Keycloak 11.0.0 released

Wednesday, July 22 2020

To download the release go to Keycloak downloads.


LDAPv3 password modify operation

Support for LDAPv3 password modify operation was added. Also the ability in the admin console to request metadata from the configured LDAP server to see if it supports LDAPv3 password modify operation.

Thanks to cachescrubber

Namespace support for LDAP group mapper

Namespace support for LDAP group mapper allows you to map groups from LDAP under specified branch (namespace) of the Keycloak groups tree. Previously groups from LDAP were always added as the top level groups in Keycloak.

Thanks to Torsten Juergeleit

Upgrade to WildFly 20

Keycloak server was upgraded to use WildFly 20.0.1.Final under the covers. For more details, please take a look at Upgrading Guide.

SAML POST binding is broken in the latest versions of browsers

The SameSite value None for JSESSIONID cookie is necessary for correct behavior of the Keycloak SAML adapter. Usage of a different value is causing resetting of the container’s session with each request to Keycloak, when the SAML POST binging is used. Refer to the following steps for Wildfly and Tomcat to keep the correct behavior. Notice, that this workaround should be working also with the previous versions of the adapter.

Other improvements

  • Support for client offline session lifespan. Thanks to Yoshiyuki Tabata

  • Czech translation. Thanks to Jakub Knejzlík

  • Possibility to fetch additional fields from the Facebook identity provider. Thanks to Bartosz Siemieńczuk

  • Support for AES 192 and AES 256 algorithms used for signed and encrypted ID tokens. Thanks to Takashi Norimatsu

  • Ability to specify signature algorithm in Signed JWT Client Authentication. Thanks to Takashi Norimatsu

All resolved issues

The full list of resolved issues are available in JIRA


Before you upgrade remember to backup your database and check the upgrade guide for anything that may have changed.