Another change which worth mention on ML is AdapterTokenStore introduced for https://issues.jboss.org/browse/KEYCLOAK-702 . * There is new option "token-store" in adapter-configuration with possible values "session" and "cookie" . * Default value is "session", which means that info about authenticated user are saved in Adapter in HttpSession (same behaviour like it was before) * Alternative "cookie" means that all token info is stored in cookie, which means that HttpSession is not created at all for particular application. It's alternative useful for stateless applications, which doesn't need HttpSession. I've added AdapterTokenStore as an abstraction to handle saving/loading/removing this account info. Everything is again backwards compatible (existing apps are still saving info in Http Session and are not affected at all, as default value is "session", which is used if nothing is specified in config) Marek