Dieser Inhalt ist in der von Ihnen ausgewählten Sprache nicht verfügbar.

Chapter 14. Enabling and disabling features


Red Hat build of Keycloak has packed some functionality in features, including some disabled features, such as Technology Preview and deprecated features. Other features are enabled by default, but you can disable them if they do not apply to your use of Red Hat build of Keycloak.

14.1. Enabling features

Some supported features, and all preview features, are disabled by default. To enable a feature, enter this command:

bin/kc.[sh|bat] build --features="<name>[,<name>]"

For example, to enable docker and token-exchange, enter this command:

bin/kc.[sh|bat] build --features="docker,token-exchange"

To enable all preview features, enter this command:

bin/kc.[sh|bat] build --features="preview"

Enabled feature may be versioned, or unversioned. If you use a versioned feature name, e.g. feature:v1, that exact feature version will be enabled as long as it still exists in the runtime. If you instead use an unversioned name, e.g. just feature, the selection of the particular supported feature version may change from release to release according to the following precedence:

  1. The highest default supported version
  2. The highest non-default supported version
  3. The highest deprecated version
  4. The highest preview version
  5. The highest experimental version

14.2. Disabling features

To disable a feature that is enabled by default, enter this command:

bin/kc.[sh|bat] build --features-disabled="<name>[,<name>]"

For example to disable impersonation, enter this command:

bin/kc.[sh|bat] build --features-disabled="impersonation"

It is not allowed to have a feature in both the features-disabled list and the features list.

When a feature is disabled all versions of that feature are disabled.

14.3. Supported features

The following list contains supported features that are enabled by default, and can be disabled if not needed.

account-api
Account Management REST API
account-v3
Account Console version 3
admin-api
Admin API
admin-v2
New Admin Console
authorization
Authorization Service
ciba
OpenID Connect Client Initiated Backchannel Authentication (CIBA)
client-policies
Client configuration policies
device-flow
OAuth 2.0 Device Authorization Grant
hostname-v2
Hostname Options V2
impersonation
Ability for admins to impersonate users
kerberos
Kerberos
login-v2
New Login Theme
organization
Organization support within realms
par
OAuth 2.0 Pushed Authorization Requests (PAR)
persistent-user-sessions
Persistent online user sessions across restarts and upgrades
step-up-authentication
Step-up Authentication
web-authn
W3C Web Authentication (WebAuthn)

14.3.1. Disabled by default

The following list contains supported features that are disabled by default, and can be enabled if needed.

docker
Docker Registry protocol
fips
FIPS 140-2 mode
multi-site
Multi-site support

14.4. Preview features

Preview features are disabled by default and are not recommended for use in production. These features may change or be removed at a future release.

admin-fine-grained-authz
Fine-Grained Admin Permissions
client-secret-rotation
Client Secret Rotation
dpop
OAuth 2.0 Demonstrating Proof-of-Possession at the Application Layer
opentelemetry
OpenTelemetry Tracing
passkeys
Passkeys
recovery-codes
Recovery codes
scripts
Write custom authenticators using JavaScript
token-exchange
Token Exchange Service
update-email
Update Email Action

14.5. Deprecated features

The following list contains deprecated features that will be removed in a future release. These features are disabled by default.

login-v1
Legacy Login Theme

14.6. Relevant options

 Value

features 🛠

Enables a set of one or more features.

CLI: --features
Env: KC_FEATURES

account-api[:v1], account[:v3], admin-api[:v1], admin-fine-grained-authz[:v1], admin[:v2], authorization[:v1], cache-embedded-remote-store[:v1], ciba[:v1], client-policies[:v1], client-secret-rotation[:v1], client-types[:v1], clusterless[:v1], declarative-ui[:v1], device-flow[:v1], docker[:v1], dpop[:v1], dynamic-scopes[:v1], fips[:v1], hostname[:v2], impersonation[:v1], kerberos[:v1], login[:v2,v1], multi-site[:v1], oid4vc-vci[:v1], opentelemetry[:v1], organization[:v1], par[:v1], passkeys[:v1], persistent-user-sessions[:v1], preview, recovery-codes[:v1], scripts[:v1], step-up-authentication[:v1], token-exchange[:v1], transient-users[:v1], update-email[:v1], web-authn[:v1]

features-disabled 🛠

Disables a set of one or more features.

CLI: --features-disabled
Env: KC_FEATURES_DISABLED

account, account-api, admin, admin-api, admin-fine-grained-authz, authorization, cache-embedded-remote-store, ciba, client-policies, client-secret-rotation, client-types, clusterless, declarative-ui, device-flow, docker, dpop, dynamic-scopes, fips, impersonation, kerberos, login, multi-site, oid4vc-vci, opentelemetry, organization, par, passkeys, persistent-user-sessions, preview, recovery-codes, scripts, step-up-authentication, token-exchange, transient-users, update-email, web-authn

Red Hat logoGithubRedditYoutubeTwitter

Lernen

Testen, kaufen und verkaufen

Communitys

Über Red Hat Dokumentation

Wir helfen Red Hat Benutzern, mit unseren Produkten und Diensten innovativ zu sein und ihre Ziele zu erreichen – mit Inhalten, denen sie vertrauen können.

Mehr Inklusion in Open Source

Red Hat hat sich verpflichtet, problematische Sprache in unserem Code, unserer Dokumentation und unseren Web-Eigenschaften zu ersetzen. Weitere Einzelheiten finden Sie in Red Hat Blog.

Über Red Hat

Wir liefern gehärtete Lösungen, die es Unternehmen leichter machen, plattform- und umgebungsübergreifend zu arbeiten, vom zentralen Rechenzentrum bis zum Netzwerkrand.

© 2024 Red Hat, Inc.