Wednesday, 5 November 2014

Keycloak 1.1.0 Beta1 Released

Pretty big feature release:
  • SAML 2.0 support.  Keycloak already supports OpenID Connect, but with this release we're also introducing support for SAML 2.0.  We did this by pulling in and building on top of Picketlink's SAML libraries.

  • Vastly improved clustering support.  We've also significantly improved our clustering support, for the server and application adapters. The server can now be configured to use an invalidation cache for realm meta-data and user profiles, while user-sessions can be stored in a distributed cache allowing for both increased scalability and availability. Application adapters can be configured for either sticky-session or stateless if sticky-sessions are not available. We've also added support for nodes to dynamically register with Keycloak to receive for example logout notifications.

  • Adapter multi-tenancy support.  Thanks to Juraci Paixão Kröhling we now have multi-tenancy support in application adapters. His contribution makes it easy to use more than one realm for a single application. It's up to you to decide which realm is used for a request, but this could for example be depending on domain name or context-path. For anyone interested in this feature there's a simple example that shows how to get started.

  • Tomcat 7 Adapter.  A while back Davide Ungari contributed a Tomcat 7 application adapter for Keycloak, but we haven't had time to document, test and make it a supported adapter until now.

What's next?

The next release of Keycloak should see the introduction of more application adapters, with support for JBoss BRMS, JBoss Fuse, UberFire, and Jetty.

For a complete list of all features and fixes for this release check out JIRA.

I'd like to especially thank all external contributors, please keep contributing! For everyone wanting to contribute Keycloak don't hesitate, it's easy to get started and we're here to help if you need any pointers.


  1. Eivind Mikkelsen7 November 2014 at 15:28

    Great work on the SAML support in this release!

    Is support for FIDO U2F on your roadmap?

  2. I wrote few rows to explain how to integrate the Tomcat7 adpater:

  3. What's the best way to contribute? I have made a very small modification to connect to a Tivoli LDAP server. I have forked keycloak and opened a JIRA ticket. - TIA Carl

  4. At the very least we plan to provide SPIs to hook in custom authentication mechanisms (primary and secondary). I'd say most likely we'd add support for FIDO U2F (and UAF?!) as well though. Exactly when it'll happen I'm not sure.


Please only add comments directly associated with the post. For general questions use the Keycloak user mailing list.