624e8fe663
Closes #10610
150 lines
2.6 KiB
Text
150 lines
2.6 KiB
Text
[[profiles]]
|
|
|
|
== Profiles
|
|
|
|
There are features in {project_name} that are not enabled by default, these include features that are not fully
|
|
supported. In addition there are some features that are enabled by default, but that can be disabled.
|
|
|
|
The features that can be enabled and disabled are:
|
|
|
|
[cols="4*", options="header"]
|
|
|===
|
|
|Name
|
|
|Description
|
|
|Enabled by default
|
|
|Support level
|
|
|
|
|account2
|
|
|New Account Management Console
|
|
|Yes
|
|
|Supported
|
|
|
|
|account_api
|
|
|Account Management REST API
|
|
|Yes
|
|
|Supported
|
|
|
|
|admin_fine_grained_authz
|
|
|Fine-Grained Admin Permissions
|
|
|No
|
|
|Preview
|
|
|
|
|ciba
|
|
|OpenID Connect Client Initiated Backchannel Authentication (CIBA)
|
|
|Yes
|
|
|Supported
|
|
|
|
|client_policies
|
|
|Add client configuration policies
|
|
|Yes
|
|
|Supported
|
|
|
|
|client_secret_rotation
|
|
|Enables client secret rotation for confidential clients
|
|
|Yes
|
|
|Preview
|
|
|
|
|par
|
|
|OAuth 2.0 Pushed Authorization Requests (PAR)
|
|
|Yes
|
|
|Supported
|
|
|
|
|declarative_user_profile
|
|
|Configure user profiles using a declarative style
|
|
|No
|
|
|Preview
|
|
|
|
|docker
|
|
|Docker Registry protocol
|
|
|No
|
|
|Supported
|
|
|
|
|impersonation
|
|
|Ability for admins to impersonate users
|
|
|Yes
|
|
|Supported
|
|
|
|
|openshift_integration
|
|
|Extension to enable securing OpenShift
|
|
|No
|
|
|Preview
|
|
|
|
|recovery_codes
|
|
|Recovery codes for authentication
|
|
|No
|
|
|Preview
|
|
|
|
|scripts
|
|
|Write custom authenticators using JavaScript
|
|
|No
|
|
|Preview
|
|
|
|
|step_up_authentication
|
|
|Step-up authentication
|
|
|Yes
|
|
|Supported
|
|
|
|
|token_exchange
|
|
|Token Exchange Service
|
|
|No
|
|
|Preview
|
|
|
|
|upload_scripts
|
|
|Upload scripts
|
|
|No
|
|
|Deprecated
|
|
|
|
|web_authn
|
|
|W3C Web Authentication (WebAuthn)
|
|
|Yes
|
|
|Supported
|
|
|
|
|===
|
|
|
|
To enable all preview features start the server with:
|
|
|
|
[source]
|
|
----
|
|
bin/standalone.sh|bat -Dkeycloak.profile=preview
|
|
----
|
|
|
|
You can set this permanently by creating the file `standalone/configuration/profile.properties`
|
|
(or `domain/servers/server-one/configuration/profile.properties` for `server-one` in domain mode). Add the following to
|
|
the file:
|
|
|
|
[source]
|
|
----
|
|
profile=preview
|
|
----
|
|
|
|
To enable a specific feature start the server with:
|
|
|
|
[source]
|
|
----
|
|
bin/standalone.sh|bat -Dkeycloak.profile.feature.<feature name>=enabled
|
|
----
|
|
|
|
For example to enable Docker use `-Dkeycloak.profile.feature.docker=enabled`.
|
|
|
|
You can set this permanently in the `profile.properties` file by adding:
|
|
|
|
[source]
|
|
----
|
|
feature.docker=enabled
|
|
----
|
|
|
|
To disable a specific feature start the server with:
|
|
|
|
[source]
|
|
----
|
|
bin/standalone.sh|bat -Dkeycloak.profile.feature.<feature name>=disabled
|
|
----
|
|
|
|
For example to disable Impersonation use `-Dkeycloak.profile.feature.impersonation=disabled`.
|
|
|
|
You can set this permanently in the `profile.properties` file by adding:
|
|
|
|
[source]
|
|
----
|
|
feature.impersonation=disabled
|
|
----
|