keycloak-scim/server_installation/topics/profiles.adoc
2022-04-19 13:59:25 +02:00

150 lines
2.6 KiB
Text

[[profiles]]
== Profiles
There are features in {project_name} that are not enabled by default, these include features that are not fully
supported. In addition there are some features that are enabled by default, but that can be disabled.
The features that can be enabled and disabled are:
[cols="4*", options="header"]
|===
|Name
|Description
|Enabled by default
|Support level
|account2
|New Account Management Console
|Yes
|Supported
|account_api
|Account Management REST API
|Yes
|Supported
|admin_fine_grained_authz
|Fine-Grained Admin Permissions
|No
|Preview
|ciba
|OpenID Connect Client Initiated Backchannel Authentication (CIBA)
|Yes
|Supported
|client_policies
|Add client configuration policies
|Yes
|Supported
|client_secret_rotation
|Enables client secret rotation for confidential clients
|Yes
|Preview
|par
|OAuth 2.0 Pushed Authorization Requests (PAR)
|Yes
|Supported
|declarative_user_profile
|Configure user profiles using a declarative style
|No
|Preview
|docker
|Docker Registry protocol
|No
|Supported
|impersonation
|Ability for admins to impersonate users
|Yes
|Supported
|openshift_integration
|Extension to enable securing OpenShift
|No
|Preview
|recovery_codes
|Recovery codes for authentication
|No
|Preview
|scripts
|Write custom authenticators using JavaScript
|No
|Preview
|step_up_authentication
|Step-up authentication
|Yes
|Supported
|token_exchange
|Token Exchange Service
|No
|Preview
|upload_scripts
|Upload scripts
|No
|Deprecated
|web_authn
|W3C Web Authentication (WebAuthn)
|Yes
|Supported
|===
To enable all preview features start the server with:
[source]
----
bin/standalone.sh|bat -Dkeycloak.profile=preview
----
You can set this permanently by creating the file `standalone/configuration/profile.properties`
(or `domain/servers/server-one/configuration/profile.properties` for `server-one` in domain mode). Add the following to
the file:
[source]
----
profile=preview
----
To enable a specific feature start the server with:
[source]
----
bin/standalone.sh|bat -Dkeycloak.profile.feature.<feature name>=enabled
----
For example to enable Docker use `-Dkeycloak.profile.feature.docker=enabled`.
You can set this permanently in the `profile.properties` file by adding:
[source]
----
feature.docker=enabled
----
To disable a specific feature start the server with:
[source]
----
bin/standalone.sh|bat -Dkeycloak.profile.feature.<feature name>=disabled
----
For example to disable Impersonation use `-Dkeycloak.profile.feature.impersonation=disabled`.
You can set this permanently in the `profile.properties` file by adding:
[source]
----
feature.impersonation=disabled
----