[keycloak-user] Keycloak 3.2.0.CR2 released

Thomas Darimont thomas.darimont at googlemail.com
Fri Jun 30 08:20:13 EDT 2017


Hello guys,

congratulations to the team for this awesome release! :)

Cheers,
Thomas

2017-06-30 13:31 GMT+02:00 Stian Thorgersen <sthorger at redhat.com>:

> We've just released Keycloak 3.2.0.CR1.
>
> To download the release go to the Keycloak homepage
> <http://www.keycloak.org/downloads>.
> HighlightsFine grained admin permissions
>
> This is something that we've wanted to add for a long time! Through our
> authorization services it's now possible to finely tune permissions for
> admins. This makes it possible to limit what clients, users, roles, etc.
> admins have access to. Documentation is missing for this at the moment, but
> will be added in time for 3.2.0.Final.
> Docker Registry support
>
> It's not possible to secure a Docker Registry with a standard OAuth or
> OpenID Connect provider. For some strange reason they have only partially
> followed the specifications and the Docker Registry maintainers refuse to
> fix this! Fear not, thanks to cainj13 <https://github.com/cainj13> who
> contributed this we now have a special Docker Registry protocol that can be
> enabled in Keycloak.
> Authentication sessions and access tokens
>
> In the effort to provide support for running Keycloak in multiple data
> centers we've done a large amount of work around user sessions. We've
> introduced authentication sessions that are special sessions used primarily
> during the authentication flows. There are two main reasons for this.
> Authentication flows can fairly easily be fixed to a specific node within a
> specific data center and there is no need to replicate this to other data
> centers. They are also more write heavy than the user sessions. The
> introduction of access tokens makes it possible to detach actions (for
> example verify email) from a user session, which has a number of benefits.
> More will come in future 3.x releases and by the end of the year we aim to
> fully support replicating Keycloak cross multiple data centers.
> Authorization Service improvements
>
> There's been a lot of work done to the authorization services in this
> release. Way to many to list here so check out JIRA
> <https://issues.jboss.org/browse/KEYCLOAK-5072?jql=
> project%20%3D%20keycloak%20and%20fixVersion%20%3D%203.
> 2.0.CR1%20and%20component%20%3D%20Authorization>
> for
> details.
> QuickStarts
>
> We've introduced new QuickStarts with the aim to make it even simpler for
> you to get started securing your applications and services with Keycloak.
> The QuickStarts have proper tests as well, which can serve as a reference
> on how to tests your own applications and services secured with Keycloak.
> Check out the new QuickStarts in the keycloak-quickstarts GitHub repository
> <https://github.com/keycloak/keycloak-quickstarts>.
> Upgraded AngularJS and JQuery
>
> We've upgraded the versions we use of AngularJS and JQuery as there where a
> number of known vulnerabilities. We're fairly certain neither of the known
> vulnerabilities affect Keycloak, but to be on the safe side we decided to
> upgrade.
> Updated Password Hashing Algorithms
>
> We're still using PBKDF2, but we've added support for SHA256 and SHA512.
> PBKDF2 is SHA256 is now used by default.
> Spring Boot QuickStarter
>
> We've added a new Spring Boot QuickStarter that makes it super simple to
> get started securing your Spring Boot applications. For more details check
> out the blog post about it
> <http://blog.keycloak.org/2017/05/easily-secure-your-spring-boot.html>.
> Loads more..
>
>    - Partial export of realms in the admin console
>    - Redirect URI rewrite rules for adapters
>    - Test email settings in the admin console
>    - Initial access tokens now persisted to the db
>
> The full list of resolved issues is available in JIRA
> <https://issues.jboss.org/issues/?jql=project%20%3D%
> 20keycloak%20and%20fixVersion%20%3D%203.2.0.CR1>
> .
> Upgrading
>
> Before you upgrade remember to backup your database and check the migration
> guide
> <https://keycloak.gitbooks.io/documentation/server_admin/topics/
> MigrationFromOlderVersions.html>.
> Release candidates are not recommended in production and we do not support
> upgrading from release candidates.
> _______________________________________________
> keycloak-user mailing list
> keycloak-user at lists.jboss.org
> https://lists.jboss.org/mailman/listinfo/keycloak-user
>


More information about the keycloak-user mailing list