libre.sh/keycloak-scim
2
0
Fork 0
Code Issues 14 Pull requests Releases Packages Activity Actions 6
keycloak-scim/docs/documentation/release_notes/topics/23_0_0.adoc
mposolda 4ec85707f4 Upgrading notes for user profile 
closes #24491

Signed-off-by: mposolda <mposolda@gmail.com>

Co-authored-by: andymunro <48995441+andymunro@users.noreply.github.com>
2023-11-06 02:19:26 -08:00

62 lines
4.3 KiB
Text
Raw Blame History

= Localization files for themes default to UTF-8 encoding
Message properties files for themes are now read in UTF-8 encoding, with an automatic fallback to ISO-8859-1 encoding.
See the migration guide for more details.
= FAPI 2 drafts support
Keycloak has new client profiles `fapi-2-security-profile` and `fapi-2-message-signing`, which ensure Keycloak enforces compliance with
the latest FAPI 2 draft specifications when communicating with your clients. Thanks to https://github.com/tnorimat[Takashi Norimatsu] for the contribution.
= DPoP preview support
Keycloak has preview for support for OAuth 2.0 Demonstrating Proof-of-Possession at the Application Layer (DPoP). Thanks to
https://github.com/tnorimat[Takashi Norimatsu] and https://github.com/dteleguin[Dmitry Telegin] for their contributions.
= Passkeys support
Keycloak has preview support for https://fidoalliance.org/passkeys/[Passkeys].
Passkey registration and authentication are realized by the features of WebAuthn.
Therefore, users of Keycloak can do passkey registration and authentication by existing WebAuthn registration and authentication.
Both synced passkeys and device-bound passkeys can be used for both Same-Device and Cross-Device Authentication.
However, passkeys operations success depends on the user's environment. Make sure which operations can succeed in https://passkeys.dev/device-support/[the environment].
Thanks to https://github.com/tnorimat[Takashi Norimatsu] for the contribution and thanks to https://github.com/thomasdarimont[Thomas Darimont] for the help with the
ideas and testing of this feature.
= WebAuthn improvements
WebAuthn policy now includes a new field: `Extra Origins`. It provides better interoperability with non-Web platforms (for example, native mobile applications).
Thanks to https://github.com/akunzai[Charley Wu] for the contribution.
= RESTEasy Reactive
Keycloak has switched to RESTEasy Reactive. Applications using `quarkus-resteasy-reactive` should still benefit from a better startup time, runtime performance, and memory footprint, even though not using reactive style/semantics. SPI's that depend directly on JAX-RS API should be compatible with this change. SPI's that depend on RESTEasy Classic including `ResteasyClientBuilder` will not be compatible and will require update, this will also be true for other implementation of the JAX-RS API like Jersey.
= More flexibility for introspection endpoint
In previous versions, introspection endpoint automatically returned most claims, which were available in the access token. Now there is new
switch `Add to token introspection` on most of protocol mappers. This addition allows more flexibility as introspection endpoint can return different
claims than access token. This is first step towards "Lightweight access tokens" support as access tokens can omit lots of the claims, which would be still returned
by the introspection endpoint. When migrating from previous versions, the introspection endpoint should return same claims, which are returned from access token,
so the behavior should be effectively the same by default after the migration. Thanks to https://github.com/skabano[Shigeyuki Kabano] for the contribution.
= Feature flag for OAuth 2.0 device authorization grant flow
The OAuth 2.0 device authorization grant flow now includes a feature flag, so you can easily disable this feature. This feature is still enabled by default.
Thanks to https://github.com/thomasdarimont[Thomas Darimont] for the contribution.
= Group scalability improvements
Performance around searching of groups is improved for the use-cases with many groups and subgroups. There are improvements, which allow
paginated lookup of subgroups. Thanks to https://github.com/alice-wondered[Alice] for the contribution.
= User profile improvements
Declarative user profile is still a preview feature in this release, but we are working hard on promoting it to a supported feature. Feedback is welcome.
If you find any issues or have any improvements in mind, you are welcome to create https://github.com/keycloak/keycloak/issues/new/choose[Github issue],
ideally with the label `area/user-profile`. It is also recommended to check the link:{upgradingguide_link}[{upgradingguide_name}] with the migration changes for this
release for some additional informations related to the migration.
Reference in a new issue View git blame Copy permalink