How to benefit from the latest Keycloak features Alexander Schwartz | Principal Software Engineer | Red Hat Keycloak DevDay | Darmstadt (DE) | 2025-03-06

Keycloak is an Open Source Identity and Access Management Solution 🎂 Initial commit 2013-07-02 🏆 Cloud Native Computing Foundation Incubating project since April 2023 📜 Apache License, Version 2.0 ⭐ 26k GitHub stars

The best way to benefit from the latest Keycloak features …

The best way to benefit from the latest Keycloak features … … is upgrading! and bugfixes

How often does Keycloak release? ● Features (every 3 months) ● Patches (on average every two weeks)

Keycloak release cadence ● Major release (every 2-3 years), next one planned for March 31 2026 Can contain breaking changes, and can remove deprecated features. ● Minor release (every 3 months) Breaking changes are opt-in ● Patch releases Fixing errors and CVE ● Container respin On demand to handle CVE fixes in the base image ● Separated releases for client libraries https://www.keycloak.org/2024/10/release-updates Only available on the main line!

Changes in latest minor releases KC 26.1: ● New transport stack “jdbc-ping”, all other transport stacks except “kubernetes” are now deprecated.

Changes in latest minor releases KC 26.1: ● New transport stack “jdbc-ping”, all other transport stacks except “kubernetes” are now deprecated. KC 26.2 (planned): ● First iteration on rolling updates for Operator image changes as a preview feature, but not automatically enabled while in preview.

Milestones and epics

Reporting bugs 🐛

Reporting bugs 🐛 and getting them fixed 🦋

● Reproduce with the latest Keycloak release ● Provide steps and details of the deployment (compose file?) The Keycloak team monitors this and tracks the SLOs Reporting

● Provide a pull request, or help testing the pull request or the latest nightly release. ● Once it is released: Install the latest patch release in your production environment. Getting it fixed

Preparing for an upgrade … via Tests! ✅

Functional Tests Implement one of the following: ● Deploy Keycloak to a test environment and run integration tests. ● Use Testcontainers to set up a minimal environment and implement smoke tests. ● … Then: 1. Run it against Keycloak’s nightly build (or release branches). 2. Analyze failures and update your deployment or report bugs.

If you are running Keycloak in a non-standard way In addition to the previous slide: Contribute documentation and tests to the main Keycloak project (or pay someone to do it).

Run Load Tests The Keycloak Benchmark Projekt provides ● Dataset Generation (Realms, Users, Groups, etc.) ● Load Drivers based on Gatling https://github.com/keycloak/keycloak-benchmark

Making upgrades smoother ● Persistent User sessions enabled by default (26.0) ➡ Users are still logged in after upgrades ● Protostream serialization for all internal commands and cache entries (26.0) ➡ Preparation for a future rolling upgrades ● Upgrade compatibility command (26.2, t.b.c) ➡ New CLI command to test if two images support rolling upgrades (starting with comparing if Keycloak version is equal)

Tracking translation changes ahead of a release ● Notifications on updated or added keys. ● Continuous translation by volunteers and language maintainers.

Summary

The best way to benefit from the latest Keycloak features and fixes…

The best way to benefit from the latest Keycloak features and fixes… … is automated testing, regular upgrading, and contributing!

One more thing …

2025 is a great time 󰭈 to start hosting your SSO/IAM/IdP.

2025 is a great time 󰭈 to start hosting your SSO/IAM/IdP. Join forces to bring Keycloak to the masses 📣 !

In 2025, let’s make Keycloak even more ✨ appealing to new and existing users, 💡 simple to get started with, 󰠼 safe to run, scale and extend, and 📊 efficient to host and maintain.

● Keycloak https://www.keycloak.org/ ● Keycloak Nightly Release https://www.keycloak.org/nightly/ ● Keycloak Testcontainers https://testcontainers.com/modules/keycloak/ ● Realm Configuration Management https://www.keycloak.org/2024/09/realm-config-management-tools-survey-results ● Keycloak Upgrade Compatibility https://www.keycloak.org/nightly/server/update-compatibility ● Grafana Dashboards, Metrics and Service Level Indicators https://www.keycloak.org/nightly/observability/grafana-dashboards ● Keycloak Hour of Code https://www.meetup.com/keycloak-hour-of-code/ Links Slides:

Contact Alexander Schwartz Principal Software Engineer aschwart@redhat.com https://www.ahus1.de @ahus1.de @ahus1@fosstodon.org