Menu Close
Settings Close

Language and Page Formatting Options

Chapter 5. Profiles

There are features in Red Hat Single Sign-On that are not enabled by default, these include features that are not fully supported. In addition there are some features that are enabled by default, but that can be disabled.

The features that can be enabled and disabled are:

NameDescriptionEnabled by defaultSupport level

account2

New Account Management Console

Yes

Supported

account_api

Account Management REST API

Yes

Supported

admin_fine_grained_authz

Fine-Grained Admin Permissions

No

Preview

ciba

OpenID Connect Client Initiated Backchannel Authentication (CIBA)

Yes

Supported

client_policies

Add client configuration policies

Yes

Supported

client_secret_rotation

Enables client secret rotation for confidential clients

Yes

Preview

par

OAuth 2.0 Pushed Authorization Requests (PAR)

Yes

Supported

declarative_user_profile

Configure user profiles using a declarative style

No

Preview

docker

Docker Registry protocol

No

Supported

impersonation

Ability for admins to impersonate users

Yes

Supported

openshift_integration

Extension to enable securing OpenShift

No

Preview

recovery_codes

Recovery codes for authentication

No

Preview

scripts

Write custom authenticators using JavaScript

No

Preview

step_up_authentication

Step-up authentication

Yes

Supported

token_exchange

Token Exchange Service

No

Preview

upload_scripts

Upload scripts

No

Deprecated

web_authn

W3C Web Authentication (WebAuthn)

Yes

Supported

update_email

Update Email Workflow

No

Preview

To enable all preview features start the server with:

bin/standalone.sh|bat -Dkeycloak.profile=preview

You can set this permanently by creating the file standalone/configuration/profile.properties (or domain/servers/server-one/configuration/profile.properties for server-one in domain mode). Add the following to the file:

profile=preview

To enable a specific feature start the server with:

bin/standalone.sh|bat -Dkeycloak.profile.feature.<feature name>=enabled

For example to enable Docker use -Dkeycloak.profile.feature.docker=enabled.

You can set this permanently in the profile.properties file by adding:

feature.docker=enabled

To disable a specific feature start the server with:

bin/standalone.sh|bat -Dkeycloak.profile.feature.<feature name>=disabled

For example to disable Impersonation use -Dkeycloak.profile.feature.impersonation=disabled.

You can set this permanently in the profile.properties file by adding:

feature.impersonation=disabled