bin/kc.[sh|bat] build --features="<name>[,<name>]"
Keycloak has packed some functionality in features, including some disabled features, such as Technology Preview and deprecated features. Other features are enabled by default, but you can disable them if they do not apply to your use of Keycloak.
Some supported features, and all preview features, are disabled by default. To enable a feature, enter this command:
bin/kc.[sh|bat] build --features="<name>[,<name>]"
For example, to enable docker
and token-exchange
, enter this command:
bin/kc.[sh|bat] build --features="docker,token-exchange"
To enable all preview features, enter this command:
bin/kc.[sh|bat] build --features="preview"
Enabled feature may be versioned, or unversioned. If you use a versioned feature name, e.g. feature:v1, that exact feature version will be enabled as long as it still exists in the runtime. If you instead use an unversioned name, e.g. just feature, the selection of the particular supported feature version may change from release to release according to the following precedence:
The highest default supported version
The highest non-default supported version
The highest deprecated version
The highest preview version
The highest experimental version
To disable a feature that is enabled by default, enter this command:
bin/kc.[sh|bat] build --features-disabled="<name>[,<name>]"
For example to disable impersonation
, enter this command:
bin/kc.[sh|bat] build --features-disabled="impersonation"
It is not allowed to have a feature in both the features-disabled
list and the features
list.
When a feature is disabled all versions of that feature are disabled.
The following list contains supported features that are enabled by default, and can be disabled if not needed.
Account Management REST API
Account Console version 3
Admin API
New Admin Console
Authorization Service
OpenID Connect Client Initiated Backchannel Authentication (CIBA)
Client configuration policies
OAuth 2.0 Device Authorization Grant
Hostname Options V2
Ability for admins to impersonate users
Kerberos
New Login Theme
Organization support within realms
OAuth 2.0 Pushed Authorization Requests (PAR)
Persistent online user sessions across restarts and upgrades
Step-up Authentication
W3C Web Authentication (WebAuthn)
The following list contains supported features that are disabled by default, and can be enabled if needed.
Docker Registry protocol
FIPS 140-2 mode
Multi-site support
Preview features are disabled by default and are not recommended for use in production. These features may change or be removed at a future release.
Fine-Grained Admin Permissions
Client Secret Rotation
OAuth 2.0 Demonstrating Proof-of-Possession at the Application Layer
OpenTelemetry Tracing
Passkeys
Recovery codes
Write custom authenticators using JavaScript
Token Exchange Service
Update Email Action
Collect metrics based on user events
The following list contains deprecated features that will be removed in a future release. These features are disabled by default.
Legacy Login Theme
Value | |
---|---|
|
|
|
|