keycloak-scim/docs/documentation/release_notes/topics/20_0_0.adoc
2023-05-16 08:59:11 +02:00

93 lines
4.7 KiB
Text

= WildFly distribution removed
In Keycloak 17.0.0 the new Quarkus based distribution of Keycloak, while the WildFly based distribution was deprecated.
With this release the WildFly distribution has been removed, and is no longer supported.
If you are still using the WildFly distribution we highly encourage migrating to the Quarkus distribution as soon as
possible, see the https://www.keycloak.org/migration/migrating-to-quarkus[Migration Guide] for more details.
= New Keycloak Operator upgrade
We are happy to announce that the new Keycloak Operator for the Quarkus based distribution is no longer a preview
feature. We added new functionality as well as a number of improvements, some which has resulted in breaking changes.
== Realm Operator
As the new Operator currently lacks some of the CRs (e.g. Client and User), we're introducing a temporary workaround in
the form of a Realm Operator. Please see its https://github.com/keycloak/keycloak-realm-operator[GitHub Repository] for
more details. See also https://www.keycloak.org/2022/09/operator-crs["The future of Keycloak Operator CRs" blogpost].
= Supported OpenJDK versions
Keycloak now supports OpenJDK 17 both for the server and adapters.
With the removal of the WildFly based distribution there is no longer support for running the Keycloak server on OpenJDK 8.
We also plan to remove support for Keycloak adapters on OpenJDK 8 in Keycloak 21.
Starting with Keycloak 22 we plan to only support the latest OpenJDK LTS release and aiming to quickly also support the
latest OpenJDK release. That means we will be also removing OpenJDK 11 support for the Keycloak server in Keycloak 22.
= Hostname provider now supports configuring the complete base URL
In this release, we are introducing two additional server options to set the base URL for frontend request and the Admin
Console:
* `hostname-url`
* `hostname-admin-url`
More details can be found at the https://www.keycloak.org/server/hostname[Configuring the Hostname] {section}.
= Improvements to `kc.bat` when running Keycloak on Windows
In this release, we are making important changes to `kc.bat` to give the same experience as when running on Linux.
= Upgrade of embedded H2 database
{project_name} ships for development purposes with an H2 database driver. As it is intended for development purposes
only, it should never be used in a production environment.
In this release, the H2 driver has been upgraded from version 1.x to version 2.x.
= Feature guard for hosting the Keycloak JavaScript adapter
Applications are able to load `keycloak.js` directly from the Keycloak server. As it's not considered a best-practice
to load JavaScript libraries this way there is now a feature guard that allows disabling this ability.
In Keycloak 21 we will deprecate this option, and in Keycloak 22 we plan to completely remove the ability to load
`keycloak.js` from the Keycloak server.
= OTP Application SPI
In previous releases the list of OTP applications displayed to users was hard-coded in Keycloak. With the introduction of
the OTP Application SPI it is now possible to disable built-in OTP applications, as well as adding custom OTP Applications.
= Custom Identity Providers can now set an icon for the provider
A custom identity provider can now set the icon used on the login pages. Thanks to https://github.com/klausbetz[Klaus Betz],
who happens also to maintain
https://github.com/klausbetz/apple-identity-provider-keycloak[an extension to Keycloak to support log in with AppleID].
= FIPS 140-2 experimental support
There is now experimental support for deploying Keycloak into a FIPS 140-2 enabled environment. There will be a blog post
with the details shortly after the release with the details how you can try it. Feedback is welcome!
Thanks to https://github.com/david-rh[David Anderson], who contributed parts of this feature. Also, thanks to
https://github.com/sudeepd[Sudeep Das] and https://github.com/isaacjensen[Isaac Jensen] for their initial prototype
effort, which was used as an inspiration.
= Search groups by attribute
It is now possible to search groups by attribute through the Admin REST API. Thanks to
https://github.com/Redhat-Alice[Alice] for this contribution.
= View group membership in the account console
It is now possible to allow users to view their group memberships in the account console. Thanks to
https://github.com/cgeorgilakis[cgeorgilakis] for this contribution.
= Deprecated methods from data providers and models were removed
Several deprecated methods were removed from data providers and models. If not done already, their usage needs to be
replaced with the corresponding replacement documented in Javadoc of Keycloak 19 release. See
link:{upgradingguide_link}[{upgradingguide_name}] for more details.