Chapter 11. Enabling and disabling features
Red Hat build of Keycloak has packed some functionality in features, including some disabled features, such as Technology Preview and deprecated features. Other features are enabled by default, but you can disable them if they do not apply to your use of Red Hat build of Keycloak.
11.1. Enabling features
Some supported features, and all preview features, are disabled by default. To enable a feature, enter this command:
bin/kc.[sh|bat] build --features="<name>[,<name>]"
For example, to enable docker and token-exchange, enter this command:
bin/kc.[sh|bat] build --features="docker,token-exchange"
To enable all preview features, enter this command:
bin/kc.[sh|bat] build --features="preview"
11.2. Disabling features
To disable a feature that is enabled by default, enter this command:
bin/kc.[sh|bat] build --features-disabled="<name>[,<name>]"
For example to disable impersonation, enter this command:
bin/kc.[sh|bat] build --features-disabled="impersonation"
You can disable all default features by entering this command:
bin/kc.[sh|bat] build --features-disabled="default"
This command can be used in combination with features to explicitly set what features should be available. If a feature is added both to the features-disabled list and the features list, it will be enabled.
11.3. Supported features
The following list contains supported features that are enabled by default, and can be disabled if not needed.
- account-api
- Account Management REST API
- account2
- Account Management Console version 2
- admin-api
- Admin API
- admin2
- New Admin Console
- authorization
- Authorization Service
- ciba
- OpenID Connect Client Initiated Backchannel Authentication (CIBA)
- client-policies
- Client configuration policies
- impersonation
- Ability for admins to impersonate users
- js-adapter
- Host keycloak.js and keycloak-authz.js through the Keycloak server
- kerberos
- Kerberos
- par
- OAuth 2.0 Pushed Authorization Requests (PAR)
- step-up-authentication
- Step-up Authentication
- web-authn
- W3C Web Authentication (WebAuthn)
11.3.1. Disabled by default
The following list contains supported features that are disabled by default, and can be enabled if needed.
- docker
- Docker Registry protocol
- fips
- FIPS 140-2 mode
11.4. Preview features
Preview features are disabled by default and are not recommended for use in production. These features may change or be removed at a future release.
- account3
- Account Management Console version 3
- admin-fine-grained-authz
- Fine-Grained Admin Permissions
- client-secret-rotation
- Client Secret Rotation
- declarative-user-profile
- Configure user profiles using a declarative style
- multi-site
- Multi-site support
- recovery-codes
- Recovery codes
- scripts
- Write custom authenticators using JavaScript
- token-exchange
- Token Exchange Service
- update-email
- Update Email Action
11.5. Deprecated features
The following list contains deprecated features that will be removed in a future release. These features are disabled by default.
- linkedin-oauth
- LinkedIn Social Identity Provider based on OAuth
11.6. Relevant options
| Value | |
|---|---|
| 🛠
CLI: |
|
| 🛠
CLI: |
|
