Upgrade to Pro — share decks privately, control downloads, hide ads and more …

How to benefit from the latest Keycloak features

How to benefit from the latest Keycloak features

Keycloak delivers multiple updates every year. To benefit from new features, and to stay up to date with the latest security fixes, you need to upgrade. At the same time an upgrade might bring breaking changes and can lead to downtimes. So how should you approach this?

In this talk you'll learn how to upgrade with confidence in a timely manner and with less effort.

After a short recap of the latest Keycloak features, this talk shows how to navigate the release schedule of Keycloak and explains how preview and deprecated features work. It also shows how to prepare for the next upgrade using the resources provided by the Keycloak project, and what additional measures you should take in your deployment and test pipelines to smoothen the upgrade process. Finally, it will detail how you provide feedback to the Keycloak project ahead of an upcoming release.

Alexander Schwartz

March 01, 2025
Tweet

More Decks by Alexander Schwartz

Other Decks in Technology

Transcript

  1. How to benefit from the latest Keycloak features Alexander Schwartz

    | Principal Software Engineer | Red Hat Keycloak DevDay | 2025-03-06
  2. Keycloak is an Open Source Identity and Access Management Solution

    🎂 Initial commit 2013-07-02 🏆 Cloud Native Computing Foundation Incubating project since April 2023 📜 Apache License, Version 2.0 ⭐ 26k GitHub stars
  3. How often does Keycloak release? • Features (every 3 months)

    • Patches (on average every two weeks)
  4. Keycloak release cadence • Major release (every 2-3 years), next

    one planned for March 31 2025 Can contain breaking changes, and can remove deprecated features. • Minor release (every 3 months) Breaking changes are opt-in • Patch releases Fixing errors and CVE • Container respin On demand to handle CVE fixes in the base image • Separated releases for client libraries https://www.keycloak.org/2024/10/release-updates Only available on the main line!
  5. Changes in latest minor releases KC 26.1: • New transport

    stack “jdbc-ping”, all other transport stacks except “kubernetes” are now deprecated. KC 26.2 (planned): • First iteration on rolling updates for Operator image changes as a preview feature
  6. • Reproduce with the latest Keycloak release • Provide steps

    and details of the deployment (compose file?) The Keycloak team monitors this and tracks the SLOs Reporting
  7. • Provide a pull request, or help testing the pull

    request or the latest nightly release • Install the latest patch release in your production environment (or get a subscription) Getting it fixed
  8. Functional Tests Implement one of the following: • Deploy Keycloak

    to a test environment and run integration tests. • Use Testcontainers to set up a minimal environment and implement smoke tests. • … Then: 1. Run it against Keycloak’s nightly build (or release branches). 2. Analyze failures and update your deployment or report bugs.
  9. If you are running Keycloak in a non-standard way In

    addition to the previous slide: Contribute documentation and tests to the main Keycloak project (or pay someone to do it).
  10. Making upgrades smoother • Persistent User sessions enabled by default

    (26.0) ➡ Users are still logged in after upgrades • Protostream serialization for all internal commands and cache entries (26.0) ➡ Preparation for a future rolling upgrades • Upgrade compatibility command (26.2, t.b.c) ➡ New CLI command to test if two images support rolling upgrades (starting with comparing if Keycloak version is equal)
  11. Tracking translation changes ahead of a release • Notifications on

    updated or added keys. • Continuous translation by volunteers and language maintainers.
  12. • Keycloak https://www.keycloak.org/ • Keycloak Nightly Release https://www.keycloak.org/nightly/ • Keycloak

    Upgrade Compatibility https://www.keycloak.org/nightly/server/update-compatibility • Grafana Dashboards, Metrics and Service Level Indicators https://www.keycloak.org/nightly/observability/grafana-dashboards • Keycloak Hour of Code https://www.meetup.com/keycloak-hour-of-code/ Links