Red Hat

Keycloak 6.0.0 released

Wednesday, April 17 2019

To download the release go to Keycloak downloads.

For details on what is included in the release check out the Release notes. The full list of resolved issues are available in JIRA

Before you upgrade remember to backup your database and check the upgrade guide for anything that may have changed.

Keycloak Community Newsletter #1

Monday, April 01 2019, posted by S├ębastien Blanc

This is the very first "Keycloak Community Newsletter." The goal of this newsletter is to share news about the Keycloak project.

News from the community

Since the beginning of the year, the community has been really active. Each week several blog posts about Keycloak are published. Here is a short selection.

Let's start with Philip Riecks who explains in this article how you can use Microprofile JWT Authentication with Keycloak and React.

Ramandeep Singh has been blogging about Keycloak and NodeJS.

Joshua Alfred Erney explains in this blog series how to integrate Keycloak and Kong, a popular API management platform.

With Mohamed Aboullaite's blog post, you will learn how to secure your Kibana dashboards using Keycloak.

Finally in this three-part article, the process of installing Keycloak on Kubernetes will become very clear.

News from the project

Keycloak 5.0.0 has been released and 6.0.0 is around the corner.

From now on, new larger Keycloak's features will be openly discussed. For each new feature, a design document will be created and pushed to our Github repository as a simple MarkDown file. This strategy makes it easy for everyone to comment as well as contribute to the designs by opening Github issues and providing pull requests. We have already three documents open for discussion:

News from the Identity Management World

The big announcement, two weeks ago, was that WebAuthn became an official W3C Standard. This event is a milestone in the world of authentication and Identity Management. The goal of WebAuthn, according to Wikipedia is to: standardize an interface for public-key authentication of users to web-based applications and services. The Keycloak community is naturally really interested in this new standard. A design document is available and the community has even started to work on a prototype.

Conferences / Webinars

In March, the Javaland conference was held in Germany. The conference had two talks about Keycloak. S├ębastien blanc gave a talk about Securing your Microservices with Keycloak. A Github repository contains the demo. Thomas Darimont also gave an introductory talk in German about Keycloak.

In April, at Devoxx France, Guillaume Gillon will talk in French about how to combine Keycloak and

Contributing to Keycloak

We always welcome contributions to Keycloak. If you would like to contribute and have a great idea, tell us about it on the developer mailing list. If you are unsure about what to work on, let us know and we can help!

As a first time contributor, you may have a simpler idea to start, such as contributing a bug fix. This type of contribution will allow you to get to know the code base, the test suite, and the mechanics of creating a pull request. You can find a list of open bugs here


We also have a list of open issues that are awaiting contributions. Not all issues are properly reviewed, so we recommend that you start by sending an email to the developer mailing list before you begin.

For each newsletter, we will also highlight a few features for which we would especially like contributions. These features include:

W3C Web Authentication (WebAuthn)

Wednesday, March 06 2019, posted by Stian Thorgersen

W3C Web Authentication (WebAuthn) was recently made an official web standard. This is a great step towards making a safer and simpler authentication experience for users.

Where traditional authentication, such as password and OTP, rely on having shared secrets between the user and the web application, this is not the case with WebAuthn. WebAuthn uses public key-based credentials resulting in the web application not having access to the users secrets anymore. The keys are also unique per web application which eliminates the risk of phishing attacks.

WebAuthn provides a standard protocol for web applications to authenticate via a number of devices through a relatively simple challenge/response. All major browser vendors now have support for WebAuthn and FIDO2, where FIDO2 is the specification that enables the browser to communicate with different hardware devices.

WebAuthn can be used both as a two factor mechanism as well as enable passwordless authentication. There are already an healthy amount of devices that can be used together with WebAuthn. There are a number of security keys like YubiKey, ThinC and Titan. A lot of new laptops also come with built-in fingerprint scanners, and it Android also recently made it possible to use the fingerprint scanners on Android 7+ devices with WebAuthn.

We are of course planning on bringing WebAuthn support to Keycloak in the near future. The team behind webauthn4j has been hard at work greating a quality Java library for WebAuthn and will hopefully soon have an extension to Keycloak ready.

We will first focus on two-factor authentication with WebAuth and as part of this we will bring a number of improvements to Keycloak around two-factor authentication. For more details check the design document.

Later, we will also bring the passwordless experience to Keycloak. This will also introduce Keycloak to the identity first login flows. By asking for the users identity first Keycloak can provide smarter decisions on how to authenticate a user based on the users preferences. For example requesting the user to press the button on their security key instead of asking for a password.


Keycloak on Kubernetes

Wednesday, June 27 2018, posted by Stian Thorgersen

If you'd like to get started with using Keycloak on Kubernetes check out this screencast. If you'd rather try it out yourself check out this GitHub repository that contains the instructions as well as all the bits you'll need to reproduce what is shown in the screencast.

Keycloak Cordova Browser Tabs support

Thursday, June 21 2018, posted by Stian Thorgersen

Thanks to gtudan we finally have support for browser tabs for Cordova in our JavaScript adapter. This enables using a system browser tab to do the login flows to Keycloak, which brings better security and also single sign-on and single sign-out to mobile applications secured with Keycloak.

This will be included in Keycloak 4.1.0.Final which will be released soon. In the meantime check this screen-cast to see this in action!

For older entries go here.