Update on deprecation of Keycloak adapters

March 29 2023 by Stian Thorgersen

In 2022 we announced the deprecation of deprecating Keycloak adapters, with a plan to stop delivering most adapters in Keycloak 19.

As we have not been able to make sufficient progress on finding alternatives and work on supporting material to help migrating away from Keycloak adapters we are extending the life of the Keycloak adapters.

The plan is still to eventually stop delivering bespoke Keycloak adapters in the future, but we will do this in a more gradual process than previous laid out.

We still strongly belive that the community as a whole are better served in the long run by us focusing more on the Keycloak server with full compliance and support for specifications such as OAuth 2.0 and OpenID Connect, and adding support for additional relevant extensions to the specifications.

We also believe by leaving the integration for various programming languages and frameworks to the relevant communities, the end result will be more extensive support, with more features and abilities, and last but not least better integrations and easy of use.

OAuth 2.0 and OpenID Connect adapters


For Java applications there is now more than ever wide-spread support for OpenID Connect, where some examples include:

  • Jakarta Security 3.0 - OpenID Connect support in Jakarta EE 10

  • Elytron OIDC - OpenID Connect support in WildFly

  • Quarkus OIDC - OpenID Connect support for Quarkus applications

  • Spring Security - OAuth and OpenID Connect support in Spring

  • Pac4j - The Java security framework to protect all your web applications and web services

Neither of these have support for Keycloak Authorization Services though, which is why we are planning to introduce a generic Java client libraries for Authorization Services that can be leveraged with other OpenID Connect client libraries. Expect this to be delivered in Keycloak 22.

The Keycloak Java adapters will remain for a while though, at least towards the end of the year, but likely not be removed until early 2024. At the same time don’t expect the adapters to be updated in terms of adding new features, enhancements, or supporting newer versions of Tomcat, Jetty, WildFly, or Spring.


We are still investigating alternatives for Node.js, so plan is available for those one just yet. Expect more information to come later in the year. Regardless of the alternative we will deliver support for Keycloak Authorization Services to Node.js.

The Keycloak Node.js adapter will remain, at least towards the end of the year, but likely not be removed until early 2024.

Client-side JavaScript

For now the Keycloak client-side JavaScript adapter remains, but we are looking into alternatives as well as the potential of completely overhauling our current adapter and continue maintaining and delivering this adapter.

SAML 2.0

We are planning to continue supporting SAML 2.0 for WildFly and JBoss EAP in the long run, but support for Tomcat and Jetty are likely to be removed relatively soon.