Wednesday, 17 June 2015

Keycloak 1.3.1.Final Released

Keycloak 1.3.1.Final has just been released. There's not too many new features this time around, but a lot of improvements.

LDAP enhancements and mappers

This release brings a lot of improvements to our LDAP User Federation Provider and also introduces mappers for User Federation making it possible to map attributes and groups from LDAP to attributes and role mappings in the Keycloak database.

WildFly 9.0.0.CR2

Keycloak standalone is now built on WildFly 9.0.0.CR2. This also means that the server-overlay is only deployable to WildFly 9.0.0.CR2 and we no longer support WildFly 8.2.0.Final for the server. There's also a server-overlay-eap which supports deploying the server to EAP 6.4.0.GA.

We've also added adapter for WildFly 9. There's different downloads for WildFly 8 and 9, so make sure you grab the correct one.

Admin events

You can now enable admin events through the admin console. This will log all modifications done by admins. You can view what changes where made and by whom.

Easier cluster setup

It's now slightly easier to setup clustering as the included standalone-ha.xml contains the Infinispan configuration. All you need to do now is to change providers in keycloak-server.json and add a shared database.

Recover admin password

In the past if you forgot your admin password your only option was to edit the database directly. We've now introduced a mechanism that lets you recover the admin password. Obviously this requires you to have direct access to the server.

Release notes and download

For all issues resolved in this release see the change log in JIRA. As usual refer to the migration guide before upgrading. To download yet another great Keycloak release go to our web site.


  1. Thank you for that great release! Finally we can use Keycloak with Spring Security with less than 10 lines of code! :-)
    Keep on rockin'!

  2. Very compliments! It's a great product. Perhaps it lacks a key feature (for me) like the Implicit flow in order to be compatible with some client OpenId Connect framework (i.e. the OWIN middleware for .NET Framework) and it would be very useful if you provide a simple UserFederationMapper provider/factory in order to better understand how to implement a new one without studying the complex ldap one. Anyway thank you very much for your great work. It's easy to build such a big thing like an'auth server with your great keycloak.

    1. We are planning to add implicit, hopefully for 1.5. We're also planning to add documentation and examples for SPIs, including UserFederationMapper, not sure when we'll get to that though.


Please only add comments directly associated with the post. For general questions use the Keycloak user mailing list.