March 29 2023 by Stian Thorgersen
As we have not been able to make sufficient progress on finding alternatives and work on supporting material to help migrating away from Keycloak adapters we are extending the life of the Keycloak adapters.
The plan is still to eventually stop delivering bespoke Keycloak adapters in the future, but we will do this in a more gradual process than previous laid out.
We still strongly belive that the community as a whole are better served in the long run by us focusing more on the Keycloak server with full compliance and support for specifications such as OAuth 2.0 and OpenID Connect, and adding support for additional relevant extensions to the specifications.
We also believe by leaving the integration for various programming languages and frameworks to the relevant communities, the end result will be more extensive support, with more features and abilities, and last but not least better integrations and easy of use.
For Java applications there is now more than ever wide-spread support for OpenID Connect, where some examples include:
Jakarta Security 3.0 - OpenID Connect support in Jakarta EE 10
Elytron OIDC - OpenID Connect support in WildFly
Quarkus OIDC - OpenID Connect support for Quarkus applications
Spring Security - OAuth and OpenID Connect support in Spring
Pac4j - The Java security framework to protect all your web applications and web services
Neither of these have support for Keycloak Authorization Services though, which is why we are planning to introduce a generic Java client libraries for Authorization Services that can be leveraged with other OpenID Connect client libraries. Expect this to be delivered in Keycloak 22.
The Keycloak Java adapters will remain for a while though, at least towards the end of the year, but likely not be removed until early 2024. At the same time don’t expect the adapters to be updated in terms of adding new features, enhancements, or supporting newer versions of Tomcat, Jetty, WildFly, or Spring.
We are still investigating alternatives for Node.js, so plan is available for those one just yet. Expect more information to come later in the year. Regardless of the alternative we will deliver support for Keycloak Authorization Services to Node.js.
The Keycloak Node.js adapter will remain, at least towards the end of the year, but likely not be removed until early 2024.
We are planning to continue supporting SAML 2.0 for WildFly and JBoss EAP in the long run, but support for Tomcat and Jetty are likely to be removed relatively soon.