Identity Config 0.5.1

These notes preserve manual upgrade steps from older UDS Identity Config versions. Use them when supporting an older UDS Core deployment that may have skipped a historical Keycloak realm change.

Note

These notes are not the source of truth for current supported releases. For current upgrade procedures, start with the Upgrade Overview, then review Release Notes and Upgrade Keycloak realm configuration.

User managed attributes

UDS Identity Config v0.5.1 used Keycloak User Managed Attributes, which require Keycloak 24 or later.

To update user managed attributes manually:

1. In Realm settings > General, turn User-managed access off.
2. Set Unmanaged attributes to Only administrators can write.
3. Go to User profile.
4. Select the JSON editor tab.
5. Copy the user attribute definition from the v0.5.1 realm.json.
6. Click Save.

STIG password and session rules

This version also incorporated STIG password and session rules based on the Elasticsearch 8.0 hardening guides:

• Passwords expire after 60 days.
• Password complexity requires 2 special characters, 1 digit, 1 lowercase character, 1 uppercase character, and 15 characters minimum.
• IDP session idle timeout is 10 minutes.
• Maximum login attempts is 3.

Related documentation

• Legacy upgrade notes - preserved manual steps for older Identity Config versions
• Upgrade Keycloak realm configuration - current guidance for manual Keycloak realm changes