Thursday, May 06 2021
To download the release go to Keycloak downloads.
The Keycloak server was upgraded to use Wildfly 23.0.2.Final as the underlying container.
Support for OAuth 2.0 Device Authorization Grant is now available.
Support for OpenID Connect Client Initiated Backchannel Authentication (CIBA) is now available.
Keycloak now supports communication with clients using SAML Artifact binding. A new
Force Artifact Binding option
was introduced in the client configuration, that forces communication with the client using artifact messages. For more
details proceed to Server Administration Guide. Please note, that with
this version, Keycloak SAML client adapter does NOT support Artifact binding.
Keycloak can now leverage PKCE when brokering to an external OpenID Connect IdP.
Thanks to thomasdarimont.
Default roles are now internally stored as composite roles of a new role usually named
default-roles-<realmName>. Instead of assigning
both realm and all client default roles directly to newly created users or users imported through Identity Brokering, just the role is
assigned to them and the rest of default roles are assigned as effective roles. This change improves performance of default roles processing,
especially with larger number of clients, because it is no longer necessary to go through all clients.
The full list of resolved issues are available in JIRA
Before you upgrade remember to backup your database and check the upgrade guide for anything that may have changed.