloak.log.
--log-file-format <format>
Set a format specific to file log entries. Default: %d{yyyy-MM-dd HH:mm:ss,
SSS} %-5p [%c] (%t) %s%e%n.

25
quarkus/tests/integration/src/test/resources/org/keycloak/it/cli/dist/approvals/cli/help/HelpCommandDistTest.testStartOptimizedHelpAll.windows.approved.txt vendored
View file

@ -41,6 +41,8 @@ Storage (Experimental):
Database:
--db-driver <driver> The fully qualified class name of the JDBC driver. If not set, a default
driver is set accordingly to the chosen database.
--db-password <password>
The password of the database user.
--db-pool-initial-size <size>
@ -62,8 +64,10 @@ Database:
--db-url-port <port> Sets the port of the default JDBC URL of the chosen vendor. If the `db-url`
option is set, this option is ignored.
--db-url-properties <properties>
Sets the properties of the default JDBC URL of the chosen vendor. If the
`db-url` option is set, this option is ignored.
Sets the properties of the default JDBC URL of the chosen vendor. Make sure to
set the properties accordingly to the format expected by the database
vendor, as well as appending the right character at the beginning of this
property value. If the `db-url` option is set, this option is ignored.
--db-username <username>
The username of the database user.
@ -78,6 +82,9 @@ Hostname:
--hostname-admin-url <url>
Set the base URL for accessing the administration console, including scheme,
host, port and path
--hostname-debug <true|false>
Toggle the hostname debug page that is accessible at
/realms/master/hostname-debug Default: false.
--hostname-path <path>
This should be set if proxy uses a different context-path for Keycloak.
--hostname-port <port>
@ -130,6 +137,15 @@ HTTP/TLS:
detected based on the file name. If 'fips-mode' is set to 'strict' and no
value is set, it defaults to 'BCFKS'.
Config:
--config-keystore <config-keystore>
Specifies a path to the KeyStore Configuration Source.
--config-keystore-password <config-keystore-password>
Specifies a password to the KeyStore Configuration Source.
--config-keystore-type <config-keystore-type>
Specifies a type of the KeyStore Configuration Source. Default: PKCS12.
Proxy:
--proxy <mode> The proxy address forwarding mode if the server is behind a reverse proxy.
@ -139,6 +155,9 @@ Vault:
--vault-dir <dir> If set, secrets can be obtained by reading the content of files within the
given directory.
--vault-file <file> Path to the keystore file.
--vault-pass <pass> Password for the vault keystore.
--vault-type <type> Specifies the type of the keystore file. Default: PKCS12.
Logging:
@ -153,7 +172,7 @@ Logging:
--log-console-output <output>
Set the log output to JSON or default (plain) unstructured logging. Possible
values are: default, json. Default: default.
--log-file <file> Set the log file path and filename. Default: data/log/keycloak.log.
--log-file <file> Set the log file path and filename. Default: data\log\keycloak.log.
--log-file-format <format>
Set a format specific to file log entries. Default: %d{yyyy-MM-dd HH:mm:ss,
SSS} %-5p [%c] (%t) %s%e%n.

4
server-spi/src/main/java/org/keycloak/theme/ThemeSelectorProvider.java
View file

@ -56,6 +56,10 @@ public interface ThemeSelectorProvider extends Provider {
return DEFAULT_V2;
}
if ((type == Theme.Type.WELCOME) && !Profile.isFeatureEnabled(Profile.Feature.LEGACY_WELCOME)) {
return DEFAULT_V2;
}
return DEFAULT;
}

2
testsuite/integration-arquillian/tests/base/src/test/java/org/keycloak/testsuite/admin/ServerInfoTest.java
View file

@ -61,7 +61,7 @@ public class ServerInfoTest extends AbstractKeycloakTest {
Assert.assertNames(info.getThemes().get("admin"), "base", "keycloak.v2");
Assert.assertNames(info.getThemes().get("email"), "base", "keycloak");
Assert.assertNames(info.getThemes().get("login"), "address", "base", "environment-agnostic", "keycloak");
Assert.assertNames(info.getThemes().get("welcome"), "keycloak");
Assert.assertNames(info.getThemes().get("welcome"), "keycloak", "keycloak.v2");
assertNotNull(info.getEnums());

79
themes/pom.xml
View file

@ -15,12 +15,14 @@
<properties>
<dir.common>src/main/resources/theme/keycloak/common/resources</dir.common>
<dir.account2>src/main/resources/theme/keycloak.v2/account/src</dir.account2>
<dir.welcome2>src/main/resources/theme/keycloak.v2/welcome</dir.welcome2>
<args.npm.install>ci --no-optional --ignore-scripts</args.npm.install>
<!-- ignore folders for incremental builds by the maven build cache plugin -->
<maven.build.cache.exclude.1>${project.basedir}/src/main/resources/theme/keycloak/common/resources/node_modules</maven.build.cache.exclude.1>
<maven.build.cache.exclude.2>${project.basedir}/src/main/resources/theme/keycloak/common/resources/web_modules</maven.build.cache.exclude.2>
<maven.build.cache.exclude.3>${project.basedir}/src/main/resources/theme/keycloak.v2/account/src/node_modules</maven.build.cache.exclude.3>
<maven.build.cache.exclude.4>${project.basedir}/src/main/resources/theme/keycloak.v2/account/src/web_modules</maven.build.cache.exclude.4>
<maven.build.cache.exclude.5>${project.basedir}/src/main/resources/theme/keycloak.v2/welcome/node_modules</maven.build.cache.exclude.5>
</properties>
<build>
@ -166,6 +168,83 @@
</build>
</profile>
<profile>
<id>welcome2</id>
<activation>
<property>
<name>!skipWelcome2</name>
</property>
</activation>
<build>
<plugins>
<plugin>
<artifactId>maven-clean-plugin</artifactId>
<configuration>
<filesets>
<fileset>
<directory>${dir.welcome2}/node_modules</directory>
<directory>${dir.welcome2}/resources/vendor</directory>
</fileset>
</filesets>
</configuration>
</plugin>
<plugin>
<groupId>com.github.eirslett</groupId>
<artifactId>frontend-maven-plugin</artifactId>
<executions>
<execution>
<id>setup-node</id>
<goals>
<goal>install-node-and-npm</goal>
</goals>
<phase>initialize</phase>
</execution>
<execution>
<id>npm-install-welcome2</id>
<phase>initialize</phase>
<goals>
<goal>npm</goal>
</goals>
<configuration>
<workingDirectory>${dir.welcome2}</workingDirectory>
<arguments>${args.npm.install}</arguments>
</configuration>
</execution>
</executions>
<configuration>
<nodeVersion>${node.version}</nodeVersion>
<installDirectory>../</installDirectory>
</configuration>
</plugin>
<plugin>
<artifactId>maven-resources-plugin</artifactId>
<executions>
<execution>
<id>copy-patternfly</id>
<phase>generate-resources</phase>
<goals>
<goal>copy-resources</goal>
</goals>
<configuration>
<outputDirectory>${dir.welcome2}/resources/vendor/patternfly</outputDirectory>
<resources>
<resource>
<directory>${dir.welcome2}/node_modules/@patternfly/patternfly</directory>
<includes>
<include>patternfly.css</include>
<include>patternfly-addons.css</include>
<include>assets/fonts/**/*</include>
</includes>
</resource>
</resources>
</configuration>
</execution>
</executions>
</plugin>
</plugins>
</build>
</profile>
<profile>
<id>common</id>
<activation>

2
themes/src/main/resources/META-INF/keycloak-themes.json
View file

@ -7,6 +7,6 @@
"types": [ "login", "common", "email", "welcome" ]
}, {
"name" : "keycloak.v2",
"types": [ "account", "admin" ]
"types": [ "account", "admin", "welcome" ]
}]
}

1
themes/src/main/resources/theme/keycloak.v2/welcome/.gitignore vendored Normal file
View file

@ -0,0 +1 @@
resources/vendor

205
themes/src/main/resources/theme/keycloak.v2/welcome/index.ftl Executable file
View file

@ -0,0 +1,205 @@
<!doctype html>
<html lang="en">
<head>
<meta charset="utf-8">
<title>Welcome to ${productName}</title>
<meta name="robots" content="noindex, nofollow">
<link rel="shortcut icon" href="${resourcesPath}/img/favicon.ico">
<#if properties.stylesCommon?has_content>
<#list properties.stylesCommon?split(' ') as style>
<link href="${resourcesCommonPath}/${style}" rel="stylesheet">
</#list>
</#if>
<#if properties.styles?has_content>
<#list properties.styles?split(' ') as style>
<link href="${resourcesPath}/${style}" rel="stylesheet">
</#list>
</#if>
</head>
<body>
<div class="pf-v5-c-page">
<main class="pf-v5-c-page__main">
<section class="pf-v5-c-page__main-section pf-m-limit-width pf-m-align-center">
<div class="pf-v5-c-page__main-body">
<div class="pf-v5-c-content">
<h1 class="pf-v5-c-title pf-m-2xl pf-v5-u-mb-lg">Welcome to <strong>${productName}</strong></h1>
</div>
<div class="pf-v5-l-grid pf-m-gutter pf-m-all-4-col-on-sm">
<#if adminConsoleEnabled>
<div class="pf-v5-l-grid__item">
<div class="pf-v5-c-card pf-m-full-height">
<div class="pf-v5-c-card__title">
<h2 class="pf-v5-c-card__title-text">Administration Console</h2>
</div>
<div class="pf-v5-c-card__body">
<#if bootstrap>
<#if localUser>
<div class="pf-v5-c-content">
<p class="pf-v5-u-mb-sm">Please create an initial admin user to get started.</p>
</div>
<form id="create-user" class="pf-v5-c-form" method="post" novalidate>
<div class="pf-v5-c-form__group">
<div class="pf-v5-c-form__group-label">
<label class="pf-v5-c-form__label" for="username">
<span class="pf-v5-c-form__label-text">Username</span>&nbsp;<span class="pf-v5-c-form__label-required" aria-hidden="true">&#42;</span>
</label>
</div>
<div class="pf-v5-c-form__group-control">
<span class="pf-v5-c-form-control pf-m-required">
<input id="username" type="text" name="username" autocomplete="username" required>
</span>
</div>
</div>
<div class="pf-v5-c-form__group">
<div class="pf-v5-c-form__group-label">
<label class="pf-v5-c-form__label" for="password">
<span class="pf-v5-c-form__label-text">Password</span>&nbsp;<span class="pf-v5-c-form__label-required" aria-hidden="true">&#42;</span>
</label>
</div>
<div class="pf-v5-c-form__group-control">
<span class="pf-v5-c-form-control pf-m-required">
<input id="password" type="password" name="password" autocomplete="new-password" required>
</span>
</div>
</div>
<div class="pf-v5-c-form__group">
<div class="pf-v5-c-form__group-label">
<label class="pf-v5-c-form__label" for="password-confirmation">
<span class="pf-v5-c-form__label-text">Password confirmation</span>&nbsp;<span class="pf-v5-c-form__label-required" aria-hidden="true">&#42;</span>
</label>
</div>
<div class="pf-v5-c-form__group-control">
<span class="pf-v5-c-form-control pf-m-required">
<input id="password-confirmation" type="password" name="passwordConfirmation" autocomplete="new-password" required>
</span>
</div>
</div>
<input name="stateChecker" type="hidden" value="${stateChecker}">
<#if errorMessage?has_content>
<div class="pf-v5-c-alert pf-m-danger pf-m-plain pf-m-inline pf-v5-u-mb-sm">
<div class="pf-v5-c-alert__icon">
<i class="fas fa-fw fa-exclamation-circle" aria-hidden="true"></i>
</div>
<p class="pf-v5-c-alert__title">
${errorMessage}
</p>
</div>
</#if>
<div class="pf-v5-c-form__group pf-m-action">
<div class="pf-v5-c-form__actions">
<button class="pf-v5-c-button pf-m-primary" type="submit" form="create-user">Create user</button>
</div>
</div>
</form>
<#else>
<div class="pf-v5-c-content">
<p>
You will need local access to create the initial admin user.<br><br>
To create one open <a href="${localAdminUrl}">${localAdminUrl}</a>, or set the environment variables <code>KEYCLOAK_ADMIN</code> and <code>KEYCLOAK_ADMIN_PASSWORD</code> when starting the server.
</p>
</div>
</#if>
<#else>
<div class="pf-v5-c-content">
<p>Centrally manage all aspects of the ${productName} server.</p>
</div>
<#if successMessage?has_content>
<div class="pf-v5-c-alert pf-m-success pf-m-inline pf-v5-u-mt-lg">
<div class="pf-v5-c-alert__icon">
<i class="fas fa-fw fa-check-circle" aria-hidden="true"></i>
</div>
<p class="pf-v5-c-alert__title">
${successMessage}
</p>
</div>
</#if>
<div class="pf-v5-c-card__footer">
<a class="pf-v5-c-button pf-m-link pf-m-inline" href="${adminUrl}">
Visit the administration console
<span class="pf-v5-c-button__icon pf-m-end">
<i class="fas fa-arrow-right" aria-hidden="true"></i>
</span>
</a>
</div>
</#if>
</div>
</div>
</div>
</#if>
<div class="pf-v5-l-grid__item">
<div class="pf-v5-c-card pf-m-full-height">
<div class="pf-v5-c-card__title">
<h2 class="pf-v5-c-card__title-text">Documentation</h2>
</div>
<div class="pf-v5-c-card__body">User Guide, Admin REST API and Javadocs.</div>
<div class="pf-v5-c-card__footer">
<a class="pf-v5-c-button pf-m-link pf-m-inline" href="${properties.documentationUrl}">
Read the documentation
<span class="pf-v5-c-button__icon pf-m-end">
<i class="fas fa-arrow-right" aria-hidden="true"></i>
</span>
</a>
</div>
</div>
</div>
<#if properties.displayCommunityLinks = "true">
<div class="pf-v5-l-grid__item">
<div class="pf-v5-l-grid pf-m-gutter">
<div class="pf-v5-l-grid__item pf-m-12-col">
<div class="pf-v5-c-card">
<div class="pf-v5-c-card__title">
<h2 class="pf-v5-c-card__title-text">${productName} Project</h2>
</div>
<div class="pf-v5-c-card__body">The home page of the ${productName} project.</div>
<div class="pf-v5-c-card__footer">
<a class="pf-v5-c-button pf-m-link pf-m-inline" href="https://www.keycloak.org/">
Visit the ${productName} project
<span class="pf-v5-c-button__icon pf-m-end">
<i class="fas fa-arrow-right" aria-hidden="true"></i>
</span>
</a>
</div>
</div>
</div>
<div class="pf-v5-l-grid__item pf-m-12-col">
<div class="pf-v5-c-card">
<div class="pf-v5-c-card__title">
<h2 class="pf-v5-c-card__title-text">Mailing List</h2>
</div>
<div class="pf-v5-c-card__body">Discussions about ${productName}.</div>
<div class="pf-v5-c-card__footer">
<a class="pf-v5-c-button pf-m-link pf-m-inline" href="https://groups.google.com/g/keycloak-user">
Start a discussion
<span class="pf-v5-c-button__icon pf-m-end">
<i class="fas fa-arrow-right" aria-hidden="true"></i>
</span>
</a>
</div>
</div>
</div>
<div class="pf-v5-l-grid__item pf-m-12-col">
<div class="pf-v5-c-card">
<div class="pf-v5-c-card__title">
<h2 class="pf-v5-c-card__title-text">Issue Tracker</h2>
</div>
<div class="pf-v5-c-card__body">Report issues with ${productName}.</div>
<div class="pf-v5-c-card__footer">
<a class="pf-v5-c-button pf-m-link pf-m-inline" href="https://github.com/keycloak/keycloak/issues">
Report an issue
<span class="pf-v5-c-button__icon pf-m-end">
<i class="fas fa-arrow-right" aria-hidden="true"></i>
</span>
</a>
</div>
</div>
</div>
</div>
</div>
</#if>
</div>
</div>
</section>
</main>
</div>
</body>
</html>

18
themes/src/main/resources/theme/keycloak.v2/welcome/package-lock.json generated Normal file
View file

@ -0,0 +1,18 @@
{
"name": "welcome-v2",
"lockfileVersion": 3,
"requires": true,
"packages": {
"": {
"name": "welcome-v2",
"dependencies": {
"@patternfly/patternfly": "^5.0.2"
}
},
"node_modules/@patternfly/patternfly": {
"version": "5.0.2",
"resolved": "https://registry.npmjs.org/@patternfly/patternfly/-/patternfly-5.0.2.tgz",
"integrity": "sha512-PB8+MLdYVgF1hIOxGmnVsZG+YHUX3RePe5W1oMS4gS00EmSgw1cobr1Qbpy/BqqS8/R9DRN4hZ2FKDT0d5tkFQ=="
}
}
}

6
themes/src/main/resources/theme/keycloak.v2/welcome/package.json Normal file
View file

@ -0,0 +1,6 @@
{
"name": "welcome-v2",
"dependencies": {
"@patternfly/patternfly": "^5.0.2"
}
}

6
themes/src/main/resources/theme/keycloak.v2/welcome/theme.properties Normal file
View file

@ -0,0 +1,6 @@
import=common/keycloak
styles=vendor/patternfly/patternfly.css vendor/patternfly/patternfly-addons.css
documentationUrl=https://www.keycloak.org/documentation.html
displayCommunityLinks=true