Thursday, 22 December 2016

Keycloak 2.5.0.CR1 Released

We've released Keycloak 2.5.0.CR1 just in time for Christmas. This release mainly focuses on bug fixing and we've resolved an impressive 165 issues in this release! Due to Christmas holidays the final release won't be until early January.

Highlights of the release includes:

  • User Storage SPI - We've removed the old User Federation SPI in this release. If you have custom user federation providers you will need to migrate them to the User Storage SPI.
  • HMAC Key Provider - We've added a secret key provider to be able to do HMAC signatures. These are faster than RSA signatures and are used for signing cookies.
  • Ability to disable Impersonation - If you don't want to allow admins to be able to impersonate users you can now fully disable this feature.

This is the second to last release in the Keycloak 2 series. Expect one more round of bug fixing and a 2.5.1.Final release towards the end of January. After that we'll get started on Keycloak 3!

Plans for Keycloak 3 are not finalized, but some things we're hoping to do next year include:

  • Multi data center support - It's kinda possible at the moment, but we are planning to do a lot of improvements in this area
  • Authentication SPI - We're aiming to cleanup the authentication SPI and may also be adding more built-in authentication capabilities
  • Validation on Admin Endpoints and Console - There's currently a lack of validation on the admin endpoints which could result in bad configuration
  • Profile SPI - Single configurable and extensible place to define validation for user validation for self-registration, account management and the admin console
  • New Account Management - New modern and easier to use account management console
  • Testing and CI - More automated testing, better test coverage and more Jenkins!

I'd like to wish everyone a merry christmas and a happy new year on behalf of the Keycloak team. We're looking forward to a adding loads more features and improvements to Keycloak in 2017!

For the full list of issues resolved check out JIRA and to download the release go to the Keycloak homepage.

Friday, 2 December 2016

Considering removing Mongo from Keycloak

We are considering removing Mongo support from Keycloak in 3.x. The reasons behind it is that there are a fair few issues in the current implementation, especially around consistency due to lack of transaction support in Mongo and often we update multiple documents. In many cases we rely on transactions to rollback to prevent partial updates, but this obviously doesn't work in Mongo.

With the fact that Mongo is already partially broken and the constant maintenance involved we're considering removing it and rather focus purely on the relational database back-end.

Another point to make is that we are not considering supporting Mongo in the supported version of Keycloak (Red Hat Single Sign-On). So we are never able to provide the same level of care and attention to it as we can for relational databases.

If we do decide to remove it we would make sure we provide a seamless and easy option to migrate from Mongo to a relational database!

I would like to gather some feedback from the community before doing anything. So please vote on the following Doodle:

Also, comments on this post is more than welcome!

I'll end with a comment - Time spent by core developer on maintaining Mongo could be better spent on awesome new features, testing and bug fixing!