libre.sh/keycloak-scim
2
0
Fork 0
Code Issues 14 Pull requests Releases Packages Activity Actions 6
keycloak-scim/docs/documentation/upgrading/topics/changes/changes-25_0_0.adoc
Alexander Schwartz 1788cf2b09 Enable Infinispan metrics automatically if overall metrics are enabled 
Closes #27724

Signed-off-by: Alexander Schwartz <aschwart@redhat.com>
2024-03-13 18:55:45 +01:00

28 lines
2 KiB
Text
Raw Blame History

= Metrics for embedded caches enabled by default
Metrics for the embedded caches are now enabled by default.
To enable histograms for latencies, set the option `cache-metrics-histograms-enabled` to `true`.
= Nonce claim is only added to the ID token
The nonce claim is now only added to the ID token strictly following the OpenID Connect Core 1.0 specification. As indicated in the specification, the claim is compulsory inside the https://openid.net/specs/openid-connect-core-1_0.html#IDToken[ID token] when the same parameter was sent in the authorization request. The specification also recommends to not add the `nonce` after a https://openid.net/specs/openid-connect-core-1_0.html#RefreshTokenResponse[refresh request]. Previously, the claim was set to all the tokens (Access, Refresh and ID) in all the responses (refresh included).
A new `Nonce backwards compatible` mapper is also included in the software that can be assigned to client scopes to revert to the old behavior. For example, the JS adapter checked the returned `nonce` claim in all the tokens before fixing issue https://github.com/keycloak/keycloak/issues/26651[#26651] in version 24.0.0. Therefore, if an old version of the JS adapter is used, the mapper should be added to the required clients by using client scopes.
= Limiting memory usage when consuming HTTP responses
In some scenarios like brokering Keycloak uses HTTP to talk to external servers.
To avoid a denial of service when those providers send too much data, {project_name} now restricts responses to 10 MB by default.
Users can configure this limit by setting the provider configuration option `spi-connections-http-client-default-max-consumed-response-size`:
.Restricting the consumed responses to 1 MB
[source,bash]
----
bin/kc.[sh|bat] --spi-connections-http-client-default-max-consumed-response-size=1000000
----
= Removed a model module
The module `org.keycloak:keycloak-model-legacy` module was deprecated in a previous release and is removed in this release. Use the `org.keycloak:keycloak-model-storage` module instead.
Reference in a new issue View git blame Copy permalink