Slide 1

Slide 1 text

How to benefit from the latest Keycloak features Alexander Schwartz | Principal Software Engineer | Red Hat Keycloak DevDay | Darmstadt (DE) | 2025-03-06

Slide 2

Slide 2 text

Keycloak is an Open Source Identity and Access Management Solution 🎂 Initial commit 2013-07-02 🏆 Cloud Native Computing Foundation Incubating project since April 2023 📜 Apache License, Version 2.0 ⭐ 26k GitHub stars

Slide 3

Slide 3 text

The best way to benefit from the latest Keycloak features …

Slide 4

Slide 4 text

The best way to benefit from the latest Keycloak features … … is upgrading! and bugfixes

Slide 5

Slide 5 text

How often does Keycloak release? ● Features (every 3 months) ● Patches (on average every two weeks)

Slide 6

Slide 6 text

Keycloak release cadence ● Major release (every 2-3 years), next one planned for March 31 2026 Can contain breaking changes, and can remove deprecated features. ● Minor release (every 3 months) Breaking changes are opt-in ● Patch releases Fixing errors and CVE ● Container respin On demand to handle CVE fixes in the base image ● Separated releases for client libraries https://www.keycloak.org/2024/10/release-updates Only available on the main line!

Slide 7

Slide 7 text

Changes in latest minor releases KC 26.1: ● New transport stack “jdbc-ping”, all other transport stacks except “kubernetes” are now deprecated.

Slide 8

Slide 8 text

Changes in latest minor releases KC 26.1: ● New transport stack “jdbc-ping”, all other transport stacks except “kubernetes” are now deprecated. KC 26.2 (planned): ● First iteration on rolling updates for Operator image changes as a preview feature, but not automatically enabled while in preview.

Slide 9

Slide 9 text

Milestones and epics

Slide 10

Slide 10 text

Reporting bugs 🐛

Slide 11

Slide 11 text

Reporting bugs 🐛 and getting them fixed 🦋

Slide 12

Slide 12 text

● Reproduce with the latest Keycloak release ● Provide steps and details of the deployment (compose file?) The Keycloak team monitors this and tracks the SLOs Reporting

Slide 13

Slide 13 text

● Provide a pull request, or help testing the pull request or the latest nightly release. ● Once it is released: Install the latest patch release in your production environment. Getting it fixed

Slide 14

Slide 14 text

Preparing for an upgrade … via Tests! ✅

Slide 15

Slide 15 text

Functional Tests Implement one of the following: ● Deploy Keycloak to a test environment and run integration tests. ● Use Testcontainers to set up a minimal environment and implement smoke tests. ● … Then: 1. Run it against Keycloak’s nightly build (or release branches). 2. Analyze failures and update your deployment or report bugs.

Slide 16

Slide 16 text

If you are running Keycloak in a non-standard way In addition to the previous slide: Contribute documentation and tests to the main Keycloak project (or pay someone to do it).

Slide 17

Slide 17 text

Run Load Tests The Keycloak Benchmark Projekt provides ● Dataset Generation (Realms, Users, Groups, etc.) ● Load Drivers based on Gatling https://github.com/keycloak/keycloak-benchmark

Slide 18

Slide 18 text

Making upgrades smoother ● Persistent User sessions enabled by default (26.0) ➡ Users are still logged in after upgrades ● Protostream serialization for all internal commands and cache entries (26.0) ➡ Preparation for a future rolling upgrades ● Upgrade compatibility command (26.2, t.b.c) ➡ New CLI command to test if two images support rolling upgrades (starting with comparing if Keycloak version is equal)

Slide 19

Slide 19 text

Tracking translation changes ahead of a release ● Notifications on updated or added keys. ● Continuous translation by volunteers and language maintainers.

Slide 20

Slide 20 text

Summary

Slide 21

Slide 21 text

The best way to benefit from the latest Keycloak features and fixes…

Slide 22

Slide 22 text

The best way to benefit from the latest Keycloak features and fixes… … is automated testing, regular upgrading, and contributing!

Slide 23

Slide 23 text

One more thing …

Slide 24

Slide 24 text

2025 is a great time 󰭈 to start hosting your SSO/IAM/IdP.

Slide 25

Slide 25 text

2025 is a great time 󰭈 to start hosting your SSO/IAM/IdP. Join forces to bring Keycloak to the masses 📣 !

Slide 26

Slide 26 text

In 2025, let’s make Keycloak even more ✨ appealing to new and existing users, 💡 simple to get started with, 󰠼 safe to run, scale and extend, and 📊 efficient to host and maintain.

Slide 27

Slide 27 text

● Keycloak https://www.keycloak.org/ ● Keycloak Nightly Release https://www.keycloak.org/nightly/ ● Keycloak Testcontainers https://testcontainers.com/modules/keycloak/ ● Realm Configuration Management https://www.keycloak.org/2024/09/realm-config-management-tools-survey-results ● Keycloak Upgrade Compatibility https://www.keycloak.org/nightly/server/update-compatibility ● Grafana Dashboards, Metrics and Service Level Indicators https://www.keycloak.org/nightly/observability/grafana-dashboards ● Keycloak Hour of Code https://www.meetup.com/keycloak-hour-of-code/ Links Slides:

Slide 28

Slide 28 text

Contact Alexander Schwartz Principal Software Engineer [email protected] https://www.ahus1.de @ahus1.de @[email protected]