Chapter 5. Profiles

Red Hat Single Sign-On has two profiles, product and preview. The product profile is enabled by default, which disables some tech preview features. To enable the features you can either switch to the preview profile or enable individual features.

To enable the preview profile start the server with:

bin/standalone.sh|bat -Dkeycloak.profile=preview

You can set this permanently by creating the file standalone/configuration/profile.properties (or domain/servers/server-one/configuration/profile.properties for server-one in domain mode). Add the following to the file:

profile=preview

The features that can be enabled and disabled are:

NameDescriptionEnabled by default

authorization

Authorization Services

No

docker

Docker Registry protocol

No

impersonation

Ability for admins to impersonate users

Yes

script

Write custom authenticators using JavaScript

No

To enable a specific feature start the server with:

bin/standalone.sh|bat -Dkeycloak.profile.feature.<feature name>=enabled

For example to enable Docker use -Dkeycloak.profile.feature.docker=enabled.

To disable a specific feature start the server with:

bin/standalone.sh|bat -Dkeycloak.profile.feature.<feature name>=disabled

For example to disable Impersonation use -Dkeycloak.profile.feature.impersonation=disabled.

You can set this permanently in the profile.properties file by adding:

feature.impersonation=disabled

To enable a specific feature without enabling the full preview profile you can start the server with:

bin/standalone.sh|bat -Dkeycloak.profile.feature.<feature name>=enabled`

For example to enable Authorization Services use -Dkeycloak.profile.feature.authorization=enabled.

You can set this permanently in the profile.properties file by adding:

feature.authorization=enabled