Chapter 5. Profiles
There are features in Red Hat Single Sign-On that are not enabled by default, these include features that are not fully supported. In addition there are some features that are enabled by default, but that can be disabled.
The features that can be enabled and disabled are:
Name | Description | Enabled by default | Support level |
---|---|---|---|
account2 | New Account Management Console | No | Preview |
account_api | Account Management REST API | No | Preview |
admin_fine_grained_authz | Fine-Grained Admin Permissions | No | Preview |
docker | Docker Registry protocol | No | Supported |
impersonation | Ability for admins to impersonate users | Yes | Supported |
openshift_integration | Extension to enable securing OpenShift | No | Preview |
scripts | Write custom authenticators using JavaScript | No | Preview |
token_exchange | Token Exchange Service | No | Preview |
upload_scripts | Upload scripts through the Red Hat Single Sign-On REST API | No | Deprecated |
web_authn | W3C Web Authentication (WebAuthn) | No | Preview |
To enable all preview features start the server with:
bin/standalone.sh|bat -Dkeycloak.profile=preview
You can set this permanently by creating the file standalone/configuration/profile.properties
(or domain/servers/server-one/configuration/profile.properties
for server-one
in domain mode). Add the following to the file:
profile=preview
To enable a specific feature start the server with:
bin/standalone.sh|bat -Dkeycloak.profile.feature.<feature name>=enabled
For example to enable Docker use -Dkeycloak.profile.feature.docker=enabled
.
You can set this permanently in the profile.properties
file by adding:
feature.docker=enabled
To disable a specific feature start the server with:
bin/standalone.sh|bat -Dkeycloak.profile.feature.<feature name>=disabled
For example to disable Impersonation use -Dkeycloak.profile.feature.impersonation=disabled
.
You can set this permanently in the profile.properties
file by adding:
feature.impersonation=disabled