diff --git a/docs/documentation/server_admin/topics/authentication/password-policies.adoc b/docs/documentation/server_admin/topics/authentication/password-policies.adoc index 5e3589d0ae3..314d6b040b4 100644 --- a/docs/documentation/server_admin/topics/authentication/password-policies.adoc +++ b/docs/documentation/server_admin/topics/authentication/password-policies.adoc @@ -51,7 +51,7 @@ Supported password hashing algorithms are shown in the following table. It is highly recommended to use Argon2 when possible as it has significantly less CPU requirements compared to PBKDF2, while at the same time being more secure. -The default password hashing algorithm for the server can be configured with `--spi-password-hashing--provider-default=`. +The default password hashing algorithm for the server can be configured with `+--spi-password-hashing--provider-default=+`. To prevent excessive memory and CPU usage, the parallel computation of hashes by Argon2 is by default limited to the number of cores available to the JVM. To configure the Argon2 hashing provider, use its provider options. @@ -141,14 +141,14 @@ Password must not be in a blacklist file. * The value of the blacklist file must be the name of the blacklist file, for example, `100k_passwords.txt`. * Blacklist files resolve against `+${kc.home.dir}/data/password-blacklists/+` by default. Customize this path using: ** The `keycloak.password.blacklists.path` system property. -** The `blacklistsPath` property of the `passwordBlacklist` policy SPI configuration. To configure the blacklist folder using the CLI, use `--spi-password-policy--password-blacklist--blacklists-path=/path/to/blacklistsFolder`. +** The `blacklistsPath` property of the `passwordBlacklist` policy SPI configuration. To configure the blacklist folder using the CLI, use `+--spi-password-policy--password-blacklist--blacklists-path=/path/to/blacklistsFolder+`. .A note about False Positives The current implementation uses a BloomFilter for fast and memory efficient containment checks, such as whether a given password is contained in a blacklist, with the possibility for false positives. * By default a false positive probability of `0.01%` is used. -* To change the false positive probability by CLI configuration, use `--spi-password-policy--password-blacklist--false-positive-probability=0.00001`. +* To change the false positive probability by CLI configuration, use `+--spi-password-policy--password-blacklist--false-positive-probability=0.00001+`. [[maximum-authentication-age]] ===== Maximum Authentication Age diff --git a/docs/documentation/server_admin/topics/events/admin.adoc b/docs/documentation/server_admin/topics/events/admin.adoc index 0461946e3c7..e2295c6a354 100644 --- a/docs/documentation/server_admin/topics/events/admin.adoc +++ b/docs/documentation/server_admin/topics/events/admin.adoc @@ -1,4 +1,4 @@ - + === Auditing admin events You can record all actions that are performed by an administrator in the Admin Console. The Admin Console performs administrative actions by invoking the {project_name} REST interface and {project_name} audits these REST invocations. You can view the resulting events in the Admin Console. @@ -35,9 +35,9 @@ You can now view admin events. .Admin events image:images/admin-events.png[Admin events] -When the `Include Representation` switch is ON, it can lead to storing a lot of information in the database. You can set a maximum length of the representation by using the `--spi-events-store--jpa--max-field-length` argument. This setting is useful if you want to adhere to the underlying storage limitation. For example: +When the `Include Representation` switch is ON, it can lead to storing a lot of information in the database. You can set a maximum length of the representation by using the `+--spi-events-store--jpa--max-field-length+` argument. This setting is useful if you want to adhere to the underlying storage limitation. For example: [source,bash] ---- kc.[sh|bat] --spi-events-store--jpa--max-field-length=2500 ----- \ No newline at end of file +---- diff --git a/docs/documentation/server_admin/topics/events/login.adoc b/docs/documentation/server_admin/topics/events/login.adoc index 0d6762ed59b..7b40a02a04c 100644 --- a/docs/documentation/server_admin/topics/events/login.adoc +++ b/docs/documentation/server_admin/topics/events/login.adoc @@ -226,7 +226,7 @@ To enable the Email Listener: .Event listeners image:images/event-listeners.png[Event listeners] -You can exclude events by using the `--spi-events-listener--email--exclude-events` argument. For example: +You can exclude events by using the `+--spi-events-listener--email--exclude-events+` argument. For example: [source,bash] ---- diff --git a/docs/documentation/server_admin/topics/roles-groups/proc-managing-groups.adoc b/docs/documentation/server_admin/topics/roles-groups/proc-managing-groups.adoc index 7a5867a51be..bee710386a2 100644 --- a/docs/documentation/server_admin/topics/roles-groups/proc-managing-groups.adoc +++ b/docs/documentation/server_admin/topics/roles-groups/proc-managing-groups.adoc @@ -14,14 +14,14 @@ If you have a parent group and a child group, and a user that belongs only to th The hierarchy of a group is sometimes represented using the group path. The path is the complete list of names that represents the hierarchy of a specific group, from top to bottom and separated by slashes `/` (similar to files in a File System). For example a path can be `/top/level1/level2` which means that `top` is a top level group and is parent of `level1`, which in turn is parent of `level2`. This path represents unambiguously the hierarchy for the group `level2`. -Because of historical reasons {project_name}, does not escape slashes in the group name itself. Therefore a group named `level1/group` under `top` uses the path `/top/level1/group`, which is misleading. {project_name} can be started with the option `--spi-group--jpa--escape-slashes-in-group-path` to `true` and then the slashes in the name are escaped with the character `~`. The escape char marks that the slash is part of the name and has no hierarchical meaning. The previous path example would be `/top/level1~/group` when escaped. +Because of historical reasons {project_name}, does not escape slashes in the group name itself. Therefore a group named `level1/group` under `top` uses the path `/top/level1/group`, which is misleading. {project_name} can be started with the option `+--spi-group--jpa--escape-slashes-in-group-path+` to `true` and then the slashes in the name are escaped with the character `~`. The escape char marks that the slash is part of the name and has no hierarchical meaning. The previous path example would be `/top/level1~/group` when escaped. [source,bash] ---- bin/kc.[sh|bat] start --spi-group--jpa--escape-slashes-in-group-path=true ---- -The following example includes a top-level *Sales* group and a child *North America* subgroup. +The following example includes a top-level *Sales* group and a child *North America* subgroup. To add a group: diff --git a/docs/documentation/server_admin/topics/threat/read-only-attributes.adoc b/docs/documentation/server_admin/topics/threat/read-only-attributes.adoc index e6c7de36b32..442acc455f6 100644 --- a/docs/documentation/server_admin/topics/threat/read-only-attributes.adoc +++ b/docs/documentation/server_admin/topics/threat/read-only-attributes.adoc @@ -29,7 +29,7 @@ This is the list of the read-only attributes, which are used internally by the { System administrators have a way to add additional attributes to this list. The configuration is currently available at the server level. -You can add this configuration by using the `spi-user-profile--declarative-user-profile--read-only-attributes` and `spi-user-profile--declarative-user-profile--admin-read-only-attributes` options. For example: +You can add this configuration by using the `+spi-user-profile--declarative-user-profile--read-only-attributes+` and `+spi-user-profile--declarative-user-profile--admin-read-only-attributes+` options. For example: [source,bash,options="nowrap"] ---- diff --git a/docs/documentation/server_development/topics/themes.adoc b/docs/documentation/server_development/topics/themes.adoc index d52feea014b..7a39df3a97d 100644 --- a/docs/documentation/server_development/topics/themes.adoc +++ b/docs/documentation/server_development/topics/themes.adoc @@ -32,7 +32,7 @@ NOTE: To set the theme for the `master` Admin Console you need to set the Admin + . To see the changes to the Admin Console refresh the page. -. Change the welcome theme by using the `spi-theme--welcome-theme` option. +. Change the welcome theme by using the welcome-theme` option. . For example: + diff --git a/docs/documentation/upgrading/topics/changes/changes-26_3_0.adoc b/docs/documentation/upgrading/topics/changes/changes-26_3_0.adoc index 8fe4666ed4b..42d0fafe64f 100644 --- a/docs/documentation/upgrading/topics/changes/changes-26_3_0.adoc +++ b/docs/documentation/upgrading/topics/changes/changes-26_3_0.adoc @@ -129,7 +129,7 @@ To resolve this ambiguity, and any potential ambiguity involving SPI and provide An SPI property ending in `-enabled`, `-provider-default`, or `-provider` should use the new format or else a warning will be emitted. For example `spi-----enabled` will be recognized as a build-time option without a warning. -For instance, the correct way to reference your custom email template is: `--spi-email-template--mycustomprovider--enabled` (not `--spi-email-template-mycustomprovider-enabled`). +For instance, the correct way to reference your custom email template is: `+--spi-email-template--mycustomprovider--enabled+` (not `+--spi-email-template-mycustomprovider-enabled+`). Options using the legacy format and ending in `-enabled`, `-provider-default`, or `-provider` will still be treated as a build-time option, but may not be in future releases. diff --git a/docs/guides/observability/metrics-for-troubleshooting-keycloak.adoc b/docs/guides/observability/metrics-for-troubleshooting-keycloak.adoc index 2fd4b7416af..1ac49f974ac 100644 --- a/docs/guides/observability/metrics-for-troubleshooting-keycloak.adoc +++ b/docs/guides/observability/metrics-for-troubleshooting-keycloak.adoc @@ -73,7 +73,7 @@ Possible values: -- ==== -To configure what tags are available provide a comma-separated list of tag names to the following option `spi-credential--keycloak-password--validations-counter-tags`. +To configure what tags are available provide a comma-separated list of tag names to the following option `+spi-credential--keycloak-password--validations-counter-tags+`. By default, all tags are enabled. The snippet below is an example of a response provided by the metric endpoint: diff --git a/docs/guides/server/caching.adoc b/docs/guides/server/caching.adoc index 10028c091d4..bc2c1dfd727 100644 --- a/docs/guides/server/caching.adoc +++ b/docs/guides/server/caching.adoc @@ -143,7 +143,7 @@ When using volatile user sessions, the cache is the source of truth for user and [WARNING] ==== It is not recommended to use volatile user sessions when using offline sessions extensively due to potentially high memory usage. -For volatile sessions, the time offline sessions are cached in memory can be limited with the SPI options `spi-user-sessions--infinispan--offline-client-session-cache-entry-lifespan-override` and `spi-user-sessions--infinispan--offline-session-cache-entry-lifespan-override`. +For volatile sessions, the time offline sessions are cached in memory can be limited with the SPI options `+spi-user-sessions--infinispan--offline-client-session-cache-entry-lifespan-override+` and `+spi-user-sessions--infinispan--offline-session-cache-entry-lifespan-override+`. ==== Follow these steps to enable this setup: diff --git a/docs/guides/ui-customization/themes.adoc b/docs/guides/ui-customization/themes.adoc index a7cf860db92..98a57951a71 100644 --- a/docs/guides/ui-customization/themes.adoc +++ b/docs/guides/ui-customization/themes.adoc @@ -36,7 +36,7 @@ NOTE: To set the theme for the `master` Admin Console you need to set the Admin + . To see the changes to the Admin Console refresh the page. -. Change the welcome theme by using the `spi-theme--welcome-theme` option. +. Change the welcome theme by using the `+spi-theme--welcome-theme+` option. . For example: + diff --git a/docs/guides/ui-customization/welcome-theme.adoc b/docs/guides/ui-customization/welcome-theme.adoc index 473fddfe6c2..78970bed048 100644 --- a/docs/guides/ui-customization/welcome-theme.adoc +++ b/docs/guides/ui-customization/welcome-theme.adoc @@ -12,9 +12,9 @@ By default, the welcome theme is only used to create the initial temporary admin Since the welcome theme is not associated with a realm, it cannot be selected in the admin console like other themes. -To change the welcome theme, create and deploy a new welcome theme as described in <<_creating-a-theme,Creating a theme>>. Then, start the {project_name} server using the `spi-theme--welcome-theme` option. +To change the welcome theme, create and deploy a new welcome theme as described in <<_creating-a-theme,Creating a theme>>. Then, start the {project_name} server using the `+spi-theme--welcome-theme+` option. [source,bash] ---- bin/kc.[sh|bat] start --spi-theme--welcome-theme=custom-theme ---- - \ No newline at end of file +