Keycloak

Форк
0
118 строк · 6.2 Кб
1
= New Operator preview
2

3
With this release, we're introducing a brand new {project_operator} as a preview. Apart from being rewritten from
4
scratch, the main user-facing change from the legacy Operator is the used {project_name} distribution – the new Operator
5
uses the Quarkus distribution of {project_name}. With that, the API (in form of Custom Resource Definitions) has changed.
6
For details, incl. installation and migration instructions, see the https://www.keycloak.org/guides#operator[Operator related guides].
7

8
The link:{operatorRepo_link}[legacy Operator] will receive updates until Keycloak 20 when the {project_name} WildFly
9
distribution reaches EOL.
10

11
== OperatorHub versioning scheme
12
To avoid version conflicts with the legacy Operator, the 18.0.0 version of the new Operator is released as version
13
`20.0.0-alpha.1` on OperatorHub. The legacy Operator versioning scheme remains the same, i.e. it is released as 18.0.0.
14

15
The same pattern will apply for future {project_name} 18 and 19 releases, until version 20 where the legacy Operator
16
reaches EOL.
17

18
= New Admin Console preview
19

20
The new Admin Console is now graduated to preview, with the plan for it to become the default admin console in Keycloak 19.
21

22
If you find any issues with the new console, or have some suggestions for improvements, please let us know through https://github.com/keycloak/keycloak/discussions/categories/new-admin-console[GitHub Discussions].
23

24
= Step-up authentication
25

26
{project_name} now supports Step-up authentication. This feature was added in Keycloak 17, and was further polished in this version.
27

28
For more details, see link:{adminguide_link}#_step-up-flow[{adminguide_name}].
29

30
Thanks to https://github.com/CorneliaLahnsteiner[Cornelia Lahnsteiner] and https://github.com/romge[Georg Romstorfer] for the contribution.
31

32
= Client secret rotation
33

34
{project_name} now supports Client Secret Rotation through customer policies. This feature is now available as a preview feature and allows that confidential clients can be provided with realm policies allowing the use up to two secrets simultaneously.
35

36
For more details, see link:{adminguide_link}#_secret_rotation[{adminguide_name}].
37

38
= Recovery Codes
39

40
Recovery Codes as another way to do two-factor authentication is now available as a preview feature.
41

42
= OpenID Connect Logout Improvements
43

44
Some fixes and improvements were made to make sure that {project_name} is now fully compliant with all the OpenID Connect logout specifications:
45

46
* OpenID Connect RP-Initiated Logout 1.0
47
* OpenID Connect Front-Channel Logout 1.0
48
* OpenID Connect Back-Channel Logout 1.0
49
* OpenID Connect Session Management 1.0
50

51
For more details, see link:{adminguide_link}#_oidc-logout[{adminguide_name}].
52

53
= WebAuthn improvements
54

55
{project_name} now supports WebAuthn id-less authentication. This feature allows that WebAuthn Security Key will identify the user during authentication as long as the
56
security key supports Resident Keys. For more details, see link:{adminguide_link}#_webauthn_loginless[{adminguide_name}].
57
Thanks to https://github.com/vanrar68[Joaquim Fellmann] for the contribution.
58

59
There are more WebAuthn improvements and fixes in addition to that.
60

61
= The deprecated `upload-script` feature was removed
62

63
The `upload-script` feature has been marked as deprecated for a very long time. In this release, it was completely removed, and it is no longer supported.
64

65
If you are using any of these capabilities:
66

67
* OpenID Connect Script Mapper
68
* Script Authenticator (Authentication Execution)
69
* JavaScript Policies
70

71
You should consider reading this https://www.keycloak.org/docs/latest/server_development/#_script_providers[documentation] in order to understand how to still rely
72
on these capabilities but deploying your scripts to the server rather than managing them through the management interfaces.
73

74
= Session limits
75

76
{project_name} now supports limits on the number of sessions a user can have. Limits can be placed at the realm level or at the client level.
77

78
For more details, see link:{adminguide_link}#_user_session_limits[{adminguide_name}].
79
Thanks to https://github.com/mfdewit[Mauro de Wit] for the contribution.
80

81
= SAML ECP Profile is disabled by default
82

83
To mitigate the risk of abusing SAML ECP Profile, {project_name} now blocks
84
this flow for all SAML clients that do not allow it explicitly. The profile
85
can be enabled using _Allow ECP Flow_ flag within client configuration,
86
see  link:{adminguide_link}#_client-saml-configuration[{adminguide_name}].
87

88
= Quarkus distribution
89

90
== Import realms at startup
91

92
The {project_name} Quarkus distribution now supports importing your realms directly at start-up. For more information, check the corresponding https://www.keycloak.org/server/importExport[guide].
93

94
== JSON and File Logging improvements
95

96
The {project_name} Quarkus distribution now initially supports logging to a File and logging structured data using JSON.
97

98
For more information on the improvements, check the corresponding https://www.keycloak.org/server/logging[Logging] {section}.
99

100
=== Environment variable expansion for values in keycloak.conf
101

102
The {project_name} Quarkus distribution now supports expanding values in keycloak.conf from environment variables.
103

104
For more information, check the corresponding https://www.keycloak.org/server/configuration[guide].
105

106
== New Option db-url-port
107

108
You can now change the port of your jdbc connection string explicitly by setting the new `db-url-port` configuration option. As for the other convenience options, this option will be overridden by the value of a full `db-url`, if set.
109

110
== Split metrics-enabled option into health-enabled and metrics-enabled
111
The `metrics-enabled` option now only enables the metrics for {project_name}. To enable the readiness and liveness probe, there's the new build option `health-enabled`. This allows more fine-grained usage of these options.
112

113
= Other improvements
114

115
* Account console alignments with latest PatternFly release.
116
* Support for encrypted User Info endpoint response. Thanks to https://github.com/giacomoa[Giacomo Altiero]
117
* Support for the algorithm RSA-OAEP with A256GCM used for encryption keys. Thanks to https://github.com/fbrissi[Filipe Bojikian Rissi]
118
* Support for login with GitHub Enterprise server. Thanks to https://github.com/nngo[Neon Ngo]
119

Использование cookies

Мы используем файлы cookie в соответствии с Политикой конфиденциальности и Политикой использования cookies.

Нажимая кнопку «Принимаю», Вы даете АО «СберТех» согласие на обработку Ваших персональных данных в целях совершенствования нашего веб-сайта и Сервиса GitVerse, а также повышения удобства их использования.

Запретить использование cookies Вы можете самостоятельно в настройках Вашего браузера.