Keycloak Beta 3 Released

Mostly a bunch of bug fixes that we needed to push out for users.  We’re still pretty focused on performance and hope that Beta 4 will allow Keycloak to run in a cluster with some caching capabilities.  See for links on downloading, docs, and jira release notes.

Posted in Uncategorized

Keycloak Beta 1 Released!

Keycloak Beta-1 has been released!  We’re edging closer to 1.0! Please visit the Keycloak website for links to documentation and downloads.  A lot of hard work the last few months by Stian, Marek, myself and other contributors to bring you loads of new features and improvements:

  • LDAP/Active Directory integration built on Picketlink.  Thanks Marek!
  • User Session management – can now view login IP address and which applications and oauth clients have open tokens.  Works with any type of app too.  Can view and manage sessions through user account pages or admin console
  • Audit log for important events.  Integration with admin console and ability to receive emails on certain events.
  • Account log viewable in user account management pages
  • Export database.  Allows you to export a full dump of keycloak database into an encrypted file.  Will help out tremendously to migrate between Keycloak versions.
  • Authentication SPI.  Allows you to plug in different mechanisms to retrieve and authenticate users.
  • Theme support for the admin console and any sent email.
  • Per-realm admin console.  You can now designate a user within a realm that is an admin of that realm.
  • Documented the Admin REST API finally.  (Docs still kinda suck here)
  • CORS support for Admin REST API
  • Improvements in Javascript adapter.  Including OpenID Connect session iframe style for single-sign out and support for Cordova.
  • Support for relative URLs when configuring admin console
  • Server configuration file
  • Social Only Logins
  • Installed application adapter
  • Expanded the number of example projects

What’s next? This is the last major feature release of Keycloak.  We will now be focusing on performance, clustering, security audits, testing, documentation, and usability for the next few releases.  We hope to release 1.0 Final sometime in July.

Posted in Uncategorized

Keycloak Alpha 3 Released

Another big feature release for Keycloak.  As usual, go to to find documentation and download links.  Here are the highlights of Alpha 3:

  • Minimal support for OpenID Connect.  Claims like email, full name, etc. can now be transmitted and viewed with IDToken passed after login.
  • Configurable allowed claims.  What identity claims are made in id and access tokens can be configured per application or oauth client within the admin console
  • Remote logout and session stats available from management console
  • Refresh token support
  • Not before revocation policy.  You can set it per realm, oauth client, or application.  Policies are pushed to applications that have an admin url
  • Fine grain admin console permissions and roles.  You can now specify which realms a master user is allowed to create, view, or edit.  An awesome side effect of this is that if you enable registration in the master admin realm and set a default global role of create only, keycloak can become a SaaS for SSO.
  • Installed Application feature to support non-browser applications that want to use Keycloak
  • You can now add social network links through account management

What’s next?

Our next release will be Beta-1 and will be our last big feature release.  One of the features we want to add is support for using an existing LDAP/Active Directory server.  We’re going to take a look at Picketlink IDM API for this.  We also need more fine grain support for importing and exporting various pieces of the keycloak database.  That’s minimally what we want to get in.  We’re looking at a May timeframe for this release as in April many of us will be busy with Red Hat Summit.

Posted in Uncategorized

Keycloak Alpha 2 Released

3 weeks after Keycloak’s initial debut, we’re ready to introduce some new features in our Alpha 2 release.

  • Stian added theme support.  You can now customize any non-admin-console page using Freemarker templates, css files, and images.
  • Stan added a Wildfly subsystem and Bill ported it to AS7 and EAP 6.x.  Securing your WARs on JBoss AS7, EAP, and Wildfly is now much easier and uniform across all JBoss/Wildfly versions.  Also, with the subsystem, you do not even have to crack open a WAR to secure it with Keycloak.
  • Bill added Composite Role support.  Composite Roles can be associated with more fine grain roles to make it easier to apply and manage role mappings for your users.
  • Marek added backend support for Mongo, Oracle, Postgres, MySQL, MS-SQL, and DB2.
  • Stian finished up his pure Javascript adapter that had been sitting on the back burner.
  • Somebody not named Bill wrote a GitHub Social Login provider.
  • Viliam was the cleaner.  He cleaned up all the messes that Stian and Bill created and fixed all the little bugs Bill was too lazy to do.

What’s next?  No sure yet.  Probably a focus on full OpenID Connect support. Refresh tokens.  Openshift bootstrapping.  Maybe some new social plugins too.  Please visit the main Keycloak Website for documentation and links for downloads.

Posted in Uncategorized

Get every new post delivered to your Inbox.