Pretty big feature release:
- SAML 2.0 support. Keycloak already supports OpenID Connect, but with this release we're also introducing support for SAML 2.0. We did this by pulling in and building on top of Picketlink's SAML libraries.
- Vastly improved clustering support. We've also significantly improved our clustering support, for the server and application adapters. The server can now be configured to use an invalidation cache for realm meta-data and user profiles, while user-sessions can be stored in a distributed cache allowing for both increased scalability and availability. Application adapters can be configured for either sticky-session or stateless if sticky-sessions are not available. We've also added support for nodes to dynamically register with Keycloak to receive for example logout notifications.
- Adapter multi-tenancy support. Thanks to Juraci Paixão Kröhling we now have multi-tenancy support in application adapters. His contribution makes it easy to use more than one realm for a single application. It's up to you to decide which realm is used for a request, but this could for example be depending on domain name or context-path. For anyone interested in this feature there's a simple example that shows how to get started.
- Tomcat 7 Adapter. A while back Davide Ungari contributed a Tomcat 7 application adapter for Keycloak, but we haven't had time to document, test and make it a supported adapter until now.
The next release of Keycloak should see the introduction of more application adapters, with support for JBoss BRMS, JBoss Fuse, UberFire, Hawt.io and Jetty.
For a complete list of all features and fixes for this release check out JIRA.
I'd like to especially thank all external contributors, please keep contributing! For everyone wanting to contribute Keycloak don't hesitate, it's easy to get started and we're here to help if you need any pointers.