Upgrade to Pro — share decks privately, control downloads, hide ads and more …

How to benefit from the latest Keycloak features

Alexander Schwartz
March 05, 2025
Technology
0
42

How to benefit from the latest Keycloak features

Keycloak delivers multiple updates every year. To benefit from new features, and to stay up to date with the latest security fixes, you need to upgrade. At the same time an upgrade might bring breaking changes and can lead to downtimes. So how should you approach this?

In this talk you'll learn how to upgrade with confidence in a timely manner and with less effort.

After a short recap of the latest Keycloak features, this talk shows how to navigate the release schedule of Keycloak and explains how preview and deprecated features work. It also shows how to prepare for the next upgrade using the resources provided by the Keycloak project, and what additional measures you should take in your deployment and test pipelines to smoothen the upgrade process. Finally, it will detail how you provide feedback to the Keycloak project ahead of an upcoming release.

Alexander Schwartz

March 05, 2025
Tweet

More Decks by Alexander Schwartz

See All by Alexander Schwartz
Delegating the chores of authenticating users
ahus1
0
37
Evolving real-world AsciiDoc into a specification and how it will help the ecosystem
ahus1
1
100
Using DPoP to use access tokens securely in your Single Page Applications
ahus1
0
72
Online-Dokumentation, die hilft: Strukturen, Prozesse, Tools
ahus1
0
130
What’s new in Keycloak, the open source IAM?
ahus1
1
230
Running a highly available Identity and Access Management with Keycloak
ahus1
0
130
Automatisiere deine Prozesse mit GitHub Actions!
ahus1
0
360
Highly available Identity and Access Management with multi-site Keycloak deployments in the cloud
ahus1
0
9.2k
Documentation for users with AsciiDoc and Antora
ahus1
0
550

Other Decks in Technology

See All in Technology
OPENLOGI Company Profile
hr01
0
60k
データエンジニアリング領域におけるDuckDBのユースケース
chanyou0311
9
2.5k
エンジニアリング価値を黒字化する バリューベース戦略を用いた 技術戦略策定の道のり
kzkmaeda
7
3.2k
MIMEと文字コードの闇
hirachan
2
1.4k
エンジニア主導の企画立案を可能にする組織とは?
recruitengineers
PRO
1
270
事業を差別化する技術を生み出す技術
pyama86
2
430
2025/3/1 公共交通オープンデータデイ2025
morohoshi
0
100
What's new in Go 1.24?
ciarana
1
110
"TEAM"を導入したら最高のエンジニア"Team"を実現できた / Deploying "TEAM" and Building the Best Engineering "Team"
yuj1osm
1
230
ExaDB-XSで利用されている Exadata Exascaleについて
oracle4engineer
PRO
3
280
生成AI×財務経理:PoCで挑むSlack AI Bot開発と現場巻き込みのリアル
pohdccoe
1
780
Amazon Athenaから利用時のGlueのIcebergテーブルのメンテナンスについて
nayuts
0
100

Featured

See All Featured
Practical Orchestrator
shlominoach
186
10k
Save Time (by Creating Custom Rails Generators)
garrettdimon
PRO
29
1k
What's in a price? How to price your products and services
michaelherold
244
12k
Building a Scalable Design System with Sketch
lauravandoore
461
33k
BBQ
matthewcrist
87
9.5k
Bootstrapping a Software Product
garrettdimon
PRO
307
110k
Build The Right Thing And Hit Your Dates
maggiecrowley
34
2.5k
Why Our Code Smells
bkeepers
PRO
336
57k
The World Runs on Bad Software
bkeepers
PRO
67
11k
個人開発の失敗を避けるイケてる考え方 / tips for indie hackers
panda_program
100
18k
[Rails World 2023 - Day 1 Closing Keynote] - The Magic of Rails
eileencodes
33
2.1k
Templates, Plugins, & Blocks: Oh My! Creating the theme that thinks of everything
marktimemedia
30
2.2k

Transcript

  1. How to benefit from the latest Keycloak features Alexander Schwartz

    | Principal Software Engineer | Red Hat Keycloak DevDay | Darmstadt (DE) | 2025-03-06

  2. Keycloak is an Open Source Identity and Access Management Solution

    🎂 Initial commit 2013-07-02 🏆 Cloud Native Computing Foundation Incubating project since April 2023 📜 Apache License, Version 2.0 ⭐ 26k GitHub stars

  3. The best way to benefit from the latest Keycloak features

  4. The best way to benefit from the latest Keycloak features

    … … is upgrading! and bugfixes

  5. How often does Keycloak release? • Features (every 3 months)

    • Patches (on average every two weeks)

  6. Keycloak release cadence • Major release (every 2-3 years), next

    one planned for March 31 2026 Can contain breaking changes, and can remove deprecated features. • Minor release (every 3 months) Breaking changes are opt-in • Patch releases Fixing errors and CVE • Container respin On demand to handle CVE fixes in the base image • Separated releases for client libraries https://www.keycloak.org/2024/10/release-updates Only available on the main line!

  7. Changes in latest minor releases KC 26.1: • New transport

    stack “jdbc-ping”, all other transport stacks except “kubernetes” are now deprecated.

  8. Changes in latest minor releases KC 26.1: • New transport

    stack “jdbc-ping”, all other transport stacks except “kubernetes” are now deprecated. KC 26.2 (planned): • First iteration on rolling updates for Operator image changes as a preview feature, but not automatically enabled while in preview.

  9. Milestones and epics

  10. Reporting bugs 🐛

  11. Reporting bugs 🐛 and getting them fixed 🦋

  12. • Reproduce with the latest Keycloak release • Provide steps

    and details of the deployment (compose file?) The Keycloak team monitors this and tracks the SLOs Reporting

  13. • Provide a pull request, or help testing the pull

    request or the latest nightly release. • Once it is released: Install the latest patch release in your production environment. Getting it fixed

  14. Preparing for an upgrade … via Tests! ✅

  15. Functional Tests Implement one of the following: • Deploy Keycloak

    to a test environment and run integration tests. • Use Testcontainers to set up a minimal environment and implement smoke tests. • … Then: 1. Run it against Keycloak’s nightly build (or release branches). 2. Analyze failures and update your deployment or report bugs.

  16. If you are running Keycloak in a non-standard way In

    addition to the previous slide: Contribute documentation and tests to the main Keycloak project (or pay someone to do it).

  17. Run Load Tests The Keycloak Benchmark Projekt provides • Dataset

    Generation (Realms, Users, Groups, etc.) • Load Drivers based on Gatling https://github.com/keycloak/keycloak-benchmark

  18. Making upgrades smoother • Persistent User sessions enabled by default

    (26.0) ➡ Users are still logged in after upgrades • Protostream serialization for all internal commands and cache entries (26.0) ➡ Preparation for a future rolling upgrades • Upgrade compatibility command (26.2, t.b.c) ➡ New CLI command to test if two images support rolling upgrades (starting with comparing if Keycloak version is equal)

  19. Tracking translation changes ahead of a release • Notifications on

    updated or added keys. • Continuous translation by volunteers and language maintainers.

  20. Summary

  21. The best way to benefit from the latest Keycloak features

    and fixes…

  22. The best way to benefit from the latest Keycloak features

    and fixes… … is automated testing, regular upgrading, and contributing!

  23. One more thing …

  24. 2025 is a great time 󰭈 to start hosting your

    SSO/IAM/IdP.

  25. 2025 is a great time 󰭈 to start hosting your

    SSO/IAM/IdP. Join forces to bring Keycloak to the masses 📣 !

  26. In 2025, let’s make Keycloak even more ✨ appealing to

    new and existing users, 💡 simple to get started with, 󰠼 safe to run, scale and extend, and 📊 efficient to host and maintain.

  27. • Keycloak https://www.keycloak.org/ • Keycloak Nightly Release https://www.keycloak.org/nightly/ • Keycloak

    Testcontainers https://testcontainers.com/modules/keycloak/ • Realm Configuration Management https://www.keycloak.org/2024/09/realm-config-management-tools-survey-results • Keycloak Upgrade Compatibility https://www.keycloak.org/nightly/server/update-compatibility • Grafana Dashboards, Metrics and Service Level Indicators https://www.keycloak.org/nightly/observability/grafana-dashboards • Keycloak Hour of Code https://www.meetup.com/keycloak-hour-of-code/ Links Slides:

  28. Contact Alexander Schwartz Principal Software Engineer aschwart@redhat.com https://www.ahus1.de @ahus1.de @ahus1@fosstodon.org