From be29be67412eec27576392fff2ece2a29c165e6f Mon Sep 17 00:00:00 2001 From: andymunro <48995441+andymunro@users.noreply.github.com> Date: Thu, 14 Mar 2024 06:03:58 -0400 Subject: [PATCH] Edit Keycloak 23 part of Upgrading Guide Closes #27484 Signed-off-by: AndyMunro --- .../topics/changes/changes-23_0_0.adoc | 17 ++++++++--------- .../topics/changes/changes-23_0_2.adoc | 6 ++++-- .../topics/changes/changes-23_0_5.adoc | 2 +- 3 files changed, 13 insertions(+), 12 deletions(-) diff --git a/docs/documentation/upgrading/topics/changes/changes-23_0_0.adoc b/docs/documentation/upgrading/topics/changes/changes-23_0_0.adoc index 3fbddd1877..8868d84f7d 100644 --- a/docs/documentation/upgrading/topics/changes/changes-23_0_0.adoc +++ b/docs/documentation/upgrading/topics/changes/changes-23_0_0.adoc @@ -8,7 +8,7 @@ However, some OpenID Connect / OAuth2 adapters, and especially older {project_na For example, the parameter will be always present in the browser URL after successful authentication to the client application. In these cases, it may be useful to disable adding the `iss` parameter to the authentication response. This can be done -for the particular client in the {project_name} Admin console, in client details in the section with `OpenID Connect Compatibility Modes`, +for the particular client in the {project_name} Admin Console, in client details in the section with `OpenID Connect Compatibility Modes`, described in <<_compatibility_with_older_adapters>>. Dedicated `Exclude Issuer From Authentication Response` switch exists, which can be turned on to prevent adding the `iss` parameter to the authentication response. @@ -19,13 +19,12 @@ As `+*+` is a natural wildcard character in LDAP, it works in all places, while worked at the beginning and the end of the search string. Starting with this release the only wildcard character is `+*+` which work consistently across all providers in all places in the search string. All special characters in a specific provider like `%` and `+_+` for JPA are escaped. For exact -search, with added quotes e.g. `+"w*ord"+`, the behavior remains the same as in previous releases. +search, with added quotes such as `+"w*ord"+`, the behavior remains the same as in previous releases. = Language files for themes default to UTF-8 encoding - This release now follows the standard mechanisms of Java and later, which assumes resource bundle files to be encoded in UTF-8. -Previous versions of Keycloak supported specifying the encoding in the first line with a comment like `# encoding: UTF-8`, which is no longer supported and is ignored. +Previous versions of {project_name} supported specifying the encoding in the first line with a comment like `# encoding: UTF-8`, which is no longer supported and is ignored. Message properties files for themes are now read in UTF-8 encoding, with an automatic fallback to ISO-8859-1 encoding. If you are using a different encoding, convert the files to UTF-8. @@ -155,7 +154,7 @@ Stream getTopLevelGroupsStream(RealmModel realm, * new field `subGroupCount` added to inform client how many subgroups are on any given group * `subGroups` list is now only populated on queries that request hierarchy data - * This field is populated from the "bottom up" so can't be relied on for getting all subgroups for a group. Use a `GroupProvider` or request the subgroups from `GET {keycloak server}/realms/{realm}/groups/{group_id}/children` + * This field is populated from the "bottom up" so cannot be relied on for getting all subgroups for a group. Use a `GroupProvider` or request the subgroups from `GET {keycloak server}/realms/{realm}/groups/{group_id}/children` = New endpoint for Group Admin API @@ -170,7 +169,7 @@ The endpoint `POST {keycloak server}/realms/{realm}/partial-export` and the corr = Removal of the options to trim the event's details length -Since this release, Keycloak supports long value for `EventEntity` details column. Therefore, it no longer supports options for trimming event detail length `--spi-events-store-jpa-max-detail-length` and `--spi-events-store-jpa-max-field-length`. +Since this release, {project_name} supports long value for `EventEntity` details column. Therefore, it no longer supports options for trimming event detail length `--spi-events-store-jpa-max-detail-length` and `--spi-events-store-jpa-max-field-length`. = User Profile updates @@ -178,7 +177,7 @@ This release includes many fixes and updates that are related to user profile as Minor changes exist for the SPI such as the newly added method `boolean isEnabled(RealmModel realm)` on `UserProfileProvider` interface. Also some user profile classes and some validator related classes (but not builtin validator implementations) were moved from `keycloak-server-spi-private` to `keycloak-server-spi` module. However, the packages for java classes remain the same. You might be affected in some corner cases, such as when you -are overriding the built-in implementation with your own `UserProfileProvider` implementation However, note that `UserProfileProvider` is an unsupported SPI. +are overriding the built-in implementation with your own `UserProfileProvider` implementation. However, note that `UserProfileProvider` is an unsupported SPI. ifeval::[{project_community}==true] = Removal of the Map Store @@ -191,8 +190,8 @@ The modules `keycloak-model-map*` have been removed. endif::[] = Removed namespaces from our translations -We moved all translations into one file for the admin-ui, if you have made your own translations or extended the admin ui you will need to migrate them to this new format. -Also if you have "overrides" in your database you'll have to remove the namespace from the keys. +All translations are moved into one file for the Admin Console. If you have made your own translations or extended the Admin Console you will need to migrate them to this new format. +Also if you have "overrides" in your database, you will have to remove the namespace from the keys. Some keys are the same only in different namespaces, this is most obvious to help. In these cases we have postfix the key with `Help`. diff --git a/docs/documentation/upgrading/topics/changes/changes-23_0_2.adoc b/docs/documentation/upgrading/topics/changes/changes-23_0_2.adoc index 19cb057cbb..34aeefab07 100644 --- a/docs/documentation/upgrading/topics/changes/changes-23_0_2.adoc +++ b/docs/documentation/upgrading/topics/changes/changes-23_0_2.adoc @@ -4,10 +4,12 @@ Version 1.8.0 introduced a lower-case for the hostname and scheme when comparing For realms relying on the old behavior, the valid redirect URIs for their clients should now hold separate entries for each URI that should be recognized by the server. -Although it introduces more steps and verbosity when configuring clients, the new behavior enables more secure deployments as pattern-based checks are frequently the cause of security issues. Not only due to how they are implemented but also how they are configured. +Although it introduces more steps and verbosity when configuring clients, the new behavior enables more secure deployments as pattern-based checks are frequently the cause of security issues. These issues are due to how they are implemented and how they are configured. +ifeval::[{project_community}==true] = Operator -secrets-store Secret Older versions of the operator created a Secret to track watched Secrets. Newer versions of the operator no longer use the -secrets-store Secret, so it may be deleted. -If you are on 23.0.0 or 23.0.1 and see "org.keycloak.operator.controllers.KeycloakAdminSecretDependentResource -> java.lang.IllegalStateException: More than 1 secondary resource related to primary" in the operator log then either delete the -secrets-store Secret, or upgrade to 23.0.2 where this is no longer an issue. \ No newline at end of file +If you are on 23.0.0 or 23.0.1 and see "org.keycloak.operator.controllers.KeycloakAdminSecretDependentResource -> java.lang.IllegalStateException: More than 1 secondary resource related to primary" in the operator log then either delete the -secrets-store Secret, or upgrade to 23.0.2 where this is no longer an issue. +endif::[] diff --git a/docs/documentation/upgrading/topics/changes/changes-23_0_5.adoc b/docs/documentation/upgrading/topics/changes/changes-23_0_5.adoc index 8f5608c42b..2e03ee8059 100644 --- a/docs/documentation/upgrading/topics/changes/changes-23_0_5.adoc +++ b/docs/documentation/upgrading/topics/changes/changes-23_0_5.adoc @@ -6,4 +6,4 @@ Because of issue https://github.com/keycloak/keycloak/issues/25078[#25078], the ./kc.sh start --spi-events-listener-jboss-logging-sanitize=false --spi-events-listener-jboss-logging-quotes=none ... ``` -More information about the options in the https://www.keycloak.org/server/all-provider-config#_jboss_logging[all provider configuration guide]. +For more information about the options, see https://www.keycloak.org/server/all-provider-config#_jboss_logging[all provider configuration guide].