libre.sh/keycloak-scim
2
0
Fork 0
Code Issues 14 Pull requests Releases Packages Activity Actions 6
keycloak-scim/release_notes/topics/18_0_0.adoc
Dominik Guhr 7f1b39b220
Quarkus Distribution release notes (#1479) 
* Quarkus Distribution release notes

Closes #1478

* Update upgrading/topics/keycloak/changes-18_0_0.adoc

Co-authored-by: Václav Muzikář <vaclav@muzikari.cz>

* Apply suggestions from code review

Co-authored-by: Stian Thorgersen <stian@redhat.com>

Co-authored-by: Václav Muzikář <vaclav@muzikari.cz>
Co-authored-by: Stian Thorgersen <stian@redhat.com>
2022-04-20 09:19:44 +02:00

83 lines
No EOL
4.3 KiB
Text
Raw Blame History

= Highlights
== New Admin Console preview
The new Admin Console is now graduated to preview, with the plan for it to become the default admin console in Keycloak 19.
If you find any issues with the new console, or have some suggestions for improvements, please let us know through https://github.com/keycloak/keycloak/discussions/categories/new-admin-console[GitHub Discussions].
== Step-up authentication
{project_name} now supports Step-up authentication. This feature was added in Keycloak 17, and was further polished in this version.
For more details, see link:{adminguide_link}#_step-up-flow[{adminguide_name}].
Thanks to https://github.com/CorneliaLahnsteiner[Cornelia Lahnsteiner] and https://github.com/romge[Georg Romstorfer] for the contribution.
== Client secret rotation
{project_name} now supports Client Secret Rotation through customer policies. This feature is now available as a preview feature and allows that confidential clients can be provided with realm policies allowing the use up to two secrets simultaneously.
For more details, see link:{adminguide_link}#_secret_rotation[{adminguide_name}].
== Recovery Codes
Recovery Codes as another way to do two-factor authentication is now available as a preview feature.
== OpenID Connect Logout Improvements
Some fixes and improvements were made to make sure that {project_name} is now fully compliant with all the OpenID Connect logout specifications:
* OpenID Connect RP-Initiated Logout 1.0
* OpenID Connect Front-Channel Logout 1.0
* OpenID Connect Back-Channel Logout 1.0
* OpenID Connect Session Management 1.0
For more details, see link:{adminguide_link}#_oidc-logout[{adminguide_name}].
== WebAuthn improvements
{project_name} now supports WebAuthn id-less authentication. This feature allows that WebAuthn Security Key will identify the user during authentication as long as the
security key supports Resident Keys. For more details, see link:{adminguide_link}#_webauthn_loginless[{adminguide_name}].
Thanks to https://github.com/vanrar68[Joaquim Fellmann] for the contribution.
There are more WebAuthn improvements and fixes in addition to that.
== Session limits
{project_name} now supports limits on the number of sessions a user can have. Limits can be placed at the realm level or at the client level.
For more details, see link:{adminguide_link}#_user_session_limits[{adminguide_name}].
Thanks to https://github.com/mfdewit[Mauro de Wit] for the contribution.
== Quarkus distribution
=== Import realms at startup
The {project_name} Quarkus distribution now supports importing your realms directly at start-up. For more information, check the corresponding https://www.keycloak.org/server/importExport[guide].
=== JSON and File Logging improvements
The {project_name} Quarkus distribution now initially supports logging to a File and logging structured data using JSON.
For more information on the improvements, check the corresponding https://www.keycloak.org/server/logging[guide].
=== Environment variable expansion for values in keycloak.conf
The {project_name} Quarkus distribution now supports expanding values in keycloak.conf from environment variables, e.g. `log-level=${ROOT_LOG_LVL:info}` would look for an environment variable names `ROOT_LOG_LVL` first and default to info if it could not find it.
For more information, check the corresponding https://www.keycloak.org/server/configuration[guide].
=== New Option db-url-port
You can now change the port of your jdbc connection string explicitly by setting the new `db-url-port` configuration option. As for the other convenience options, this option will be overridden by the value of a full `db-url`, if set.
=== Split metrics-enabled option into health-enabled and metrics-enabled
The `metrics-enabled` option now only enables the metrics for {project_name}. To enable the readiness and liveness probe, there's the new build option `health-enabled`. This allows more fine-grained usage of these options.
== Other improvements
* Account console alignments with latest PatternFly release.
* Support for encrypted User Info endpoint response. Thanks to https://github.com/giacomoa[Giacomo Altiero]
* Support for the algorithm RSA-OAEP with A256GCM used for encryption keys. Thanks to https://github.com/fbrissi[Filipe Bojikian Rissi]
* Support for login with GitHub Enterprise server. Thanks to https://github.com/nngo[Neon Ngo]
Reference in a new issue View git blame Copy permalink