Keycloak already supports OpenID Connect, but with this release we're also introducing
support for SAML 2.0.
We've also significantly improved our clustering support, for the server and
application adapters. The server can now be configured to use an invalidation cache for
realm meta-data and user profiles, while user-sessions can be stored in a distributed
cache allowing for both increased scalability and availability. Application adapters can
be configured for either sticky-session or stateless if sticky-sessions are not available.
We've also added support for nodes to dynamically register with Keycloak to receive
for example logout notifications.
Thanks to Juraci Paixão Kröhling we now have multi-tenancy support in application
adapters. His contribution makes it easy to use more than one realm for a single
application. It's up to you to decide which realm is used for a request, but this
could for example be depending on domain name or context-path. For anyone interested in
this feature there's a simple example that shows how to get started.
A while back Davide Ungari contributed a Tomcat 7 application adapter for Keycloak, but we
haven't had time to document, test and make it a supported adapter until now.
The next release of Keycloak should see the introduction of more application adapters,
with support for JBoss BRMS, JBoss Fuse, UberFire, Hawt.io and Jetty.
For a complete list of all features and fixes for this release check out JIRA
I'd like to especially thank all external contributors, please keep contributing! For
everyone wanting to contribute Keycloak don't hesitate, it's easy to get started
and we're here to help if you need any pointers.