Authentication: Keycloak 19 introduces storage for zero downtime upgrades
With the update, the open source software for identity management introduces the preview of the new map store, which is intended to remedy the deficits in the previous store.
Red Hat continues a major refactoring of its open-source Identity and Access Management (IAM) software with single sign-on. The Keycloak 19.0.0 update that has now been released introduces, among other things, the preview of a completely new memory that is intended to remedy the deficits of the previous one. The new map-Store is designed for cloud-native deployment and is also designed to avoid downtime when upgrading from Keycloak. In addition, the new Admin Console is now activated by default – the previous console is considered obsolete (deprecated) and should be completely eliminated from Keycloak 21.
Cloud-native with more speed
In the Quarkus distribution, Red Hat delivers the OpenID Connect-certified Keycloak with the preview of a new memory implementation. the as map The store referred to is initially limited to a few basic functionalities in order to ensure smooth operation. Initially only PostgreSQL and CockroachDB as well as the Infinispan Datastore are available as databases. Of the map-Store is to replace the previous storage – now referred to as Legacy Store – in the medium term and finally adapt Keycloak to the requirements of cloud-native application environments. For example, starting the database and the IAM tool should be much faster in the future, even in smaller deployments. The Keycloak team wants through map also eliminate the downtimes that were previously unavoidable when upgrading the software.
As long as the new store is still in the preview phase and has not been released for productive use, the Legacy Store remains activated by default – making it the first choice for developers who want to work with databases such as MySQL, MariaDB, MS SQL Server and Oracle or have to. For the next releases of Keycloak, however, the team will provide additional features and performance optimizations map in prospect. The roadmap includes support for LDAP, file-based storage, a migration tool for data transfer from the legacy store map and the ability to combine different storage mechanisms, for example to mix static client logins with dynamic ones. If you want to try out the new memory configuration in Keycloak, see the blog post on map-Store instructions for a single node configuration using the in-memory store chm.
While in Keycloak 19 the old console is giving way to the new Admin Console, a number of OpenID Connect and SAML adapters are also being dropped, including JBoss AS 7 and EAP 6, Fuse 6 and 7, Spring Boot 1.x and Jetty 9.2 as well 9.3. Users of the Keycloak Quarkus distribution should also take into account that the previously automatically activated health endpoints /q/health, /q/health/live, /q/health/ready and /q/metrics will remain deactivated in the future. If you want to continue using the affected endpoints, you should update your systems to the valid path without /q.
Extensive refactoring continues
In the course of the ongoing refactoring of the Keycloak code, developers should be prepared for fundamental changes, such as the memory conversion initiated in the current release. The adjustments include numerous APIs and the module structure. Further details and an overview of all the new features of Keycloak 19.0.0 can be found in the blog post on the release.
