Red Hat Summit Red Hat SummitSuporteConsoleDesenvolvedoresComeçar um testeContato

Este conteúdo não está disponível no idioma selecionado.

Chapter 14. Enabling and disabling features

Configure Red Hat build of Keycloak to use optional features.

Red Hat build of Keycloak has packed some functionality in features, including some disabled features, such as Technology Preview and deprecated features. Other features are enabled by default, but you can disable them if they do not apply to your use of Red Hat build of Keycloak.

14.1. Enabling features
Copiar o link

Some supported features, and all preview features, are disabled by default. To enable a feature, enter this command: 

bin/kc.[sh|bat] build --features="<name>[,<name>]"
Copy to Clipboard Toggle word wrap

For example, to enable docker and token-exchange, enter this command: 

bin/kc.[sh|bat] build --features="docker,token-exchange"
Copy to Clipboard Toggle word wrap

To enable all preview features, enter this command: 

bin/kc.[sh|bat] build --features="preview"
Copy to Clipboard Toggle word wrap

Enabled feature may be versioned, or unversioned. If you use a versioned feature name, e.g. feature:v1, that exact feature version will be enabled as long as it still exists in the runtime. If you instead use an unversioned name, e.g. just feature, the selection of the particular supported feature version may change from release to release according to the following precedence:

  1. The highest default supported version
  2. The highest non-default supported version
  3. The highest deprecated version
  4. The highest preview version
  5. The highest experimental version

14.2. Disabling features
Copiar o link

To disable a feature that is enabled by default, enter this command: 

bin/kc.[sh|bat] build --features-disabled="<name>[,<name>]"
Copy to Clipboard Toggle word wrap

For example to disable impersonation, enter this command: 

bin/kc.[sh|bat] build --features-disabled="impersonation"
Copy to Clipboard Toggle word wrap

It is not allowed to have a feature in both the features-disabled list and the features list.

When a feature is disabled all versions of that feature are disabled.

14.3. Supported features
Copiar o link

The following list contains supported features that are enabled by default, and can be disabled if not needed.

Expand
FeatureDescription

account-api:v1

Account Management REST API

account:v3

Account Console version 3

admin-api:v1

Admin API

admin-fine-grained-authz:v2

Fine-Grained Admin Permissions version 2

admin:v2

New Admin Console

authorization:v1

Authorization Service

ciba:v1

OpenID Connect Client Initiated Backchannel Authentication (CIBA)

client-policies:v1

Client configuration policies

device-flow:v1

OAuth 2.0 Device Authorization Grant

dpop:v1

OAuth 2.0 Demonstrating Proof-of-Possession at the Application Layer

hostname:v2

Hostname Options V2

impersonation:v1

Ability for admins to impersonate users

kerberos:v1

Kerberos

login:v2

New Login Theme

opentelemetry:v1

OpenTelemetry Tracing

organization:v1

Organization support within realms

par:v1

OAuth 2.0 Pushed Authorization Requests (PAR)

passkeys:v1

Passkeys

persistent-user-sessions:v1

Persistent online user sessions across restarts and upgrades

recovery-codes:v1

Recovery codes

rolling-updates:v1

Rolling Updates

step-up-authentication:v1

Step-up Authentication

token-exchange-standard:v2

Standard Token Exchange version 2

update-email:v1

Update Email Action

user-event-metrics:v1

Collect metrics based on user events

web-authn:v1

W3C Web Authentication (WebAuthn)

14.3.1. Disabled by default
Copiar o link

The following list contains supported features that are disabled by default, and can be enabled if needed.

Expand
FeatureDescription

docker:v1

Docker Registry protocol

fips:v1

FIPS 140-2 mode

multi-site:v1

Multi-site support

14.4. Preview features
Copiar o link

Preview features are disabled by default and are not recommended for use in production. These features may change or be removed at a future release.

Expand
FeatureDescription

admin-fine-grained-authz:v1

Fine-Grained Admin Permissions

client-auth-federated:v1

Authenticates client based on assertions issued by identity provider

client-secret-rotation:v1

Client Secret Rotation

log-mdc:v1

Mapped Diagnostic Context (MDC) information in logs

rolling-updates:v2

Rolling Updates for patch releases

scripts:v1

Write custom authenticators using JavaScript

spiffe:v1

SPIFFE trust relationship provider

token-exchange:v1

Token Exchange Service

14.5. Deprecated features
Copiar o link

The following list contains deprecated features that will be removed in a future release. These features are disabled by default.

Expand
FeatureDescription

instagram-broker:v1

Instagram Identity Broker

login:v1

Legacy Login Theme

logout-all-sessions:v1

Logout all sessions logs out only regular sessions

passkeys-conditional-ui-authenticator:v1

Passkeys conditional UI authenticator

14.6. Relevant options
Copiar o link

Expand
 Value

features 🛠

Enables a set of one or more features.

CLI: --features
Env: KC_FEATURES

account-api[:v1], account[:v3], admin-api[:v1], admin-fine-grained-authz[:v1,v2], admin[:v2], authorization[:v1], ciba[:v1], client-auth-federated[:v1], client-policies[:v1], client-secret-rotation[:v1], client-types[:v1], clusterless[:v1], db-tidb[:v1], declarative-ui[:v1], device-flow[:v1], docker[:v1], dpop[:v1], dynamic-scopes[:v1], fips[:v1], hostname[:v2], impersonation[:v1], instagram-broker[:v1], ipa-tuura-federation[:v1], kerberos[:v1], kubernetes-service-accounts[:v1], log-mdc[:v1], login[:v2,v1], logout-all-sessions[:v1], multi-site[:v1], oid4vc-vci[:v1], opentelemetry[:v1], organization[:v1], par[:v1], passkeys-conditional-ui-authenticator[:v1], passkeys[:v1], persistent-user-sessions[:v1], preview, quick-theme[:v1], recovery-codes[:v1], rolling-updates[:v1,v2], scripts[:v1], spiffe[:v1], step-up-authentication[:v1], token-exchange-external-internal[:v2], token-exchange-standard[:v2], token-exchange[:v1], transient-users[:v1], update-email[:v1], user-event-metrics[:v1], web-authn[:v1], workflows[:v1]

features-disabled 🛠

Disables a set of one or more features.

CLI: --features-disabled
Env: KC_FEATURES_DISABLED

account, account-api, admin, admin-api, admin-fine-grained-authz, authorization, ciba, client-auth-federated, client-policies, client-secret-rotation, client-types, clusterless, db-tidb, declarative-ui, device-flow, docker, dpop, dynamic-scopes, fips, impersonation, instagram-broker, ipa-tuura-federation, kerberos, kubernetes-service-accounts, log-mdc, login, logout-all-sessions, multi-site, oid4vc-vci, opentelemetry, organization, par, passkeys, passkeys-conditional-ui-authenticator, persistent-user-sessions, preview, quick-theme, recovery-codes, rolling-updates, scripts, spiffe, step-up-authentication, token-exchange, token-exchange-external-internal, token-exchange-standard, transient-users, update-email, user-event-metrics, web-authn, workflows

Voltar ao topo
Red Hat logoGithubredditYoutubeTwitter

Aprender

Experimente, compre e venda

Comunidades

Sobre a documentação da Red Hat

Ajudamos os usuários da Red Hat a inovar e atingir seus objetivos com nossos produtos e serviços com conteúdo em que podem confiar. Explore nossas atualizações recentes.

Tornando o open source mais inclusivo

A Red Hat está comprometida em substituir a linguagem problemática em nosso código, documentação e propriedades da web. Para mais detalhes veja o Blog da Red Hat.

Sobre a Red Hat

Fornecemos soluções robustas que facilitam o trabalho das empresas em plataformas e ambientes, desde o data center principal até a borda da rede.

Theme

© 2025 Red Hat