redis
diff --git a/‎content/operate/oss_and_stack/stack-with-enterprise/install/_index.md‎
Lines changed: 1 addition & 1 deletion b/‎content/operate/oss_and_stack/stack-with-enterprise/install/_index.md‎
Lines changed: 1 addition & 1 deletion
diff --git a/‎content/operate/oss_and_stack/stack-with-enterprise/install/add-module-to-cluster.md‎
Lines changed: 246 additions & 1 deletion b/‎content/operate/oss_and_stack/stack-with-enterprise/install/add-module-to-cluster.md‎
Lines changed: 246 additions & 1 deletion
diff --git a/‎content/operate/rs/references/rest-api/objects/bootstrap/_index.md‎
Lines changed: 2 additions & 0 deletions b/‎content/operate/rs/references/rest-api/objects/bootstrap/_index.md‎
Lines changed: 2 additions & 0 deletions
diff --git a/‎content/operate/rs/references/rest-api/objects/bootstrap/user_defined_module.md‎
Lines changed: 40 additions & 0 deletions b/‎content/operate/rs/references/rest-api/objects/bootstrap/user_defined_module.md‎
Lines changed: 40 additions & 0 deletions
diff --git a/‎content/operate/rs/references/rest-api/objects/certificates.md‎
Lines changed: 1 addition & 1 deletion b/‎content/operate/rs/references/rest-api/objects/certificates.md‎
Lines changed: 1 addition & 1 deletion
diff --git a/‎content/operate/rs/references/rest-api/objects/crdb/database_config.md‎
Lines changed: 2 additions & 0 deletions b/‎content/operate/rs/references/rest-api/objects/crdb/database_config.md‎
Lines changed: 2 additions & 0 deletions
diff --git a/‎content/operate/rs/references/rest-api/objects/sso.md‎
Lines changed: 28 additions & 0 deletions b/‎content/operate/rs/references/rest-api/objects/sso.md‎
Lines changed: 28 additions & 0 deletions
diff --git a/‎content/operate/rs/references/rest-api/objects/user.md‎
Lines changed: 1 addition & 1 deletion b/‎content/operate/rs/references/rest-api/objects/user.md‎
Lines changed: 1 addition & 1 deletion
@@ -11,7 +11,7 @@ linkTitle: Install and upgrade modules
 weight: 4
 ---
 
-Several modules that provide additional Redis capabilities, such as search and query, JSON, time series, and probabilistic data structures, come packaged with [Redis Enterprise Software]({{< relref "/operate/rs" >}}). As of version 8.0, Redis Enterprise Software includes four feature sets, compatible with different Redis database versions.
+Several modules that provide additional Redis capabilities, such as search and query, JSON, time series, and probabilistic data structures, come packaged with [Redis Enterprise Software]({{< relref "/operate/rs" >}}). As of version 8.0, Redis Enterprise Software includes multiple feature sets, compatible with different Redis database versions.
 
 However, if you want to use additional modules or upgrade a module to a more recent version, you need to:
 
 
@@ -10,14 +10,28 @@ linkTitle: Install on a cluster
 weight: 10
 ---
 
-[Redis Enterprise Software]({{< relref "/operate/rs" >}}) comes packaged with several modules that provide additional Redis capabilities such as [search and query]({{<relref "/operate/oss_and_stack/stack-with-enterprise/search">}}), [JSON]({{<relref "/operate/oss_and_stack/stack-with-enterprise/json">}}), [time series]({{<relref "/operate/oss_and_stack/stack-with-enterprise/timeseries">}}), and [probabilistic data structures]({{<relref "/operate/oss_and_stack/stack-with-enterprise/bloom">}}). As of version 8.0, Redis Enterprise Software includes four feature sets, compatible with different Redis database versions. You can view the installed modules, their versions, and their minimum compatible Redis database versions from **Cluster > Modules** in the Cluster Manager UI.
+[Redis Enterprise Software]({{< relref "/operate/rs" >}}) comes packaged with several modules that provide additional Redis capabilities such as [search and query]({{<relref "/operate/oss_and_stack/stack-with-enterprise/search">}}), [JSON]({{<relref "/operate/oss_and_stack/stack-with-enterprise/json">}}), [time series]({{<relref "/operate/oss_and_stack/stack-with-enterprise/timeseries">}}), and [probabilistic data structures]({{<relref "/operate/oss_and_stack/stack-with-enterprise/bloom">}}). As of version 8.0, Redis Enterprise Software includes multiple feature sets, compatible with different Redis database versions. You can view the installed modules, their versions, and their minimum compatible Redis database versions from **Cluster > Modules** in the Cluster Manager UI.
 
 To use other modules or upgrade an existing module to a more recent version, you need to install the new module package on your cluster.
 
 {{<warning>}}
 Some module versions are not supported or recommended for use with Redis Enterprise Software.
 {{</warning>}}
 
+## Module package requirements
+
+The module must be packaged as a `.zip` file containing:
+
+- **module.json**: A metadata file with module information including:
+  - `module_name`: The actual module name
+  - `version`: Numeric version
+  - `semantic_version`: Semantic version string (for example, "1.0.0")
+  - `min_redis_version`: Minimum compatible Redis version
+  - `commands`: List of commands the module provides
+  - `capabilities`: List of module capabilities
+
+- **Module binary**: The compiled `.so` file for the target platform
+
 ## Get packaged modules
 
 To install or upgrade a module on a [Redis Enterprise Software]({{< relref "/operate/rs" >}}) cluster, you need a module package.
@@ -26,6 +40,237 @@ To install or upgrade a module on a [Redis Enterprise Software]({{< relref "/ope
 
 - For custom-packaged modules, download a [custom-packaged module](https://redislabs.com/community/redis-modules-hub/) from the developer.
 
+- User-defined modules are downloaded automatically if you [add them during bootstrapping](#bootstrap-user-defined-module).
+
+## Add user-defined modules during bootstrapping (Redis Software v8.0.6 and later) {#bootstrap-user-defined-module}
+
+As of Redis Enterprise Software version 8.0.6, you can include `user_defined_modules` in REST API requests to [initiate boostrap operations]({{<relref "/operate/rs/references/rest-api/requests/bootstrap#post-bootstrap">}}) such as `create_cluster`, `join_cluster`, or `recover_cluster`. Each node in the cluster independently downloads and installs the specified modules during its bootstrap process.
+
+`user_defined_modules` has the following JSON schema:
+
+```json
+{
+  "user_defined_modules": [
+    {
+      "name": "string (required)",
+      "location": {
+        "location_type": "http | https (required)",
+        "url": "string (required)",
+        "credentials": {
+          "username": "string (optional)",
+          "password": "string (optional)"
+        }
+      }
+    }
+  ]
+}
+```
+
+### Best practices
+
+- Use `https` instead of `http` for secure module downloads.
+
+- Include version numbers in module URLs.
+
+- Use the same `user_defined_modules` configuration for all nodes in a cluster.
+
+- If using authenticated downloads, ensure credentials are properly secured.
+
+- Ensure modules are compatible with the Redis database version running on your cluster.
+
+- Verify modules work correctly before deploying to production environments.
+
+### Example requests
+
+{{< multitabs id="bootstrap-modules" 
+        tab1="Create cluster"
+        tab2="Join cluster"
+        tab3="Recover cluster" >}}
+
+The following example creates a cluster with multiple modules:
+
+
+```sh
+POST /v1/bootstrap/create_cluster
+{
+  "action": "create_cluster",
+  "credentials": {
+    "username": "admin@example.com",
+    "password": "your-secure-password"
+  },
+  "cluster": {
+    "name": "my-cluster.example.com"
+  },
+  "user_defined_modules": [
+    {
+      "name": "ModuleA",
+      "location": {
+        "location_type": "https",
+        "url": "https://private-repo.example.com/enterprise-module-2.0.0.zip",
+        "credentials": {
+          "username": "download-user",
+          "password": "download-password"
+        }
+      }
+    },
+    {
+      "name": "ModuleB",
+      "location": {
+        "location_type": "https",
+        "url": "https://modules.example.com/module-b-2.5.0.zip"
+      }
+    },
+    {
+      "name": "ModuleC",
+      "location": {
+        "location_type": "http",
+        "url": "http://internal-server.local/module-c-1.2.0.zip"
+      }
+    }
+  ]
+}
+```
+
+-tab-sep-
+
+The following example joins a node to a cluster with multiple modules:
+
+```sh
+POST /v1/bootstrap/join_cluster
+{
+  "action": "join_cluster",
+  "credentials": {
+    "username": "admin@example.com",
+    "password": "your-secure-password"
+  },
+  "cluster": {
+    "name": "my-cluster.example.com",
+    "nodes": ["192.168.1.10", "192.168.1.11"]
+  },
+  "user_defined_modules": [
+    {
+      "name": "ModuleA",
+      "location": {
+        "location_type": "https",
+        "url": "https://private-repo.example.com/enterprise-module-2.0.0.zip",
+        "credentials": {
+          "username": "download-user",
+          "password": "download-password"
+        }
+      }
+    },
+    {
+      "name": "ModuleB",
+      "location": {
+        "location_type": "https",
+        "url": "https://modules.example.com/module-b-2.5.0.zip"
+      }
+    },
+    {
+      "name": "ModuleC",
+      "location": {
+        "location_type": "http",
+        "url": "http://internal-server.local/module-c-1.2.0.zip"
+      }
+    }
+  ]
+}
+```
+
+-tab-sep-
+
+The following example recovers a cluster with multiple modules:
+
+```sh
+POST /v1/bootstrap/recover_cluster
+{
+  "action": "recover_cluster",
+  "recovery_filename": "/path/to/backup.rdb",
+  "credentials": {
+    "username": "admin@example.com",
+    "password": "your-secure-password"
+  },
+  "user_defined_modules": [
+    {
+      "name": "ModuleA",
+      "location": {
+        "location_type": "https",
+        "url": "https://private-repo.example.com/enterprise-module-2.0.0.zip",
+        "credentials": {
+          "username": "download-user",
+          "password": "download-password"
+        }
+      }
+    },
+    {
+      "name": "ModuleB",
+      "location": {
+        "location_type": "https",
+        "url": "https://modules.example.com/module-b-2.5.0.zip"
+      }
+    },
+    {
+      "name": "ModuleC",
+      "location": {
+        "location_type": "http",
+        "url": "http://internal-server.local/module-c-1.2.0.zip"
+      }
+    }
+  ]
+}
+```
+
+{{< /multitabs >}}
+
+### Troubleshooting
+
+#### Error handling
+
+Download failures do not fail the bootstrap process. If a module fails to download or install, a warning is logged and the bootstrap process continues with the remaining modules.
+
+Warnings are recorded in the bootstrap status with:
+- `warning_type`: `"module_download_failed"`
+- `message`: Error description
+- `details`: `{"module_name": "<name>"}`
+
+#### Module download failed
+
+Check the bootstrap logs for detailed error messages:
+
+```
+Failed to download and install custom module '<name>': <error details>
+```
+
+Common causes:
+- Invalid URL
+- Network connectivity issues
+- Authentication failures
+- Module package format issues
+
+#### Module compatibility errors
+
+After processing user-defined modules, the system validates that all custom modules are compatible with existing databases in the cluster. This validation:
+
+1. Checks which custom modules are used by existing databases.
+
+1. Verifies that compatible module versions are available on the node.
+
+1. Fails the bootstrap process if incompatible modules are detected.
+
+If the bootstrap process fails with an `incompatible_modules` error:
+
+1. Verify the module version is compatible with existing databases.
+
+1. Ensure the module binary exists and is accessible.
+
+#### Missing module.json
+
+If you see `"module.json missing"` errors:
+
+1. Verify the zip file contains a valid `module.json` at the root level.
+
+1. Verify the JSON is properly formatted.
+
 ## Add a user-defined module to a cluster (Redis Software v8.0.x and later) {#add-user-defined-module-to-cluster}
 
 To add a custom module to a cluster running Redis Enterprise Software version 8.0.x or later, use the following REST API requests:
 
@@ -39,5 +39,7 @@ A bootstrap configuration object.
 | recovery_filename | string | Name of backup file to recover from |
 | required_version | string | This node can only join the cluster if all nodes in the cluster have a version greater than the required_version (deprecated as of Redis Enterprise Software v7.8.6) |
 | retry_time | integer | Max waiting time between retries (in seconds) |
+| user_defined_modules | array of [user_defined_module]({{< relref "/operate/rs/references/rest-api/objects/bootstrap/user_defined_module" >}}) objects | List of custom modules to download and install during bootstrap. Each node downloads and installs the modules independently. |
+| witness_disk | object | An API object that represents the Witness Disk bootstrap configuration |
 
 
@@ -0,0 +1,40 @@
+---
+Title: user_defined_module object
+alwaysopen: false
+categories:
+- docs
+- operate
+- rs
+description: An object for user-defined module configuration during bootstrap
+hideListLinks: true
+linkTitle: user_defined_module
+weight: $weight
+---
+
+A user-defined module configuration object for bootstrap operations.
+
+| Name | Type/Value | Description |
+|------|------------|-------------|
+| name | string | Module name for presentation and logging purposes (required) |
+| location | object | Information on where to download the module from (required)<br />{{<code>}}{
+  "location_type": "http | https",
+  "url": "string",
+  "credentials": {
+    "username": "string",
+    "password": "string"
+  }
+}{{</code>}}<br />**location_type**: The type of location, either `http` or `https` (required)<br />**url**: The URL to download the module zip file from (required)<br />**credentials**: Optional credentials for downloads that require basic authentication |
+
+## Module package requirements
+
+The module must be packaged as a `.zip` file containing:
+
+- **module.json**: A metadata file with module information including:
+  - `module_name`: The actual module name
+  - `version`: Numeric version
+  - `semantic_version`: Semantic version string (for example, "1.0.0")
+  - `min_redis_version`: Minimum compatible Redis version
+  - `commands`: List of commands the module provides
+  - `capabilities`: List of module capabilities
+
+- **Module binary**: The compiled `.so` file for the target platform
@@ -14,6 +14,6 @@ An API object that represents a certificate used by a Redis Enterprise Software
 
 | Name | Type/Value | Description |
 |------|------------|-------------|
-| name | `cm`<br />`api`<br />`mtls_trusted_ca`<br />`proxy`<br />`metrics_exporter`<br />`syncer`<br />`ldap_client`<br />`ccs_internode_encryption`<br />`data_internode_encryption` | Certificate type.<br />See the [certificates table]({{< relref "/operate/rs/security/certificates" >}}) for the list of cluster certificates and their descriptions. |
+| name | "cm"<br />"api"<br />"mtls_trusted_ca"<br />"proxy"<br />"metrics_exporter"<br />"syncer"<br />"ldap_client"<br />"ccs_internode_encryption"<br />"data_internode_encryption"<br />"sso_service"<br />"sso_issuer" | Certificate type.<br />See the [certificates table]({{< relref "/operate/rs/security/certificates" >}}) for the list of cluster certificates and their descriptions. |
 | certificate | string | The certificate in PEM format |
 | key | string | The private key in PEM format |
@@ -19,6 +19,7 @@ An object that represents the database configuration.
 | <span class="break-all">authentication_redis_pass</span> | string | Redis AUTH password (deprecated as of Redis Enterprise v7.2, replaced with multiple passwords feature in version 6.0.X) |
 | bigstore | boolean (default: false) | Database driver is Auto Tiering |
 | bigstore_ram_size | integer (default: 0) | Memory size of RAM size |
+| cert | string | Optional PEM-encoded server certificate for the underlying database instance |
 | data_persistence | 'disabled'<br />'snapshot'<br />**'aof'** | Database on-disk persistence policy. For snapshot persistence, a [snapshot_policy]({{< relref "/operate/rs/references/rest-api/objects/bdb/snapshot_policy" >}}) must be provided |
 | <span class="break-all">enforce_client_authentication</span> | **'enabled'** <br />'disabled' | Require authentication of client certificates for SSL connections to the database. If enabled, a certificate should be provided in either <span class="break-all">`authentication_ssl_client_certs`</span> or <span class="break-all">`authentication_ssl_crdt_certs`</span> |
 | max_aof_file_size | integer | Maximum AOF file size in bytes |
@@ -29,6 +30,7 @@ An object that represents the database configuration.
 | <span class="break-all">oss_cluster_api_preferred_ip_type</span> | 'internal'<br />'external' | Indicates preferred IP type in OSS cluster API |
 | oss_sharding | boolean (default: false) | An alternative to `shard_key_regex` for using the common case of the OSS shard hashing policy |
 | port | integer | TCP port for database access |
+| private_key | string | Optional PEM-encoded private key matching the certificate for the underlying database instance |
 | proxy_policy | 'single'<br />'all-master-shards'<br />'all-nodes' | The policy used for proxy binding to the endpoint |
 | rack_aware | boolean (default: false) | Require the database to be always replicated across multiple racks |
 | replication | boolean (default: true) | Database replication |
 
@@ -0,0 +1,28 @@
+---
+Title: SSO object
+alwaysopen: false
+categories:
+- docs
+- operate
+- rs
+description: An object for single sign-on (SSO) configuration
+linkTitle: sso
+weight: $weight
+---
+
+An API object that represents single sign-on (SSO) configuration in the cluster.
+
+| Name | Type/Value | Description |
+|------|------------|-------------|
+| control_plane | boolean (default: false) | If `true`, enables single sign-on (SSO) for the control plane. |
+| enforce_control_plane | boolean (default: false) | If `true`, enforce SSO login for the control plane for non-admin users. If `false`, all users can still login using their local username and password if SSO is down. |
+| protocol | "saml2" | SSO protocol to use. |
+| issuer | complex object	 | Issuer related configuration.<br>Contains the following fields:<br>**id**: Unique ID of the issuer side (example: "urn:sso:example:idp")<br>**login_url**: SSO login URL (example: "https://idp.example.com/sso/saml")<br>**logout_url**: SSO logout URL (example: "https://idp.example.com/sso/slo")<br />**metadata**: Base64 encoded IdP metadata (read-only) |
+| service | complex object	 | Service related configuration.<br />For SAML2 service configuration:<br />{{<code>}}{
+  "address": "string",
+  "saml2": {
+    "entity_id": "string",
+    "acs_url": "string",
+    "slo_url": "string"
+  }
+}{{</code>}}<br>**address**: External service address used for SSO. By default, the cluster name with the Cluster Manager port is used.<br />**acs_url**: Assertion Consumer Service URL (read-only)<br>**slo_url**: Single Logout URL (read-only)<br>**entity_id**: Service entity ID (read-only) |
@@ -15,7 +15,7 @@ weight: $weight
 | uid | integer | User's unique ID |
 | account_id | integer | SM account ID |
 | action_uid | string | Action UID. If it exists, progress can be tracked by the <span class="break-all">`GET /actions/{uid}`</span> API request (read-only) |
-| auth_method | **'regular'**<br />'certificate'<br />'entraid' | User's authentication method |
+| auth_method | **'regular'**<br />'certificate'<br />'entraid'<br />'sso' | User's authentication method |
 | bdbs_email_alerts | complex object | UIDs of databases that user will receive alerts for |
 | <span class="break-all">certificate_subject_line</span> | string | The certificate’s subject line as defined by RFC2253. Used for certificate-based authentication users only. |
 | cluster_email_alerts | boolean | Activate cluster email alerts for a user |