Keycloak 9.0.0 released

Monday, February 17 2020

To download the release go to Keycloak downloads.


Drools Policy Removed

The Drools Policy was finally removed after the deprecation period. If you need more complex policies you can still use JavaScript-based policies.

Pagination support for clients

Pagination support was added to clients in the Admin Console and REST API. Thanks to saibot94.

New Elytron Credential Store Vault Provider

A new built-in vault provider that reads secrets from a keystore-backed Elytron credential store has been added as a WildFly extension. The creation and management of the credential store is handled by Elytron using either the elytron subsystem or the script.

More updates to W3C WebAuthn and Authentication flows

In this release, we did some usability improvements to the authentication flows. It should be easier for the end user to choose between available authentication mechanisms for two-factor authentication. It should be more intuitive to log in with OTP or WebAuthn considering the fact that user can have more OTP or WebAuthn credentials. There is also better support for passwordless WebAuthn authentication. Finally, we did some work on defects related to the authentication flows.

Improved handling of user locale

A number of improvements have been made to how the locale for the login page is selected, as well as when the locale is updated for a user.

See the Server Administration Guide for more details.

Other improvements

  • Authorization Header token is only considered now when type is Bearer on Gatekeeper. Thanks to HansK-p

  • More algorithms are supported for the client authentication with signed client secret JWT. Namely HS384 and HS512 algorithms were added. Thanks to tnorimat

All resolved issues

The full list of resolved issues are available in JIRA


Before you upgrade remember to backup your database and check the upgrade guide for anything that may have changed.