libre.sh/keycloak-scim
3
0
Fork 0
Code Issues 15 Pull requests Releases 1 Packages Activity Actions

Updates to release note for KC 13

Browse source
This commit is contained in:
stianst 2021-05-06 11:55:07 +02:00 committed by Stian Thorgersen
parent bb75edf44c
commit f29f558570
1 changed files with 21 additions and 7 deletions
Show stats Download patch file Download diff file Expand all files Collapse all files

28
release_notes/topics/13_0_0.adoc
View file

@ -1,20 +1,21 @@
= Highlights
== Default roles processing improvement
== Upgrade to Wildfly 23
Default roles are now internally stored as composite roles of a new role usually named `default-roles-${realmName}`. Instead of assigning
both realm and all client default roles directly to newly created users or users imported through Identity Brokering, just the role is
assigned to them and the rest of default roles are assigned as effective roles. This change improves performance of default roles processing,
especially with larger number of clients, because it is no longer necessary to go through all clients.
The {project_name} server was upgraded to use Wildfly 23.0.2.Final as the underlying container.
== OAuth 2.0 Device Authorization Grant (RFC 8628)
Support for OAuth 2.0 Device Authorization Grant is now available. Thanks to https://github.com/wadahiro[Hiroyuki Wada], https://github.com/splatch[Łukasz Dywicki]
Support for OAuth 2.0 Device Authorization Grant is now available.
Thanks to https://github.com/wadahiro[Hiroyuki Wada], https://github.com/splatch[Łukasz Dywicki]
and https://github.com/Michito-Okai[Michito Okai].
== OpenID Connect Client Initiated Backchannel Authentication (CIBA)
Support for OpenID Connect Client Initiated Backchannel Authentication (CIBA) is now available. Thanks to https://github.com/tnorimat[Takashi Norimatsu],
Support for OpenID Connect Client Initiated Backchannel Authentication (CIBA) is now available.
Thanks to https://github.com/tnorimat[Takashi Norimatsu],
https://github.com/andriimurashkin[Andrii Murashkin], https://github.com/c4r1570p4e[Christophe Lannoy] and members of the FAPI WG for the implementation and feedback.
== SAML Artifact binding in server to client communication
@ -25,3 +26,16 @@ details proceed to link:{adminguide_link}#_client-saml-configuration[{adminguide
this version, Keycloak SAML client adapter does NOT support Artifact binding.
Thanks to https://github.com/AlistairDoswald[AlistairDoswald] and https://github.com/harture[harture].
== Support PKCE for identity brokering
Keycloak can now leverage PKCE when brokering to an external OpenID Connect IdP.
Thanks to https://github.com/thomasdarimont[thomasdarimont].
== Default roles processing improvement
Default roles are now internally stored as composite roles of a new role usually named `default-roles-${realmName}`. Instead of assigning
both realm and all client default roles directly to newly created users or users imported through Identity Brokering, just the role is
assigned to them and the rest of default roles are assigned as effective roles. This change improves performance of default roles processing,
especially with larger number of clients, because it is no longer necessary to go through all clients.