Tuesday, 16 December 2014

Merry Christmas from the Keycloak team

2014 was the year of Keycloak! At least that was the case for us on the Keycloak team. In January we released the very first alpha of the project. The first stable release wasn't out until September, but in return we added a lot more features as well as reaching a very high level of stability for a 1.0.

Since then we've delivered a number of security and bug fixes for 1.0, while continuing to bake in new exiting features for 1.1. We're planning to do a stable release of 1.1 early in the New Year, which will bring SAML 2, much improved clustering and a number of new application adapters.

Not only have we managed to provide a feature rich and easy to use open source security solution, but we've also managed to build an awesome community around the project. We've had over 5000 downloads, over 2500 commits from 32 contributors and our developer and user mailing lists are very active. Keycloak is already in use in production on a number of projects, in fact some has even used it in production since our first alpha release!

Our road-map for 2015 is not written in stone, but expect at least some of the following features to be delivered in 2015:
  • Custom user profiles - this will let you configure the attributes for a user profile, which should be visible on the registration screen and account management, as well as specify validation

  • Identity Brokering - we're adding support to authenticate with external Identity Providers via OpenID Connect, SAML 2.0 and Kerberos

  • Two-Factor Authentication - currently we only support Google Authenticator or FreeOTP applications for two-factor authentication, but we plan to make it possible to add your own and provide some more out of the box

  • Client Accounts - these will be special user accounts directly linked to a client, allowing a client to access services as itself not just on-behalf of users

  • Client Certificates - support authentication of clients with certificates

  • Client Types - at the moment we have applications and oauth clients, the main difference being oauth clients require users to grant permissions to roles. To simplify the admin console we plan to introduce a single unified view for clients and also introduce new types such as devices

  • Internationalization - internationalization support for login and account management pages

  • SMS - enable SMS to recover passwords, as a 2nd factor authentication mechanism and to be notified about events like login failures

  • OpenID Connect Dynamic Registration -  allows clients to dynamically register with Keycloak. We'll also look at passing the OpenID Connect Interop testing

  • Mapping of users and tokens - custom mapping of user profiles from external identity stores and tokens from external Identity Providers
We also have ideas for some bigger features, but we'll leave those as a surprise for 2015!

Finally, I'd like to wish everyone a Merry Christmas and a Happy New Year.