Red Hat
May 5, 2015
by Stian Thorgersen

We've just released Keycloak 1.2.0.CR1. As usual this feature brings some great new features. This time around there's also some fairly big changes.

Distribution changes

Keycloak is now available in 3 downloads. Standalone, overlay and demo bundle. The standalone download is aimed at production and non-JavaEE developers and provides a standalone Keycloak server. Overlay is mainly aimed at JavaEE developers that want to add Keycloak to an existing WildFly 8.2.0.Final (or EAP 6.4.0.GA) installation. Finally the demo bundle is aimed at early adapters and contains WildFly with Keycloak as well as all documentation and examples.

Theme changes

We've updated the look and feel of the admin console, login pages and account management to better match PatternFly. This provides a better integration between Keycloak and other JBoss projects.

Client changes

In previous versions Keycloak had applications and oauth clients. The main difference between the two was that oauth clients required consent from the user. These have been combined into a single client with an option to require consent or not.

New features

  • Token mapping - Through token mapping it's possible to pull in additional information from brokered identity providers
  • Store and retrieve external token - It's now possible to store the token retrieved from brokered identity providers. Clients can retrieve this if they need to invoke services secured by the external identity provider.
  • Persist and manage consents - When a user consents access to a client the consents are now saved. Users can also view and manage consents given to clients through the account management console.
  • Password Policies - Through password policies it's now possible to prevent re-use of previous passwords, require users to regularly update their password and also provide a regular expression for required password format.
  • HttpClient SPI - The introduction of a HttpClient SPI makes it possible to configure the HTTP connections initiated by Keycloak. For example to provide a trust store.
  • KeycloakContext - KeycloakContext is exposed through KeycloakSession and gives providers access to HTTP headers, cookies, query parameters, etc.
  • Logging Updates - The JBoss Logging event listener is now enabled by default for new realms. This makes it easier to view debug log information for login events.
  • Spring Security Adapter preview - We now have a Spring Security Adapter. There's is no documentation and we haven't tested it thoroughly so consider this a preview.
Original Post