task: remove hostname v1 (keycloak#32352)

closes: keycloak#27731

Signed-off-by: Steve Hawkins <[email protected]>

common/src/main/java/org/keycloak/common/Profile.java

@@ -108,7 +108,6 @@ public enum Feature {
 
         CLIENT_TYPES("Client Types", Type.EXPERIMENTAL),
 
-        HOSTNAME_V1("Hostname Options V1", Type.DEPRECATED, 1),
         HOSTNAME_V2("Hostname Options V2", Type.DEFAULT, 2),
 
         PERSISTENT_USER_SESSIONS("Persistent online user sessions across restarts and upgrades", Type.DEFAULT),

common/src/test/java/org/keycloak/common/ProfileTest.java

@@ -31,7 +31,7 @@ public class ProfileTest {
     private static final Profile.Feature DISABLED_BY_DEFAULT_FEATURE = Profile.Feature.DOCKER;
     private static final Profile.Feature PREVIEW_FEATURE = Profile.Feature.ADMIN_FINE_GRAINED_AUTHZ;
     private static final Profile.Feature EXPERIMENTAL_FEATURE = Profile.Feature.DYNAMIC_SCOPES;
-    private static Profile.Feature DEPRECATED_FEATURE = Profile.Feature.HOSTNAME_V1;
+    private static Profile.Feature DEPRECATED_FEATURE = Profile.Feature.LOGIN1;
 
     @Rule
     public TemporaryFolder temporaryFolder = new TemporaryFolder();

docs/documentation/release_notes/topics/26_0_0.adoc

@@ -130,6 +130,14 @@ not recommended at all in production deployments of Keycloak, it is fairly frequ
 of `localhost`. As an alternative to the `_LEGACY` cookies Keycloak now doesn't set the `secure` flag and sets `SameSite=Lax`
 instead of `SameSite=None` when it detects an insecure context is used.
 
+= Hostname v1 feature removed
+
+The deprecated hostname v1 feature was removed. This feature was deprecated in {project_name} 25 and replaced by hostname v2. If you are still using this feature, you must migrate to hostname v2. For more details, see the https://www.keycloak.org/server/hostname[Configuring the hostname (v2)] and https://www.keycloak.org/docs/latest/upgrading/#new-hostname-options[the initial migration guide].
+
+= Proxy option removed
+
+The deprecated `proxy` option was removed. This option was deprecated in {project_name} 24 and replaced by the `proxy-headers` option in combination with hostname options as needed. For more details, see https://www.keycloak.org/server/reverseproxy[using a reverse proxy] and https://www.keycloak.org/docs/latest/upgrading/index.html#deprecated-proxy-option[the initial migration guide].
+
 = Property `origin` in the `UserRepresentation` is deprecated
 
 The `origin` property in the `UserRepresentation` is deprecated and planned to be removed in future releases.

docs/documentation/upgrading/topics/changes/changes-26_0_0.adoc

@@ -183,3 +183,11 @@ Additionally, the following resources have been removed from the `common` theme:
 - `node_modules/jquery`
 
 If you previously used any of the removed resources in your theme, make sure to add them to your own theme resources instead.
+
+= Hostname v1 feature removed
+
+The deprecated hostname v1 feature was removed. This feature was deprecated in {project_name} 25 and replaced by hostname v2. If you are still using this feature, you must migrate to hostname v2. For more details, see the https://www.keycloak.org/server/hostname[Configuring the hostname (v2)] and https://www.keycloak.org/docs/latest/upgrading/#new-hostname-options[the initial migration guide].
+
+= Proxy option removed
+
+The deprecated `proxy` option was removed. This option was deprecated in {project_name} 24 and replaced by the `proxy-headers` option in combination with hostname options as needed. For more details, see https://www.keycloak.org/server/reverseproxy[using a reverse proxy] and https://www.keycloak.org/docs/latest/upgrading/index.html#deprecated-proxy-option[the initial upgrading guide].

docs/guides/server/reverseproxy.adoc

@@ -31,31 +31,6 @@ NOTE: When using the `xforwarded` setting, the `X-Forwarded-Port` takes preceden
 
 NOTE: If the TLS connection is terminated at the reverse proxy (edge termination), enabling HTTP through the ‘http-enabled’ setting is required.
 
-== Proxy modes (deprecated)
-NOTE: The support for setting proxy modes is deprecated and will be removed in a future {project_name} release. Consider configuring accepted reverse proxy headers instead as described in the chapter above. For migration instructions consult the https://www.keycloak.org/docs/latest/upgrading/index.html#deprecated-proxy-option[Upgrading Guide].
-
-For {project_name}, your choice of proxy modes depends on the TLS termination in your environment. The following proxy modes are available:
-
-edge:: Enables communication through HTTP between the proxy and {project_name}.
-This mode is suitable for deployments with a highly secure internal network where the reverse proxy keeps a secure connection (HTTP over TLS) with clients while communicating with {project_name} using HTTP.
-
-reencrypt:: Requires communication through HTTPS between the proxy and {project_name}.
-This mode is suitable for deployments where internal communication between the reverse proxy and {project_name} should also be protected.
-Different keys and certificates are used on the reverse proxy as well as on {project_name}.
-
-passthrough:: The proxy forwards the HTTPS connection to {project_name} without terminating TLS.
-The secure connections between the server and clients are based on the keys and certificates used by the {project_name} server.
-
-When in **edge** or **reencrypt** proxy mode, {project_name} will parse the following headers and expects the reverse proxy to set them:
-
-* `Forwarded` as per https://www.rfc-editor.org/rfc/rfc7239.html[RFC7239]
-* Non-standard `X-Forwarded-*`, such as `X-Forwarded-For`, `X-Forwarded-Proto`, `X-Forwarded-Host`, and `X-Forwarded-Port`
-
-=== Configure the proxy mode in {project_name}
-To select the proxy mode, enter this command:
-
-<@kc.start parameters="--proxy <mode>"/>
-
 == Different context-path on reverse proxy
 
 {project_name} assumes it is exposed through the reverse proxy under the same context path as {project_name} is configured for. By default {project_name} is exposed through the root (`/`), which means it expects to be exposed through the reverse proxy on `/` as well.