Keycloak 22.0.2 released
September 11 2023
This post is more than one year old. The contents within the blog is likely to be out of date.
To download the release go to Keycloak downloads.
Release notes
Improvements in LDAP and Kerberos integration
Keycloak now supports multiple LDAP providers in a realm, which support Kerberos integration with the same Kerberos realm. When an LDAP provider is not able to find the user which was authenticated through
Kerberos/SPNEGO, Keycloak ties to fallback to the next LDAP provider. Keycloak has also better support for the case when single LDAP provider supports multiple Kerberos realms, which are in trust with each other.
Upgrading
Before upgrading refer to the migration guide for a complete list of changes.
All resolved issues
Enhancements
- #9422 Support kerberos realm filter on LDAP provider keycloak ldap
- #10232 Kill sessions after a password reset or MFA modification keycloak authentication
- #14665 map a kerberos provider to one or more ldap provider stores keycloak ldap
- #20931 Improvements on Documentation/Guides for "Hostname/Proxy/Admin Console" Settings keycloak
- #21564 Upgrade to Infinispan 14.0.13.Final keycloak
- #22452 Ask admins to install the Oracle Database driver separately keycloak
- #22500 Correct Getting Started guide keycloak
- #22745 Upgrade to Quarkus 3.2.5.Final keycloak dist/quarkus
- #22762 Provide support for determining community/product guides keycloak docs
- #22793 Remove log-level property for `ClassTransformingBuildStep` in Quarkus keycloak dist/quarkus
- #22795 Error message when JDBC driver is missing is not helpful keycloak
- #22800 Blank Java adapter section in Securing Apps Guide keycloak
- #22871 Operator guide screen shot should show fast channel keycloak
- #23067 Add "LinkedIn (deprecated)" provider to the DEPRECATED profile keycloak identity-brokering
Bugs
- #10981 Keycloak "forgets" ui_locales parameter when using Reset Password functionality keycloak authentication
- #12137 IdP Mappers ignored when performing external -> internal token exchange keycloak token-exchange
- #19954 Admin UI hangs with many subgroups keycloak admin/ui
- #20005 JavaScript Authenticator Providers not updated automatically on build and SQL error when removing/adding in flow keycloak core
- #20045 Use an original domain name of Kerberos Principal in UserModel attribute instead of configured value of Kerberos realm in User federation keycloak authentication
- #20455 MigrationTest ยป IllegalArgument argument type mismatch [JDK Temurin 17] keycloak testsuite
- #20718 NullPointerException in GroupTreeResolver with LDAP keycloak ldap
- #20837 [Declarative User Profile] Attributes tab doesn't dipslay attributes, values get lost and multi values get stored as single ones keycloak admin/ui
- #20983 Flaky test: org.keycloak.testsuite.model.session.SessionTimeoutsTest#testOnlineUserClientMaxLifespanSmallerThanSessionOverrideInClient keycloak storage
- #21092 Keycloak fails to start due to infinispan state transfer exception keycloak infinispan
- #21173 User administration: It is not possible to assign a user to a subgroup of an assigned parent group in order to obtain more rights keycloak admin/ui
- #21256 State transfer never completes keycloak storage
- #21421 After switching the Admin UI theme to "Base," an error occurred when attempting to access the keycloak login keycloak admin/ui
- #21514 Can create a user without the registration flow finished properly (reopened #17644) keycloak storage
- #21528 Declarative User Profile validators are not saved keycloak admin/ui
- #21595 LGPL license header in files incompatible with Apache v2.0 keycloak core
- #21693 New Admin UI: Group Attribute UI does not refresh, shows stale values keycloak admin/ui
- #21719 New Admin UI: User attributes UI does not refresh, shows stale values keycloak admin/ui
- #21739 CRD incompatible with Flux reconcilation keycloak operator
- #21745 Re-instate authenticator alias in authentication flow GUI keycloak admin/ui
- #21751 v 22.0.0 rest-api, cleans user email when updating attributes (with user-profile enabled) keycloak user-profile
- #21778 Flaky test: org.keycloak.testsuite.script.DeployedScriptAuthenticatorTest#testScriptAuthenticatorNotAvailable keycloak authentication
- #21791 User unable to save user profile attributes keycloak user-profile
- #21801 Warnings about quarkus.http.ssl.certificate.file and quarkus.http.ssl.certificate.key-file on startup keycloak dist/quarkus
- #21814 Keycloak operator lacks RBAC for Pods keycloak operator
- #21851 v22.0.1 - Windows: kcadm.bat gives Java Exception keycloak admin/cli
- #21927 Client Session Max set never expires is not working anymore since 22.0.0 keycloak oidc
- #21960 Configuration of flow execution is wiped after using admin UI drag and drop keycloak admin/ui
- #22002 Admin UI v2 : client credentials tab is hidden with view-client fine grained permission keycloak admin/ui
- #22032 Example postgres deployment used in Operator test is sometimes hitting rate limits keycloak operator
- #22039 Link to freeipa broken in documentation keycloak docs
- #22079 In assign role dialog, the filter dropdown is missing when having only manage-user role keycloak admin/ui
- #22140 KeycloakIngressTest failing in OCP keycloak ci
- #22142 PodTemplateTest.testPodTemplateIncorrectNamespace error in OCP keycloak ci
- #22172 Keycloak SAML Adapter subsystem does not support Wildfly 29 keycloak adapter/jee-saml
- #22175 Missing ":providerId" param - Error when viewing users from federated provider with limited admin roles keycloak admin/ui
- #22186 ExternalLinksTest fails for https://nodejs.org (invalid redirect to /en/) keycloak docs
- #22198 User session expire task shouldn't run concurrently in a cluster keycloak storage
- #22243 Flaky test: org.keycloak.testsuite.oauth.OfflineTokenTest#offlineTokenBrowserFlowIdleTimeExpired keycloak storage
- #22352 Only first kerberos provider is checked keycloak authentication
- #22383 LinkedIn as Identity provider not working keycloak oidc
- #22570 Unable to remove user attributes keycloak admin/ui
- #22581 idp jwt userinfo broken keycloak identity-brokering
- #22593 Update the Keycloak SAML adapter subsystem to no longer use the AttributeDefinition#getAttributeMarshaller method keycloak adapter/jee-saml
- #22602 UserSyncTest does not clean LDAP properly keycloak testsuite
- #22707 `start-dev` by default starts with cache `local`, but docs state otherwise keycloak dist/quarkus
- #22709 Incorrect event types in the events overview (eventTypes.Refresh token error.name & eventTypes.User info refresh error.name) keycloak admin/ui
- #22760 Translations missing for theme select placeholder text keycloak translations
- #22823 Support EAP8 with SAML Adapter Galleon Feature Pack keycloak adapter/jee-saml
- #22888 Surefire reports not triggered when a test suite fails. keycloak ci
- #22900 User data is incorrectly erased in Keycloak Admin UI keycloak admin/ui
- #22924 Incorrect help Text for the field 'Temporary' while setting password for new user keycloak admin/ui
- #22947 Status check succeeds if "conditional" step fails keycloak ci
- #22961 Attributes without a value set are not rendered in the account console keycloak account/ui
- #23001 Conditional store tests do not run if tests are updated keycloak ci
- #23027 Broker user attribute mapper not obtaing user info claims when creating users through token exchange keycloak token-exchange
- #23058 Quarkus IT that use Oracle DB don't work with `-Dproduct` keycloak testsuite
- #23118 Failure in identity_providers_test.spec.ts keycloak testsuite