Red Hat
Nov 8, 2017
by Stian Thorgersen

We've just released Keycloak 3.4.0.CR1.

To download the release go to the Keycloak homepage.


Token exchange

The token exchange service allows clients to exchange tokens for different tokens. There's quite a few options available so check out the docs for more details.

Fine-grained permissions for admin endpoints

By leveraging our authorization services we've made it possible to control permissions in the admin endpoints almost exactly how you want. For more details check the docs.

Cross DC

A lot more work has gone into this release around cross DC support. Docs are still not ready and there's still some minor polish left. This will come soon.

Upgraded to WildFly 11 Final

We've upgraded the underlying container to WildFly 11 Final.

Support MySQL and PostgreSQL in main Keycloak Docker image

We used to have separate Docker images for MySQL and PostgreSQL, but now we have one that supports them all.


Our docs used to be built and hosted on GitBook. We've recently moved to using pure AsciiDoctor to build the docs. The main reason behind this move was to closer align with how we build documentation for the productized version of Keycloak (RH-SSO).

Loads more..

  • Script based protocol mapper for OIDC - thanks to thomasdarimont
  • Blacklisted password policy- thanks to thomasdarimont
  • Login with PayPal - thanks to petlys
  • Almost 200 - we almost resolved 200 issues for this one (197!)

The full list of resolved issues is available in JIRA.


Before you upgrade remember to backup your database and check the upgrade guide for anything that may have changed. Release candidates are not recommended in production and we do not support upgrading from release candidates.

Original Post