Wednesday, 13 January 2016

Keycloak 1.8.0.CR1 Released

Keycloak 1.8.0.CR1 has just been released. As usual we will follow with a final release next week as long as no major issues are reported.

  • Default Admin User Removed - we no longer have a built in admin account, instead a new account has to be created initially from http://localhost:8080/auth or with the bin/add-user[sh|bat] script
  • Client Templates - with the introduction of client templates it's now possible to share mappers and scope configuration between clients
  • Partial Import - it's now possible to import users, clients, identity brokers and user federators from a json file into an existing realm
  • Truststore SPI - we've introduced a Truststore SPI which provides a centralized place to manage the truststore for clients, email, user federation and identity brokering
  • Password Hashing SPI - if you want to import existing users into Keycloak you can implement a password hashing provider so existing hashed passwords can be used (thanks to tsudo for the contribution)
  • Identity Brokering Login Flow - this allows customizing the flow used when a user logs in through an identity broker
  • SAML v2 Enhanced Client or Proxy Profile (ECP) - this SAML profile is useful for non-browser based clients (for example a desktop application)
  • OAuth2 Token Introspection - the OAuth2 token introspection specification provides a standard way to obtain the active state of a token
  • Conditional OTP - requiring OTP used to be either enabled or disabled for a realm, it's now possible to conditionally choose which users require OTP based on for example a role or a request header (thanks to thomasdarimont for the contribution)
  • Realm Display Name - a display name has been added to realms, which makes it possible to set a human readable name to be shown on login screens, emails, etc.
  • WildFly 10.0.0.CR5 - Keycloak is now built on top of WildFly 10.0.0.CR5. Deploying the server overlay to WildFly 9 is no longer supported

For the full list of issues resolved check out JIRA and to download the release go to the Keycloak homepage.

4 comments:

  1. "Client Templates - with the introduction of client templates it's now possible to share mappers and scope configuration between clients" - where can I find more information on this?

    Thanks

    ReplyDelete
    Replies
    1. Take a look in the admin console. It's pretty self explanatory. You create a client template with mappers and scope. Then when creating a client you can optionally select to use a client template.

      Delete
  2. Whats the HTTP endpoint for the token introspection? Btw is there a overview where all endpoints (token, auth, user-info ...) are documented

    ReplyDelete
    Replies
    1. I am searching for something like your Admin REST API documentation (http://keycloak.github.io/docs/rest-api/index.html) for the common OIDC endpoints

      Delete

Please only add comments directly associated with the post. For general questions use the Keycloak user mailing list.