How to benefit from the latest Keycloak features

Transcript

1. How to benefit from the latest Keycloak features Alexander Schwartz

   | Principal Software Engineer | Red Hat Keycloak DevDay | 2025-03-06

2. Keycloak is an Open Source Identity and Access Management Solution

   🎂 Initial commit 2013-07-02 🏆 Cloud Native Computing Foundation Incubating project since April 2023 📜 Apache License, Version 2.0 ⭐ 26k GitHub stars

3. The best way to benefit from the latest Keycloak features

   … … is upgrading! and bugfixes

4. How often does Keycloak release? • Features (every 3 months)

   • Patches (on average every two weeks)

5. Keycloak release cadence • Major release (every 2-3 years), next

   one planned for March 31 2025 Can contain breaking changes, and can remove deprecated features. • Minor release (every 3 months) Breaking changes are opt-in • Patch releases Fixing errors and CVE • Container respin On demand to handle CVE fixes in the base image • Separated releases for client libraries https://www.keycloak.org/2024/10/release-updates Only available on the main line!

6. Changes in latest minor releases KC 26.1: • New transport

   stack “jdbc-ping”, all other transport stacks except “kubernetes” are now deprecated. KC 26.2 (planned): • First iteration on rolling updates for Operator image changes as a preview feature

7. Milestones and epics

8. Reporting bugs 🐛 and getting them fixed 🦋

9. • Reproduce with the latest Keycloak release • Provide steps

   and details of the deployment (compose file?) The Keycloak team monitors this and tracks the SLOs Reporting

10. • Provide a pull request, or help testing the pull

    request or the latest nightly release • Install the latest patch release in your production environment (or get a subscription) Getting it fixed

11. Preparing for an upgrade … via Tests! ✅

12. Functional Tests Implement one of the following: • Deploy Keycloak

    to a test environment and run integration tests. • Use Testcontainers to set up a minimal environment and implement smoke tests. • … Then: 1. Run it against Keycloak’s nightly build (or release branches). 2. Analyze failures and update your deployment or report bugs.

13. If you are running Keycloak in a non-standard way In

    addition to the previous slide: Contribute documentation and tests to the main Keycloak project (or pay someone to do it).

14. Making upgrades smoother • Persistent User sessions enabled by default

    (26.0) ➡ Users are still logged in after upgrades • Protostream serialization for all internal commands and cache entries (26.0) ➡ Preparation for a future rolling upgrades • Upgrade compatibility command (26.2, t.b.c) ➡ New CLI command to test if two images support rolling upgrades (starting with comparing if Keycloak version is equal)

15. Tracking translation changes ahead of a release • Notifications on

    updated or added keys. • Continuous translation by volunteers and language maintainers.

16. • Keycloak https://www.keycloak.org/ • Keycloak Nightly Release https://www.keycloak.org/nightly/ • Keycloak

    Upgrade Compatibility https://www.keycloak.org/nightly/server/update-compatibility • Grafana Dashboards, Metrics and Service Level Indicators https://www.keycloak.org/nightly/observability/grafana-dashboards • Keycloak Hour of Code https://www.meetup.com/keycloak-hour-of-code/ Links

17. Contact Alexander Schwartz Principal Software Engineer [email protected] https://www.ahus1.de @ahus1.de @[email protected]