keycloak-scim/release_notes/topics/10_0_0.adoc

44 lines
No EOL
1.7 KiB
Text

= Highlights
== Identity Brokering Sync Mode
With Identity Brokering Sync Mode it is now possible to control if user profiles are updated on first login, or
every login from an external Identity Provider. It is also possible to override this behaviour on individual mappers.
Thanks to https://github.com/Martin-Idel-SI[Martin Idel]
== Client Session Timeout for OpenID Connect / OAuth 2.0
Typically, an SSO session last for days if not months, while individual client sessions should ideally be a lot shorter.
With the introduction of client session timeout it is now possible to configure a separate timeout for individual clients,
as well as a default for all clients within a realm.
Thanks to https://github.com/y-tabata[Yoshiyuki Tabata]
== OAuth 2.0 Token Revocation (RFC 7009)
For applications that use Keycloak as an OAuth 2.0 Authorization Server there is now support to revoke refresh tokens
through the token revocation endpoint.
Thanks to https://github.com/y-tabata[Yoshiyuki Tabata]
== Security Headers SPI and Response Filter
A new SPI was introduced to allow better flexibility when setting security related headers on responses. This provides
a cleaner implementation within Keycloak, but also allows full customisation if needed. Security headers are now set
by a response filter instead of within the code itself, which makes it less error-prone, removing the chance that
some response are missing headers.
== Upgrade to WildFly 19
Keycloak server was upgraded to use WildFly 19 under the covers.
== Other improvements
* Support for invoking Application Initiated Actions added to Keycloak JavaScript adapter
* Performance improvements to fetching resources and policies during evaluation