https://www.keycloak.org/rss.xml · source : Keycloak
Keycloak Blog
📈 5,7 articles / mois — soit ~1 article tous les 5,3 jours · dernier le 26/06/2026 00:00
100 articles datés · regroupés par mois.
✅ 5 bons points ❌ 1 à corriger sur 6 critères évalués.
🔒 Le détail du calcul (note par critère : intégrité technique, découvrabilité, conformité podcast ouvert…) est réservé aux abonnés — connectez-vous.
To download the release go to Keycloak downloads. Upgrading Before upgrading refer to the migration guide for a complete list of changes. All resolved issues Security fixes #50344 CVE-2026-9099 Keycloak: group-admin escalation to realm-admin #50345 CVE-2026-9083 Keycloak: keycloak: information discl…
Lire l'article →The Keycloak project is back at KubeCon Japan Yokohama with all highlights: Talks, our kiosk in the Project Table, and this time also with KeycloakCon, our very-own co-located event! If you are new to Keycloak, or already a user, join us for this exciting event to learn and connect. Half-day Keycloa…
Lire l'article →To download the release go to Keycloak downloads. Upgrading Before upgrading refer to the migration guide for a complete list of changes. All resolved issues Security fixes #47707 CVE-2026-4800 lodash vulnerable to Code Injection via `_.template` imports key names account/ui #47935 [CVE-2026-4874] S…
Lire l'article →This year’s KubeCon India is coming to Mumbai, and Keycloak will be part of this year’s edition on June 18-19! Register today to get tickets! A lot of people use Keycloak and develop extensions in for Keycloak in India, so we are thrilled to connect with the community. Talk at KubeCon The schedule o…
Lire l'article →We are excited to announce that from 26.7.0, Keycloak will include experimental support for the OpenID AuthZEN Authorization API 1.0 specification. This allows Keycloak to act as a Policy Decision Point (PDP), exposing its authorization capabilities through a standardized API that any Policy Enforce…
Lire l'article →To download the release go to Keycloak downloads. Upgrading Before upgrading refer to the migration guide for a complete list of changes. All resolved issues Security fixes #47485 CVE-2026-33871 HTTP/2 CONTINUATION Frame Flood Denial of Service #47486 CVE-2026-33870 RFC violation: HTTP Request Smugg…
Lire l'article →Ricardo joined the Keycloak IBM team at the beginning of 2023 and became one of the top Keycloak contributors since then. Ricardo has very deep knowledge in many core Keycloak areas. He is the most knowledgeable person from the whole team in areas like for example SAML, Passkeys or FIPS. His experti…
Lire l'article →In Keycloak 26.7.0, Fine-Grained Admin Permissions (FGAP) will support Organizations as a resource type. This means you can grant an administrator permission to manage Org A while only allowing them to view Org B — or restrict their access to a single organization entirely. No more realm-wide all-or…
Lire l'article →Our annual conference dedicated to the Keycloak user community returns, with even more content and networking opportunities than last year. It’s the perfect place to interact, learn, share, and exchange insights and real-world use cases, network with fellow experts, users, and contributors. 📍 Introd…
Lire l'article →Introduced in Keycloak 26.6.0, Organization Groups bring hierarchical group management to the Organizations feature. While Organizations already let you model Business-to-Business (B2B) relationships where external companies, partners, or departments each manage their own users, Organization Groups …
Lire l'article →Highlights This release of Keycloak JS addresses two regressions in the Cordova adapter that were introduced in version 26.2.1. Bug Fixes Cordova adapter no longer triggers duplicate authentication requests A regression introduced in version 26.2.1 caused the Cordova in-app browser to fire multiple …
Lire l'article →Upgrading Before upgrading refer to the migration guide for a complete list of changes. All resolved issues Enhancements #203 Sync after Keycloak server 26.6.0 release client #205 Update dependencies client
Lire l'article →To download the release go to Keycloak downloads. Upgrading Before upgrading refer to the migration guide for a complete list of changes. All resolved issues Security fixes #47276 CVE-2026-4366 Blind Server-Side Request Forgery (SSRF) via HTTP Redirect Handling core #47619 CVE-2026-4633 Keycloak use…
Lire l'article →If you have been following the latest blog posts, you may have noticed that we have been working on implementing the System for Cross-domain Identity Management (SCIM) protocol in Keycloak. We are excited to announce that the SCIM Realm API is now available as an experimental feature in Keycloak 26.…
Lire l'article →To download the release go to Keycloak downloads. Highlights This release features new capabilities for users and administrators of Keycloak. The highlights of this release are: JWT Authorization Grant, enabling external-to-internal token exchange using externally signed JWT assertions. Federated cl…
Lire l'article →To download the release go to Keycloak downloads. Upgrading Before upgrading refer to the migration guide for a complete list of changes. All resolved issues Security fixes #45493 CVE-2025-14083 keycloak-server: Keycloak: Improper Access Control in Admin REST API leads to information disclosure admi…
Lire l'article →To download the release go to Keycloak downloads. Upgrading Before upgrading refer to the migration guide for a complete list of changes. All resolved issues Security fixes #45645 CVE-2026-1180 - Blind Server-Side Request Forgery (SSRF) in Keycloak OIDC Dynamic Client Registration via jwks_uri oidc …
Lire l'article →Earlier this year, we conducted a survey to better understand how the community deploys and manages Keycloak in the real world. With over 360 respondents (!!), the results provide a better understanding of the community’s needs and wishes. What we learned The survey results highlight a community tha…
Lire l'article →The call for papers and the registration for KeycloakCon Japan 2026 is now open! Submit your talks to KeycloakCon in Japan. KeycloakCon Japan 2026 is a half-day single-track conference in Yokohama, Japan on July 28 where the community of Keycloak gathers. It provides opportunities for technical pres…
Lire l'article →The call for papers and the registration for KeycloakCon Japan 2026 is now open! Submit your talks to KeycloakCon in Japan. KeycloakCon Japan 2026 is a half-day single-track conference in Yokohama, Japan on July 28 where the community of Keycloak gathers. It provides opportunities for technical pres…
Lire l'article →To download the release go to Keycloak downloads. Upgrading Before upgrading refer to the migration guide for a complete list of changes. All resolved issues Security fixes #46909 CVE-2026-3047 SAML broker: Authentication bypass due to disabled SAML client completing IdP-initiated login #46910 CVE-2…
Lire l'article →First of all, we want to thank everyone who took the time to fill out our survey on SCIM support in Keycloak. Your feedback is invaluable to us as we work on implementing this feature. We are currently in the early stages of development, and we are using your feedback to guide our efforts. The surve…
Lire l'article →What’s changing? The testsuite module, with all related dependents, like Arquillian testsuite, is now officially deprecated. At the same time Test Framework full support is starting from the upcoming Keycloak 26.6.0 release. The New Test Framework Based on JUnit 6, the Keycloak Test Framework makes …
Lire l'article →To download the release go to Keycloak downloads. Upgrading Before upgrading refer to the migration guide for a complete list of changes. All resolved issues Security fixes #45646 CVE-2026-1190 - Keycloak SAML brokering: Response delay due to unchecked NotOnOrAfter in SubjectConfirmationData saml #4…
Lire l'article →Keycloak is the open-source IAM backbone for countless applications, and provides single sign-on, strong authentication and user federation across organizations. We were part of the GitHub Secure Open Source Fund Session 3, participated in the three-week training and gained insights into how other p…
Lire l'article →To download the release go to Keycloak downloads. Upgrading Before upgrading refer to the migration guide for a complete list of changes. All resolved issues Security fixes #46144 CVE-2026-1609 Disabled users can still obtain tokens via JWT Authorization Grant #46145 CVE-2026-1529 Forged invitation …
Lire l'article →The Keycloak project is back at KubeCon EU Amsterdam with all highlights: Talks, our kiosk in the Project Pavilion, and this time also with KeycloakCon, our very-own co-located event! If you are new to Keycloak, or already a user, join us for this exciting event to learn and connect. Half-day Keyclo…
Lire l'article →Highlights This release of Keycloak JS addresses a regression that was introduced in version 26.2.2 affecting applications that use hash-based routing in combination with the fragment response mode. Bug Fixes URL hash fragments are now preserved correctly with 'fragment' response mode A regression w…
Lire l'article →FOSDEM is a free event for software developers to meet, share ideas and collaborate. Every year, thousands of developers of free and open source software from all over the world gather at the event. Several Keycloak related talks happen at FOSDEM in Brussels on January 31st and February 1st, and mee…
Lire l'article →Keycloak has from day one supported identity brokering, allowing users to authenticate via an external OpenID Connect or SAML 2.0 identity provider. With federated client authentication it is now possible to authenticate OpenID Connect clients through external identity providers as well. Depending o…
Lire l'article →Modern applications and AI agents increasingly operate across distributed trust domains, where each domain is protected by its own OAuth 2.0 Authorization Server. A single request may also traverse multiple resource servers to complete a task. This raises an important challenge: every protected reso…
Lire l'article →To download the release go to Keycloak downloads. Upgrading Before upgrading refer to the migration guide for a complete list of changes. All resolved issues Security fixes #44994 CVE-2025-67735 - netty-codec-http: Request Smuggling via CRLF Injection dependencies Enhancements #43443 Keycloak should…
Lire l'article →We are targeting Keycloak 26.6 to start supporting System for Cross-domain Identity Management (SCIM). The initial scope have been defined in this issue, but we want to ensure that we are addressing the most important use cases for our community. In order to better understand your needs and use case…
Lire l'article →Before configuring Keycloak, it is helpful to understand its role in decentralized identity ecosystems. As a verifiable credential issuer, Keycloak can issue digitally signed credentials using the OpenID for Verifiable Credential Issuance (OpenID4VCI) protocol, allowing relying parties (also known a…
Lire l'article →As a Cloud Native Computing Foundation (CNCF) project, Keycloak is the open-source IAM backbone for countless applications. This is your chance to secure a core piece of the cloud-native ecosystem in this public bug bounty program!. We are proud to be part of this EU sponsored initiative. Projects l…
Lire l'article →To download the release go to Keycloak downloads. Upgrading Before upgrading refer to the migration guide for a complete list of changes. All resolved issues Enhancements #44863 x-robots HTTP header missing for static Keycloak resources, and REST endpoint responses #45009 Performance improvement: Mi…
Lire l'article →Upgrading Before upgrading refer to the migration guide for a complete list of changes. All resolved issues Enhancements #193 Sync keycloak-client after Keycloak server 26.5.0 release client Bugs #190 The policy enforcer rejects the request the first time, but after the cache invalidation interval, …
Lire l'article →Although Steven has only been on the Keycloak team for a relatively short period of time he’s managed to get the #15 place as the top contributor overall. Now, if you narrow that to the last two years he’s in #3rd place. Steven is the go-to guy when it comes to the Operator where his knowledge is ab…
Lire l'article →To download the release go to Keycloak downloads. Highlights This release features new capabilities for users and administrators of Keycloak. The highlights of this release are: Workflows to automate administrative tasks and process within a realm. JWT Authorization Grants, our recommended alternati…
Lire l'article →The different ways of distribution – be it the Operator, container images, or plain ZIP file – play a pivotal role in all Keycloak deployments. It is often the first touchpoint for users and sets the tone for their overall experience. The selected distribution method then affects the whole lifecycle…
Lire l'article →