Chapter 5. Profiles
There are features in Red Hat Single Sign-On that are not enabled by default, these include features that are not fully supported. In addition there are some features that are enabled by default, but that can be disabled.
The features that can be enabled and disabled are:
| Name | Description | Enabled by default | Support level |
|---|---|---|---|
| account2 | New Account Management Console | Yes | Supported |
| account_api | Account Management REST API | Yes | Supported |
| admin_fine_grained_authz | Fine-Grained Admin Permissions | No | Preview |
| ciba | OpenID Connect Client Initiated Backchannel Authentication (CIBA) | Yes | Supported |
| client_policies | Add client configuration policies | Yes | Supported |
| client_secret_rotation | Enables client secret rotation for confidential clients | Yes | Preview |
| par | OAuth 2.0 Pushed Authorization Requests (PAR) | Yes | Supported |
| declarative_user_profile | Configure user profiles using a declarative style | No | Preview |
| docker | Docker Registry protocol | No | Supported |
| impersonation | Ability for admins to impersonate users | Yes | Supported |
| openshift_integration | Extension to enable securing OpenShift | No | Preview |
| recovery_codes | Recovery codes for authentication | No | Preview |
| scripts | Write custom authenticators using JavaScript | No | Preview |
| step_up_authentication | Step-up authentication | Yes | Supported |
| token_exchange | Token Exchange Service | No | Preview |
| upload_scripts | Upload scripts | No | Deprecated |
| web_authn | W3C Web Authentication (WebAuthn) | Yes | Supported |
| update_email | Update Email Workflow | No | Preview |
To enable all preview features start the server with:
bin/standalone.sh|bat -Dkeycloak.profile=preview
You can set this permanently by creating the file standalone/configuration/profile.properties (or domain/servers/server-one/configuration/profile.properties for server-one in domain mode). Add the following to the file:
profile=preview
To enable a specific feature start the server with:
bin/standalone.sh|bat -Dkeycloak.profile.feature.<feature name>=enabled
For example to enable Docker use -Dkeycloak.profile.feature.docker=enabled.
You can set this permanently in the profile.properties file by adding:
feature.docker=enabled
To disable a specific feature start the server with:
bin/standalone.sh|bat -Dkeycloak.profile.feature.<feature name>=disabled
For example to disable Impersonation use -Dkeycloak.profile.feature.impersonation=disabled.
You can set this permanently in the profile.properties file by adding:
feature.impersonation=disabled
