How to benefit from the latest Keycloak features
Alexander Schwartz | Principal Software Engineer | Red Hat
Keycloak DevDay | Darmstadt (DE) | 2025-03-06
Slide 2
Slide 2 text
Keycloak is an Open Source
Identity and Access Management Solution
🎂 Initial commit 2013-07-02
🏆 Cloud Native Computing Foundation
Incubating project since April 2023
📜 Apache License, Version 2.0
⭐ 26k GitHub stars
Slide 3
Slide 3 text
The best way to benefit
from the latest Keycloak features …
Slide 4
Slide 4 text
The best way to benefit
from the latest Keycloak features …
… is upgrading!
and
bugfixes
Slide 5
Slide 5 text
How often does Keycloak release?
● Features (every 3 months)
● Patches (on average every two weeks)
Slide 6
Slide 6 text
Keycloak release cadence
● Major release (every 2-3 years), next one planned for March 31 2026
Can contain breaking changes, and can remove deprecated features.
● Minor release (every 3 months)
Breaking changes are opt-in
● Patch releases
Fixing errors and CVE
● Container respin
On demand to handle CVE fixes in the base image
● Separated releases for client libraries
https://www.keycloak.org/2024/10/release-updates
Only
available
on the
main line!
Slide 7
Slide 7 text
Changes in latest minor releases
KC 26.1:
● New transport stack “jdbc-ping”, all other transport stacks except “kubernetes”
are now deprecated.
Slide 8
Slide 8 text
Changes in latest minor releases
KC 26.1:
● New transport stack “jdbc-ping”, all other transport stacks except “kubernetes”
are now deprecated.
KC 26.2 (planned):
● First iteration on rolling updates for Operator image changes as a preview
feature, but not automatically enabled while in preview.
Slide 9
Slide 9 text
Milestones and epics
Slide 10
Slide 10 text
Reporting bugs
🐛
Slide 11
Slide 11 text
Reporting bugs
🐛
and getting them fixed
🦋
Slide 12
Slide 12 text
● Reproduce with the latest Keycloak release
● Provide steps and details of the deployment (compose file?)
The Keycloak team monitors this and tracks the SLOs
Reporting
Slide 13
Slide 13 text
● Provide a pull request, or help testing the pull request
or the latest nightly release.
● Once it is released: Install the latest patch release in your production
environment.
Getting it fixed
Slide 14
Slide 14 text
Preparing for an upgrade …
via Tests! ✅
Slide 15
Slide 15 text
Functional Tests
Implement one of the following:
● Deploy Keycloak to a test environment and run integration tests.
● Use Testcontainers to set up a minimal environment and implement smoke
tests.
● …
Then:
1. Run it against Keycloak’s nightly build (or release branches).
2. Analyze failures and update your deployment or report bugs.
Slide 16
Slide 16 text
If you are running Keycloak in a non-standard way
In addition to the previous slide:
Contribute documentation and tests to the main Keycloak project
(or pay someone to do it).
Slide 17
Slide 17 text
Run Load Tests
The Keycloak Benchmark Projekt provides
● Dataset Generation (Realms, Users, Groups, etc.)
● Load Drivers based on Gatling
https://github.com/keycloak/keycloak-benchmark
Slide 18
Slide 18 text
Making upgrades smoother
● Persistent User sessions enabled by default (26.0)
➡ Users are still logged in after upgrades
● Protostream serialization for all internal commands and cache entries (26.0)
➡ Preparation for a future rolling upgrades
● Upgrade compatibility command (26.2, t.b.c)
➡ New CLI command to test if two images support rolling upgrades
(starting with comparing if Keycloak version is equal)
Slide 19
Slide 19 text
Tracking translation changes ahead of a release
● Notifications on updated or added keys.
● Continuous translation by volunteers and language maintainers.
Slide 20
Slide 20 text
Summary
Slide 21
Slide 21 text
The best way to benefit
from the latest Keycloak features and fixes…
Slide 22
Slide 22 text
The best way to benefit
from the latest Keycloak features and fixes…
… is automated testing,
regular upgrading, and contributing!
Slide 23
Slide 23 text
One more thing …
Slide 24
Slide 24 text
2025 is a great time
to start hosting your SSO/IAM/IdP.
Slide 25
Slide 25 text
2025 is a great time
to start hosting your SSO/IAM/IdP.
Join forces to bring
Keycloak to the masses
📣 !
Slide 26
Slide 26 text
In 2025, let’s make Keycloak even more
✨ appealing to new and existing users,
💡 simple to get started with,
safe to run, scale and extend, and
📊 efficient to host and maintain.