Keycloak release notes

Is Keycloak production ready?

Run Keycloak in Development Mode

In development mode, Keycloak is using unsecured HTTP mode and stores data into an H2 database (not production-ready).

What is the latest version of Keycloak?

Downloads 20.0.3

For a list of community maintained extensions check out the Extensions page.

What is the concept of Keycloak?

Keycloak is an open source identity and access management solution which mainly aims at applications and services. Users can authenticate with Keycloak rather than individual applications. So, the applications don't have to deal with login forms, authenticating users and storing users.

Is Keycloak outdated?

Default distribution is now powered by Quarkus

The WildFly distribution of Keycloak is now deprecated, with support ending June 2022. We recommend migrating to the Quarkus distribution as soon as possible.

Is Keycloak affected by Log4j?

A: No, Keycloak is not affected by CVE-2021-44228, or the related CVE-2021-4104 in Log4j 1.

Is Keycloak an LDAP?

Keycloak does have an builtin ldap-provider that you can use to get users from an external ldap server so that these users can user OIDC or SDAML. But keykloak does not provide any builtin ldap server, so you can not connect via ldap to keycloak.

What is alternative of Keycloak?

We have compiled a list of solutions that reviewers voted as the best overall alternatives and competitors to Keycloak, including Okta, OneLogin, Microsoft Azure Active Directory, and Auth0.

Is Keycloak like Okta?

So Okta provides the same features as Keycloak and the only difference is that Okta is a paid enterprise solution and Keyclock is a open-source solution? Yes. But you can also sign up for an Okta developer account and get 1000 MAU (monthly active users) for free!

Does Keycloak use JWT?

This demonstrates how to generate JWT token using Keycloak. This can be used to authenticate the API user as well as to enable OAuth 2.0 authorization for all OAuth protected APIs using OpenID Connect in the Storefront application. This can be used as an alternative to the Auth microservice.

Is Keycloak a Microservice?

Understanding Keycloak users, clients, services, and realms

This is the standard three-step OAuth 2 authentication scheme. As the user, you are the resource owner, the client application is the web portal, the authorization service is Keycloak, and the resource server is a set of microservices.

Is Keycloak scalable?

- External Infinispan cache: Infinispan cache has been externalized, three node cluster is deployed separately from keycloak servers, hence any release in keycloak will not impact existing user sessions. - Scaling: Both horizontal and vertical scaling is possible whenever scaling is needed on infinispan.

What problem does Keycloak solve?

Keycloak is an open-source Identity and Access Management (IAM) tool. Being an Identity and Access Management (IAM) tool, it streamlines the authentication process for applications and IT services. The purpose of an IAM tool is to ensure that the right people in a company have appropriate access to resources.

Is a Keycloak a SAML?

Basic Keycloak operations

Keycloak uses open protocol standards like OpenID Connect or SAML 2.0 to secure your applications.

What are the vulnerabilities of Keycloak?

A flaw was found in Keycloak, where it does not properly validate URLs included in a redirect. An attacker can use this flaw to construct a malicious request to bypass validation and access other URLs and potentially sensitive information within the domain or possibly conduct further attacks.

How many companies use Keycloak?

Who uses Keycloak? 123 companies reportedly use Keycloak in their tech stacks, including deleokorea, Gympass, and Backbase.

Is Keycloak Red Hat?

Keycloak is the open source “Identity and Access Management” (IAM) tool with an Apache License 2.0. It is a project for Red Hat SSO also.

Does Redhat own Keycloak?

Keycloak is the upstream open source community project for Red Hat Single Sign-On (RH-SSO). RH-SSO is a core service that is part of a number of products such as Red Hat JBoss Enterprise Application Platform.

Is Keycloak worth using?

Keycloak can be very useful when your client has some existing user database like LDAP or Active Directory because it has a built-in mechanism for synchronization with such identity providers.

Is Keycloak any good?

Keycloak is a powerful and reliable tool for security implementations.

When should I use Keycloak?

If you are looking for something more enterprise-centered, you can opt for this. With Keycloak, you can secure services with a minimum of time and add authentication to applications. Using Keycloak's admin console, companies can log in with social networks very quickly. There is no code or application change.